- net.listen(): allow binding to non-local address with freebind option (!898)
- cache: pre-allocate the file to avoid SIGBUS later (not macOS; !917, #525)
+Bugfixes
+--------
+- correctly use EDNS(0) padding in failed answers (!921)
+
Knot Resolver 4.3.0 (2019-12-04)
================================
assert(false);
return kr_error(EINVAL);
}
+ if (!request->qsource.flags.tls) {
+ /* Not meaningful to pad without encryption. */
+ return kr_ok();
+ }
int32_t padding = request->ctx->tls_padding;
knot_pkt_t *answer = request->answer;
knot_rrset_t *opt_rr = answer->opt_rr;
knot_wire_set_rcode(answer->wire, KNOT_RCODE_SERVFAIL);
if (ret == 0 && opt_rr) {
knot_pkt_begin(answer, KNOT_ADDITIONAL);
- answer_padding(request); /* Ignore failed padding in SERVFAIL answer. */
answer->opt_rr = opt_rr;
+ answer_padding(request); /* Ignore failed padding in SERVFAIL answer. */
edns_put(answer, false);
}
}
knot_pkt_t *answer = request->answer;
if (!answer->opt_rr)
return kr_ok();
- int ret = 0;
- if (request->qsource.flags.tls) {
- ret = answer_padding(request);
- }
+ int ret = answer_padding(request);
if (!ret) ret = knot_pkt_begin(answer, KNOT_ADDITIONAL);
if (!ret) ret = knot_pkt_put(answer, KNOT_COMPR_HINT_NONE,
answer->opt_rr, KNOT_PF_FREE);
* (and lines here were too long anyway). */
struct kr_request_qsource_flags {
bool tcp:1; /**< true if the request is on TCP (or TLS); only meaningful if (dst_addr). */
- bool tls:1; /**< true if the request is on TLS; only meaningful if (dst_addr). */
+ bool tls:1; /**< true if the request is on TLS (or HTTPS); only meaningful if (dst_addr). */
bool http:1; /**< true if the request is on HTTP; only meaningful if (dst_addr). */
};
projects / thirdparty / knot-resolver.git / commitdiff
