From: Grigorii Demidov <grigorii.demidov@nic.cz>
Date: Wed, 30 Dec 2015 10:44:48 +0000 (+0100)
Subject: daemon: proper initialization of requests's source address
X-Git-Tag: v1.0.0-beta3~22^2~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d2da26ad2cd7fed15419d5cee507eaecdaeec47;p=thirdparty%2Fknot-resolver.git

daemon: proper initialization of requests's source address

lib: answer finalization was changed
---

diff --git a/daemon/worker.c b/daemon/worker.c
index 34d1f003c..b541b1eee 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -265,6 +265,8 @@ static struct qr_task *qr_task_create(struct worker_ctx *worker, uv_handle_t *ha
 	task->retry.data = task;
 	task->timeout.data = task;
 	task->on_complete = NULL;
+	task->req.qsource.key = NULL;
+	task->req.qsource.addr = NULL;
 	/* Remember query source addr */
 	if (addr) {
 		size_t addr_len = sizeof(struct sockaddr_in);
diff --git a/lib/resolve.c b/lib/resolve.c
index 3999a14bf..e104faf95 100644
--- a/lib/resolve.c
+++ b/lib/resolve.c
@@ -313,8 +313,15 @@ static int answer_finalize(struct kr_request *request, int state)
 			return ret;
 		}
 	}
-	/* Set AD=1 if succeeded and requested secured answer. */
 	struct kr_rplan *rplan = &request->rplan;
+	/* Always set SERVFAIL for bogus answers. */
+	if (state == KNOT_STATE_FAIL && rplan->pending.len > 0) {
+		struct kr_query *last = array_tail(rplan->pending);
+		if ((last->flags & QUERY_DNSSEC_WANT) && (last->flags & QUERY_DNSSEC_BOGUS)) {
+			knot_wire_set_rcode(answer->wire,KNOT_RCODE_SERVFAIL);
+		}
+	}
+	/* Set AD=1 if succeeded and requested secured answer. */
 	if (state == KNOT_STATE_DONE && rplan->resolved.len > 0) {
 		struct kr_query *last = array_tail(rplan->resolved);
 		/* Do not set AD for RRSIG query, as we can't validate it. */
@@ -362,8 +369,6 @@ int kr_resolve_begin(struct kr_request *request, struct kr_context *ctx, knot_pk
 	request->options = ctx->options;
 	request->state = KNOT_STATE_CONSUME;
 	request->current_query = NULL;
-	request->qsource.key = NULL;
-	request->qsource.addr = NULL;
 	array_init(request->authority);
 	array_init(request->additional);