From df25f204ba822c9c00bc9372c85da58e9aff6e86 Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Mon, 5 Jul 2021 20:56:11 +0100 Subject: [PATCH] Fix logical error in d0ae3f5a4dc094e8fe2a3c607028c1c59f42f473 The code which checked for a possible local answer to a domain, like --address=/example.com/1.2.3.4 could return false positives, causing upstream NXDOMAIN replies to be rewritten as NOERROR. Thanks to Dominik DL6ER for the bug report and analysis. --- src/domain-match.c | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/src/domain-match.c b/src/domain-match.c index f82bbdb..9a75e98 100644 --- a/src/domain-match.c +++ b/src/domain-match.c @@ -289,10 +289,17 @@ int filter_servers(int seed, int flags, int *lowout, int *highout) #define SERV_LOCAL_ADDRESS (SERV_6ADDR | SERV_4ADDR | SERV_ALL_ZEROS) - for (i = nlow; (flags & F_CONFIG) && i < nhigh && (daemon->serverarray[i]->flags & SERV_LOCAL_ADDRESS); i++); - - if (i != nlow) - nhigh = i; + if (flags & F_CONFIG) + { + /* We're just lookin for any matches that return an RR. */ + for (i = nlow; i < nhigh; i++) + if (daemon->serverarray[i]->flags & SERV_LOCAL_ADDRESS) + break; + + /* failed, return failure. */ + if (i == nhigh) + nhigh = nlow; + } else { for (i = nlow; i < nhigh && (daemon->serverarray[i]->flags & SERV_6ADDR); i++);