fail on execissive data in a packet

diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index 89589b041ff1aa42a6dba6c7d8b0f3b9ebbcc0b7..9a4679b008c544ab02c006b84ce2e842a0f7419a 100644 (file)
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -1014,14 +1014,11 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt)
        /* Check for packet processing errors first.
         * Note - we *MUST* check if it has at least a QUESTION,
         * otherwise it would crash on accessing QNAME. */
-#ifdef STRICT_MODE
        if (pkt->parsed < pkt->size) {
                VERBOSE_MSG("<= pkt contains excessive data\n");
                return KR_STATE_FAIL;
-       } else
-#endif
-       if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) {
-               if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_FORMERR) {
+       } else if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) {
+               if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_REFUSED) {
                        /* This is a special case where we get valid header with FORMERROR and nothing else.
                         * This happens on some authoritatives which don't support EDNS and don't
                         * bother copying the SECTION QUESTION. */