diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-01-21 01:07:56 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-01-25 17:19:19 +0100 |
commit | fcfaff123506b8c2300038934eef46892576d2d2 (patch) | |
tree | 3908bcf2b638d2c61a843e8a53a4aa07445fe923 | |
parent | 7aa8ce985537e7803e16d6f2adf5143df4537cf8 (diff) |
resolved: if we detect a message with incomplete DNSSEC data, consider this an invalid packet event
-rw-r--r-- | src/resolve/resolved-dns-transaction.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/resolve/resolved-dns-transaction.c b/src/resolve/resolved-dns-transaction.c index 6b465abe48..018cfc7a63 100644 --- a/src/resolve/resolved-dns-transaction.c +++ b/src/resolve/resolved-dns-transaction.c @@ -675,6 +675,10 @@ static void dns_transaction_process_dnssec(DnsTransaction *t) { /* All our auxiliary DNSSEC transactions are complete now. Try * to validate our RRset now. */ r = dns_transaction_validate_dnssec(t); + if (r == -EBADMSG) { + dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY); + return; + } if (r < 0) { dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES); return; |