From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 21 Jan 2016 00:07:56 +0000 (+0100)
Subject: resolved: if we detect a message with incomplete DNSSEC data, consider this an invali... 
X-Git-Tag: v229~90^2~22
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fcfaff123506b8c2300038934eef46892576d2d2;p=thirdparty%2Fsystemd.git

resolved: if we detect a message with incomplete DNSSEC data, consider this an invalid packet event
---

diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 6b465abe487..018cfc7a63a 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -675,6 +675,10 @@ static void dns_transaction_process_dnssec(DnsTransaction *t) {
         /* All our auxiliary DNSSEC transactions are complete now. Try
          * to validate our RRset now. */
         r = dns_transaction_validate_dnssec(t);
+        if (r == -EBADMSG) {
+                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                return;
+        }
         if (r < 0) {
                 dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
                 return;