From: Wouter Wijngaards Date: Thu, 30 Jun 2011 09:42:20 +0000 (+0000) Subject: fix bug#395: id bits of other query may leak out under conditions X-Git-Tag: release-1.4.12rc1~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bc06ab0377351981c188b4ad1f8fb40706ec2941;p=thirdparty%2Funbound.git fix bug#395: id bits of other query may leak out under conditions git-svn-id: file:///svn/unbound/trunk@2444 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/daemon/worker.c b/daemon/worker.c index a9de14725..616d045eb 100644 --- a/daemon/worker.c +++ b/daemon/worker.c @@ -739,17 +739,21 @@ worker_handle_request(struct comm_point* c, void* arg, int error, worker->stats.unwanted_queries++; return 0; } else if(acl == acl_refuse) { + log_addr(VERB_ALGO, "refused query from", + &repinfo->addr, repinfo->addrlen); + log_buf(VERB_ALGO, "refuse", c->buffer); + if(worker->stats.extended) + worker->stats.unwanted_queries++; + if(worker_check_request(c->buffer, worker) == -1) { + comm_point_drop_reply(repinfo); + return 0; /* discard this */ + } ldns_buffer_set_limit(c->buffer, LDNS_HEADER_SIZE); ldns_buffer_write_at(c->buffer, 4, (uint8_t*)"\0\0\0\0\0\0\0\0", 8); LDNS_QR_SET(ldns_buffer_begin(c->buffer)); LDNS_RCODE_SET(ldns_buffer_begin(c->buffer), LDNS_RCODE_REFUSED); - log_addr(VERB_ALGO, "refused query from", - &repinfo->addr, repinfo->addrlen); - log_buf(VERB_ALGO, "refuse", c->buffer); - if(worker->stats.extended) - worker->stats.unwanted_queries++; return 1; } if((ret=worker_check_request(c->buffer, worker)) != 0) { diff --git a/doc/Changelog b/doc/Changelog index ef194ac67..ab1823ef2 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,7 @@ 30 June 2011: Wouter - tag relase 1.4.11, trunk is 1.4.12 development. - iana portlist updated. + - fix bug#395: id bits of other query may leak out under conditions 23 June 2011: Wouter - Changed -flto check to support clang compiler.