diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-20 20:30:03 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-25 15:59:39 +0100 |
commit | ebc8a1066a1084f237512902a873652167a627e2 (patch) | |
tree | dfda3b3ea0b24e9378902e8b267c257107b65f36 | |
parent | cf7d1a30e44bf380027a2e73f9bf13f423a33cc1 (diff) |
resolved: fix RR key reduction logic
Fixes #2380.
-rw-r--r-- | src/resolve/resolved-dns-packet.c | 19 |
1 files changed, 12 insertions, 7 deletions
diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index 9a5223ef01..032e719595 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -2094,7 +2094,7 @@ int dns_packet_extract(DnsPacket *p) { n = DNS_PACKET_RRCOUNT(p); if (n > 0) { - DnsResourceRecord *previous = NULL; + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *previous = NULL; bool bad_opt = false; answer = dns_answer_new(n); @@ -2150,12 +2150,12 @@ int dns_packet_extract(DnsPacket *p) { } if (has_rfc6975) { - /* OPT RR contains RFC6975 algorithm data, then this is indication that the - * server just copied the OPT it got from us (which contained that data) back - * into the reply. If so, then it doesn't properly support EDNS, as RFC6975 - * makes it very clear that the algorithm data should only be contained in - * questions, never in replies. Crappy Belkin copy the OPT data for example, - * hence let's detect this so that we downgrade early. */ + /* If the OPT RR contains RFC6975 algorithm data, then this is indication that + * the server just copied the OPT it got from us (which contained that data) + * back into the reply. If so, then it doesn't properly support EDNS, as + * RFC6975 makes it very clear that the algorithm data should only be contained + * in questions, never in replies. Crappy Belkin routers copy the OPT data for + * example, hence let's detect this so that we downgrade early. */ log_debug("OPT RR contained RFC6975 data, ignoring."); bad_opt = true; continue; @@ -2174,6 +2174,11 @@ int dns_packet_extract(DnsPacket *p) { if (r < 0) goto finish; } + + /* Remember this RR, so that we potentically can merge it's ->key object with the next RR. Note + * that we only do this if we actually decided to keep the RR around. */ + dns_resource_record_unref(previous); + previous = dns_resource_record_ref(rr); } if (bad_opt) |