From: Štěpán Balážik <stepan.balazik@nic.cz>
Date: Wed, 20 Jan 2021 11:25:38 +0000 (+0100)
Subject: fail on execissive data in a packet
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fheads%2Ffail-on-execissive-data;p=thirdparty%2Fknot-resolver.git

fail on execissive data in a packet
---

diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index 89589b041..9a4679b00 100644
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -1014,14 +1014,11 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt)
 	/* Check for packet processing errors first.
 	 * Note - we *MUST* check if it has at least a QUESTION,
 	 * otherwise it would crash on accessing QNAME. */
-#ifdef STRICT_MODE
 	if (pkt->parsed < pkt->size) {
 		VERBOSE_MSG("<= pkt contains excessive data\n");
 		return KR_STATE_FAIL;
-	} else
-#endif
-	if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) {
-		if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_FORMERR) {
+	} else if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) {
+		if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_REFUSED) {
 			/* This is a special case where we get valid header with FORMERROR and nothing else.
 			 * This happens on some authoritatives which don't support EDNS and don't
 			 * bother copying the SECTION QUESTION. */