- Fix #1190: Do not echo back EDNS options in local-zone error response.

- iana portlist update

git-svn-id: file:///svn/unbound/trunk@3972 be551aaa-1e26-0410-a405-d3ace91eadb9

diff --git a/doc/Changelog b/doc/Changelog
index 55740721c32fb937ba1a4414cd8c7a0dcfe0e2b5..620590eca58088b5e0d5ee0a703f09e7e2b6cac9 100644 (file)
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+23 December 2016: Ralph
+       - Fix #1190: Do not echo back EDNS options in local-zone error response.
+       - iana portlist update
+
 21 December 2016: Ralph
        - Fix #1188: Unresolved symbol 'fake_dsa' in libunbound.so when built
          with Nettle

diff --git a/services/localzone.c b/services/localzone.c
index 0ea74d8568739a3eeabf713af1b25c031a2e78d9..749dfc9f8942484902d2524bcfc735630e93f3ba 100644 (file)
--- a/services/localzone.c
+++ b/services/localzone.c
@@ -1214,6 +1214,24 @@ local_encode(struct query_info* qinfo, struct module_env* env,
        return 1;
 }
 
+/** encode local error answer */
+static void
+local_error_encode(struct query_info* qinfo, struct module_env* env,
+       struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
+       int rcode, uint16_t flags)
+{
+       edns->edns_version = EDNS_ADVERTISED_VERSION;
+       edns->udp_size = EDNS_ADVERTISED_SIZE;
+       edns->ext_rcode = 0;
+       edns->bits &= EDNS_DO;
+
+       if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
+               rcode, edns, temp))
+               edns->opt_list = NULL;
+       error_encode(buf, flags, qinfo, *(uint16_t*)sldns_buffer_begin(buf),
+               sldns_buffer_read_u16_at(buf, 2), edns);
+}
+
 /** find local data tag string match for the given type in the list */
 static int
 find_tag_datas(struct query_info* qinfo, struct config_strlist* list,
@@ -1414,9 +1432,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
                return 1;
        } else if(lz_type == local_zone_refuse
                || lz_type == local_zone_always_refuse) {
-               error_encode(buf, (LDNS_RCODE_REFUSED|BIT_AA), qinfo,
-                       *(uint16_t*)sldns_buffer_begin(buf),
-                      sldns_buffer_read_u16_at(buf, 2), edns);
+               local_error_encode(qinfo, env, edns, buf, temp,
+                       LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA));
                return 1;
        } else if(lz_type == local_zone_static ||
                lz_type == local_zone_redirect ||
@@ -1433,9 +1450,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
                if(z->soa)
                        return local_encode(qinfo, env, edns, buf, temp, 
                                z->soa, 0, rcode);
-               error_encode(buf, (rcode|BIT_AA), qinfo, 
-                       *(uint16_t*)sldns_buffer_begin(buf), 
-                       sldns_buffer_read_u16_at(buf, 2), edns);
+               local_error_encode(qinfo, env, edns, buf, temp, rcode,
+                       (rcode|BIT_AA));
                return 1;
        } else if(lz_type == local_zone_typetransparent
                || lz_type == local_zone_always_transparent) {
@@ -1451,9 +1467,8 @@ lz_zone_answer(struct local_zone* z, struct module_env* env,
                if(z->soa)
                        return local_encode(qinfo, env, edns, buf, temp, 
                                z->soa, 0, rcode);
-               error_encode(buf, (rcode|BIT_AA), qinfo, 
-                       *(uint16_t*)sldns_buffer_begin(buf), 
-                       sldns_buffer_read_u16_at(buf, 2), edns);
+               local_error_encode(qinfo, env, edns, buf, temp, rcode,
+                       (rcode|BIT_AA));
                return 1;
        }
 

diff --git a/util/iana_ports.inc b/util/iana_ports.inc
index 9c85079673aa5aa62692eb5e2e312152b7cb429b..507c3c7de61baa944b1136bb14445887a730783a 100644 (file)
--- a/util/iana_ports.inc
+++ b/util/iana_ports.inc
@@ -4849,6 +4849,7 @@
 8793,
 8800,
 8804,
+8808,
 8873,
 8880,
 8883,