return;
}
/* No 0TTL answers escaping from external cache. */
+ if(qstate->return_msg->rep->ttl == 0) {
+ qstate->return_msg = NULL;
+ qstate->ext_state[id] = module_wait_module;
+ return;
+ }
log_assert(qstate->return_msg->rep->ttl > 0);
qstate->is_cachedb_answer = 1;
/* we are done with the query */
+8 May 2026: Wouter
+ - Fix to relax assertions after the TTL 0 handling change.
+ This relaxes an assertion in cachedb (it fails instead),
+ and for packet_rrset_copy_region.
+
7 May 2026: Wouter
- Fix for Heap Out-of-Bounds Write via size_t-to-int Truncation
in setup_if() - outside_network_create(). This fixes that
* of the novel ghost attack mitigation i.e., using the
* qstarttime for NS RRSets. In that case make sure that the
* returned TTL is not higher than the original one. */
- log_assert(d->ttl_add <= now ||
- (ntohs(key->rk.type) == LDNS_RR_TYPE_NS));
+ /* For types other than type NS, auth zone and rpz code
+ * can have ttl_add values. Also time could conceivably move
+ * in reverse, due to operator action, and it is prudent
+ * to not assert on that here.
+ * So there is no assertion d->ttl_add <= now || type==NS */
now_control = SERVE_ORIGINAL_TTL ? data->ttl_add
: (d->ttl_add > now ? d->ttl_add : now );
for(i=0; i<d->count + d->rrsig_count; i++) {
projects / thirdparty / unbound.git / commitdiff
