From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Fri, 5 Jul 2019 14:52:03 +0000 (+0200)
Subject: - Fix for possible assertion failure when answering respip CNAME from cache.
X-Git-Tag: release-1.9.3rc1~23
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d323e1bda8a9ee37b958a2247ed9003a995b2764;p=thirdparty%2Funbound.git

- Fix for possible assertion failure when answering respip CNAME from cache.
---

diff --git a/daemon/worker.c b/daemon/worker.c
index 661f6967d..bc2ca5aa0 100644
--- a/daemon/worker.c
+++ b/daemon/worker.c
@@ -721,8 +721,6 @@ answer_from_cache(struct worker* worker, struct query_info* qinfo,
 	if(encode_rep != rep)
 		secure = 0; /* if rewritten, it can't be considered "secure" */
 	if(!encode_rep || *alias_rrset) {
-		sldns_buffer_clear(repinfo->c->buffer);
-		sldns_buffer_flip(repinfo->c->buffer);
 		if(!encode_rep)
 			*need_drop = 1;
 		else {
@@ -762,17 +760,14 @@ bail_out:
 	return 0;
 }
 
-/** Reply to client and perform prefetch to keep cache up to date.
- * If the buffer for the reply is empty, it indicates that only prefetch is
- * necessary and the reply should be suppressed (because it's dropped or
- * being deferred). */
+/** Reply to client and perform prefetch to keep cache up to date. */
 static void
 reply_and_prefetch(struct worker* worker, struct query_info* qinfo, 
-	uint16_t flags, struct comm_reply* repinfo, time_t leeway)
+	uint16_t flags, struct comm_reply* repinfo, time_t leeway, int noreply)
 {
 	/* first send answer to client to keep its latency 
 	 * as small as a cachereply */
-	if(sldns_buffer_limit(repinfo->c->buffer) != 0) {
+	if(!noreply) {
 		if(repinfo->c->tcp_req_info) {
 			sldns_buffer_copy(
 				repinfo->c->tcp_req_info->spool_buffer,
@@ -1484,7 +1479,8 @@ lookup_cache:
 					lock_rw_unlock(&e->lock);
 					reply_and_prefetch(worker, lookup_qinfo,
 						sldns_buffer_read_u16_at(c->buffer, 2),
-						repinfo, leeway);
+						repinfo, leeway,
+						(partial_rep || need_drop));
 					if(!partial_rep) {
 						rc = 0;
 						regional_free_all(worker->scratchpad);
diff --git a/doc/Changelog b/doc/Changelog
index c3fceb6ba..6343ab565 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,7 @@
+5 July 2019: Ralph
+	- Fix for possible assertion failure when answering respip CNAME from
+	  cache.
+
 25 June 2019: Wouter
 	- For #45, check that 127.0.0.1 and ::1 are not used in unbound.conf
 	  when do-not-query-localhost is turned on, or at default on,