Fixup.

git-svn-id: file:///svn/unbound/trunk@537 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 7a23907b685d32f27f33d9ed6887c2ef9c801ef8..b4fcfd5351d70ecff31b8a55257ce36c77e06246 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -4,6 +4,7 @@
        - check cache security status and either send the query to be
          validated, return the query to client, or send servfail to client.
          Sets AD bit on validated replies.
+       - do not examine security status on an error reply in mesh_done.
 
 20 August 2007: Wouter
        - validate and positive validation, positive wildcard NSEC validation.

diff --git a/services/mesh.c b/services/mesh.c
index 2adc732c1350c83c4d141614a30c5fd2ecd738a0..e1f800b2c4066c688fff88a99fbdaec690dbb4d1 100644 (file)
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -427,11 +427,11 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
        struct timeval end_time;
        int secure;
        /* examine security status */
-       if(m->s.env->need_to_validate && !(r->qflags&BIT_CD) &&
+       if(m->s.env->need_to_validate && !(r->qflags&BIT_CD) && rep && 
                rep->security <= sec_status_bogus) {
                rcode = LDNS_RCODE_SERVFAIL;
        }
-       if(rep->security == sec_status_secure)
+       if(rep && rep->security == sec_status_secure)
                secure = 1;
        else    secure = 0;
        /* send the reply */