From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 21 Dec 2015 18:56:05 +0000 (+0100)
Subject: resolved: never use data from failed transactions
X-Git-Tag: v229~189^2~30
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d38d5ca65b3f8fd19348a7919cf1f1f07c955393;p=thirdparty%2Fsystemd.git

resolved: never use data from failed transactions

Otherwise if we have an A lookup that failed DNSSEC validation, but an
AAAA lookup that succeeded, we might end up using the A data, but we
really should not.
---

diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c
index 18d2d01bf28..610b914e74a 100644
--- a/src/resolve/resolved-dns-query.c
+++ b/src/resolve/resolved-dns-query.c
@@ -1039,8 +1039,7 @@ static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {
                         if (state == DNS_TRANSACTION_SUCCESS)
                                 continue;
 
-                        dns_answer_unref(q->answer);
-                        q->answer = dns_answer_ref(t->answer);
+                        q->answer = dns_answer_unref(q->answer);
                         q->answer_rcode = t->answer_rcode;
                         q->answer_dnssec_result = t->answer_dnssec_result;