summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-01-21 01:07:56 +0100
committerLennart Poettering <lennart@poettering.net>2016-01-25 17:19:19 +0100
commitfcfaff123506b8c2300038934eef46892576d2d2 (patch)
tree3908bcf2b638d2c61a843e8a53a4aa07445fe923
parent7aa8ce985537e7803e16d6f2adf5143df4537cf8 (diff)
resolved: if we detect a message with incomplete DNSSEC data, consider this an invalid packet event
-rw-r--r--src/resolve/resolved-dns-transaction.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c
index 6b465abe48..018cfc7a63 100644
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@@ -675,6 +675,10 @@ static void dns_transaction_process_dnssec(DnsTransaction *t) {
/* All our auxiliary DNSSEC transactions are complete now. Try
* to validate our RRset now. */
r = dns_transaction_validate_dnssec(t);
+ if (r == -EBADMSG) {
+ dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+ return;
+ }
if (r < 0) {
dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
return;