mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Code Issues Releases Wiki Activity

check requireservercookie even if rrl is configured

Browse Source
This commit is contained in:
Mark Andrews
2018-11-05 12:33:54 +11:00
parent 56603265ee
commit d6f6eeda9d
1 changed files with 13 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lib/ns/query.c
View File

@@ -5237,6 +5237,19 @@ ns__query_start(query_ctx_t *qctx) {
qctx->need_wildcardproof = false;
qctx->rpz = false;
/*
* If we require a server cookie then send back BADCOOKIE
* before we have done too much work.
*/
if (!TCP(qctx->client) && qctx->client->view->requireservercookie &&
WANTCOOKIE(qctx->client) && !HAVECOOKIE(qctx->client))
{
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
qctx->client->message->rcode = dns_rcode_badcookie;
return (query_done(qctx));
}
if (qctx->client->view->checknames &&
!dns_rdata_checkowner(qctx->client->query.qname,
qctx->client->message->rdclass,
@@ -6276,14 +6289,6 @@ query_checkrrl(query_ctx_t *qctx, isc_result_t result) {
return (DNS_R_DROP);
}
}
} else if (!TCP(qctx->client) &&
qctx->client->view->requireservercookie &&
WANTCOOKIE(qctx->client) && !HAVECOOKIE(qctx->client))
{
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AA;
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
qctx->client->message->rcode = dns_rcode_badcookie;
return (DNS_R_DROP);
}
return (ISC_R_SUCCESS);