return FORMERR when question section is empty if COOKIE is not present

(cherry picked from commit 06d3106002def5141885a5668d0254038f19fbf1)

diff --git a/bin/tests/system/cookie/tests.sh b/bin/tests/system/cookie/tests.sh
index 6ade0c93ec64f0a59e687d02b9945aad8dd4752b..816f6a312b5996a9050f21052fa76c4bc3ef0fb1 100755 (executable)
--- a/bin/tests/system/cookie/tests.sh
+++ b/bin/tests/system/cookie/tests.sh
@@ -54,6 +54,24 @@ do
         status=`expr $status + $ret`
 done
 
+n=`expr $n + 1`
+echo_i "checking RCODE=FORMERR to query without question section and without COOKIE option ($n)"
+ret=0
+$DIG $DIGOPTS +qr +header-only +nocookie version.bind txt ch @10.53.0.1 > dig.out.test$n
+grep COOKIE: dig.out.test$n > /dev/null && ret=1
+grep "status: FORMERR" dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RCODE=NOERROR to query without question section and with COOKIE option ($n)"
+ret=0
+$DIG $DIGOPTS +qr +header-only +cookie version.bind txt ch @10.53.0.1 > dig.out.test$n
+grep COOKIE: dig.out.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 n=`expr $n + 1`
 echo_i "checking COOKIE token is returned to empty COOKIE option ($n)"
 ret=0

diff --git a/bin/tests/system/formerr/tests.sh b/bin/tests/system/formerr/tests.sh
index c88b18022f1a894006c710900d08535e943ea13c..d8b91e87542b7353a6938b3d1958ffaf8a4fc06b 100644 (file)
--- a/bin/tests/system/formerr/tests.sh
+++ b/bin/tests/system/formerr/tests.sh
@@ -14,7 +14,7 @@ SYSTEMTESTTOP=..
 
 status=0
 
-echo_i "test name to long"
+echo_i "test name too long"
 $PERL formerr.pl -a 10.53.0.1 -p ${PORT} nametoolong > nametoolong.out
 ans=`grep got: nametoolong.out`
 if [ "${ans}" != "got: 000080010000000000000000" ];
@@ -30,11 +30,12 @@ then
        echo_i "failed"; status=`expr $status + 1`;
 fi
 
-# this one is now NOERROR
-echo_i "no questions"
+# this would be NOERROR if it included a COOKIE option,
+# but is a FORMERR without one.
+echo_i "empty question section (and no COOKIE option)"
 $PERL formerr.pl -a 10.53.0.1 -p ${PORT} noquestions > noquestions.out
 ans=`grep got: noquestions.out`
-if [ "${ans}" != "got: 000080000000000000000000" ];
+if [ "${ans}" != "got: 000080010000000000000000" ];
 then
        echo_i "failed"; status=`expr $status + 1`;
 fi

diff --git a/lib/ns/client.c b/lib/ns/client.c
index 103ae0623f591f16764c4eacdf7d7e3f5b051b01..d5ee6b51cf856a6f726c9e921df04c562354ec04 100644 (file)
--- a/lib/ns/client.c
+++ b/lib/ns/client.c
@@ -2554,9 +2554,10 @@ ns__client_request(isc_task_t *task, isc_event_t *event) {
        }
 
        if (client->message->rdclass == 0) {
-               if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0 ||
-                   (client->message->opcode == dns_opcode_query &&
-                    client->message->counts[DNS_SECTION_QUESTION] == 0U)) {
+               if ((client->attributes & NS_CLIENTATTR_WANTCOOKIE) != 0 &&
+                   client->message->opcode == dns_opcode_query &&
+                   client->message->counts[DNS_SECTION_QUESTION] == 0U)
+               {
                        result = dns_message_reply(client->message, ISC_TRUE);
                        if (result != ISC_R_SUCCESS) {
                                ns_client_error(client, result);