From: Wouter Wijngaards <wouter@nlnetlabs.nl>
Date: Tue, 27 Sep 2016 12:22:56 +0000 (+0000)
Subject: - Fix #836: unbound could echo back EDNS options in an error response.
X-Git-Tag: release-1.6.0rc1~87
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a19ff3baf0d65ba53ec0c793508a8f5b4463363;p=thirdparty%2Funbound.git

- Fix #836: unbound could echo back EDNS options in an error response.


git-svn-id: file:///svn/unbound/trunk@3870 be551aaa-1e26-0410-a405-d3ace91eadb9
---

diff --git a/doc/Changelog b/doc/Changelog
index e97fb5104..678fa96be 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -3,6 +3,7 @@
 	- trunk contains 1.5.11 in development.
 	- Fix dnstap relaying "random" messages instead of resolver/forwarder
 	  responses, from Nikolay Edigaryev.
+	- Fix #836: unbound could echo back EDNS options in an error response.
 
 20 September 2016: Wouter
 	- iana portlist update.
diff --git a/services/mesh.c b/services/mesh.c
index b0434b3ff..04912383c 100644
--- a/services/mesh.c
+++ b/services/mesh.c
@@ -878,6 +878,8 @@ mesh_send_reply(struct mesh_state* m, int rcode, struct reply_info* rep,
 		comm_point_send_reply(&r->query_reply);
 	} else if(rcode) {
 		m->s.qinfo.qname = r->qname;
+		if(!edns_opt_inplace_reply(&r->edns, m->s.region))
+			r->edns.opt_list = NULL;
 		error_encode(r->query_reply.c->buffer, rcode, &m->s.qinfo,
 			r->qid, r->qflags, &r->edns);
 		comm_point_send_reply(&r->query_reply);