Fix crash on REFUSED answers to DNSSEC queries.

Some REFUSED answers to DNSSEC-originated queries would bypass the DNSSEC code entirely, and be returned as answers to the original query. In the process, they'd mess up datastructures so that a retry of the original query would crash dnsmasq.
2025-12-19 10:18:25 +00:00 · 2019-10-11 23:22:17 +01:00
parent 6fe436a448
commit 04db1483d1
1 changed files with 6 additions and 5 deletions
--- a/src/forward.c
+++ b/src/forward.c
@@ -946,12 +946,12 @@ void reply_query(int fd, int family, time_t now)
  /* We tried resending to this server with a smaller maximum size and got an answer.
     Make that permanent. To avoid reduxing the packet size for a single dropped packet,
     only do this when we get a truncated answer, or one larger than the safe size. */
-  if (server && server->edns_pktsz > SAFE_PKTSZ && (forward->flags & FREC_TEST_PKTSZ) && 
+  if (forward->sentto->edns_pktsz > SAFE_PKTSZ && (forward->flags & FREC_TEST_PKTSZ) && 
      ((header->hb3 & HB3_TC) || n >= SAFE_PKTSZ))
    {
-      server->edns_pktsz = SAFE_PKTSZ;
-      server->pktsz_reduced = now;
-      prettyprint_addr(&server->addr, daemon->addrbuff);
+      forward->sentto->edns_pktsz = SAFE_PKTSZ;
+      forward->sentto->pktsz_reduced = now;
+      prettyprint_addr(&forward->sentto->addr, daemon->addrbuff);
      my_syslog(LOG_WARNING, _("reducing DNS packet size for nameserver %s to %d"), daemon->addrbuff, SAFE_PKTSZ);
    }

@@ -973,7 +973,7 @@ void reply_query(int fd, int family, time_t now)
 	no_cache_dnssec = 1;
      
 #ifdef HAVE_DNSSEC
-      if (server && (server->flags & SERV_DO_DNSSEC) && 
+      if ((forward->sentto->flags & SERV_DO_DNSSEC) && 
 	  option_bool(OPT_DNSSEC_VALID) && !(forward->flags & FREC_CHECKING_DISABLED))
 	{
 	  int status = 0;
@@ -1201,6 +1201,7 @@ void reply_query(int fd, int family, time_t now)
 	      bogusanswer = 1;
 	    }
 	}
+
 #endif

      /* restore CD bit to the value in the query */