- Fix #1125: unbound could reuse an answer packet incorrectly for

  clients with different EDNS parameters, from Jinmei Tatuya.

git-svn-id: file:///svn/unbound/trunk@3888 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 44c50752232b6847c954882b721e428642c206e5..da98aeab65509cc5a13832584e861193b695da94 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,8 @@
        - Removed patch comments from acllist.c and msgencode.c
        - Added documentation doc/CNAME-basedRedirectionDesignNotes.pdf,
          from Jinmei Tatuya (Infoblox).
+       - Fix #1125: unbound could reuse an answer packet incorrectly for
+         clients with different EDNS parameters, from Jinmei Tatuya.
 
 17 October 2016: Wouter
        - Re-fix #839 from view commit overwrite.

diff --git a/services/mesh.c b/services/mesh.c
index 24d16ae92239617957c62b00bfd4dfc50d7152f0..60f828d9f7e36559f92b32c097a0b7874cceb664 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -849,9 +849,8 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
        struct timeval end_time;
        struct timeval duration;
        int secure;
-       /* Copy the client's EDNS for later restore to fix a bug of the
-        * original code.  See unbound bug #1125.  Once NLNet Labs fixes it
-        * we should replace this local fix with the upstream one. */
+       /* Copy the client's EDNS for later restore, to make sure the edns
+        * compare is with the correct edns options. */
        struct edns_data edns_bak = r->edns;
        /* examine security status */
        if(m->s.env->need_to_validate && (!(r->qflags&BIT_CD) ||