]> git.ipfire.org Git - thirdparty/bind9.git/commitdiff
projects / thirdparty / bind9.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | combined (merge: 4e0b62b 887502e)
chg: usr: Drop malformed notify messages early instead of decompressing them
authorAlessio Podda <alessio@isc.org>
Tue, 25 Feb 2025 10:29:00 +0000 (10:29 +0000)
committerAlessio Podda <alessio@isc.org>
Tue, 25 Feb 2025 10:29:00 +0000 (10:29 +0000)
The DNS header shows if a message has multiple questions or invalid
NOTIFY sections. We can drop these messages early, right after parsing
the question. This matches RFC 9619 for multi-question messages and
Unbound's handling of NOTIFY. We still parse the question to include it in
our FORMERR response.

Add drop_msg_early() function to check for these conditions:
- Messages with more than one question, as required by RFC 9619
- NOTIFY query messages containing answer sections (like Unbound)
- NOTIFY messages containing authority sections (like Unbound)

Closes #5158, #3656

Merge branch '5158-early-formerr-on-bad-notify-or-bad-qdcount' into 'main'

See merge request isc-projects/bind9!10056


Trivial merge
Mirror of https://gitlab.isc.org/isc-projects/bind9.git