From e91953b5f89723e9228837457b1bd56e6131f450 Mon Sep 17 00:00:00 2001
From: =?utf8?q?=C5=A0t=C4=9Bp=C3=A1n=20Bal=C3=A1=C5=BEik?=
 <stepan.balazik@nic.cz>
Date: Wed, 20 Jan 2021 12:25:38 +0100
Subject: [PATCH] iterate.c: fail on execissive data in a packet

---
 lib/layer/iterate.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/lib/layer/iterate.c b/lib/layer/iterate.c
index 94342cfb5..09944d027 100644
--- a/lib/layer/iterate.c
+++ b/lib/layer/iterate.c
@@ -1013,13 +1013,10 @@ static int resolve(kr_layer_t *ctx, knot_pkt_t *pkt)
 	/* Check for packet processing errors first.
 	 * Note - we *MUST* check if it has at least a QUESTION,
 	 * otherwise it would crash on accessing QNAME. */
-#ifdef STRICT_MODE
 	if (pkt->parsed < pkt->size) {
 		VERBOSE_MSG("<= pkt contains excessive data\n");
 		return KR_STATE_FAIL;
-	} else
-#endif
-	if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) {
+	} else if (pkt->parsed <= KNOT_WIRE_HEADER_SIZE) {
 		if (pkt->parsed == KNOT_WIRE_HEADER_SIZE && knot_wire_get_rcode(pkt->wire) == KNOT_RCODE_FORMERR) {
 			/* This is a special case where we get valid header with FORMERR and nothing else.
 			 * This happens on some authoritatives which don't support EDNS and don't
-- 
2.47.2