From: Wouter Wijngaards Date: Thu, 15 Jun 2017 15:00:07 +0000 (+0000) Subject: - Fix query for refetch_glue of stub leaking to internet. X-Git-Tag: release-1.6.4rc1~10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7bb1d8a8d1f8b7671df85a23859729772086cdd6;p=thirdparty%2Funbound.git - Fix query for refetch_glue of stub leaking to internet. git-svn-id: file:///svn/unbound/trunk@4227 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index e78cf6e9b..f99a0481f 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 15 June 2017: Wouter - Fix stub zone queries leaking to the internet for harden-referral-path ns checks. + - Fix query for refetch_glue of stub leaking to internet. 13 June 2017: Wouter - Fix #1279: Memory leak on reload when python module is enabled. diff --git a/iterator/iterator.c b/iterator/iterator.c index 2c981628b..205ab0d15 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -1071,6 +1071,20 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, return next_state(iq, COLLECT_CLASS_STATE); } + /* + * If we are restricted by a forward-zone or a stub-zone, we + * can't re-fetch glue for this delegation point. + * we won’t try to re-fetch glue if the iq->dp is null. + */ + if (iq->refetch_glue && + iq->dp && + !can_have_last_resort(qstate->env, + iq->dp->name, + iq->dp->namelen, + iq->qchase.qclass)) { + iq->refetch_glue = 0; + } + /* Resolver Algorithm Step 1 -- Look for the answer in local data. */ /* This either results in a query restart (CNAME cache response), a