From f5659b406b4618d4ae66934ed4781cd8b2a34eaa Mon Sep 17 00:00:00 2001 From: Simon Kelley Date: Fri, 28 Feb 2025 23:48:17 +0000 Subject: [PATCH] Move find_pseudoheader() before add_edns0_config() in TCP codepath. There's no point in checking if the query has edns0 headers _after_ adding our own. This has the affect that if --add-cpe-id or --add-subnet or their friends are configured, a query via TCP without EDNS0 will get an answer with EDNS0. It's highly unlikely that this breaks anything, but it is incorrect. Thanks to Tijs Van Buggenhout for spotting this. --- src/forward.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/src/forward.c b/src/forward.c index afb7dfd..ed27479 100644 --- a/src/forward.c +++ b/src/forward.c @@ -2469,7 +2469,21 @@ unsigned char *tcp_request(int confd, time_t now, { if (saved_question) blockdata_free(saved_question); + + do_bit = 0; + if (find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL)) + { + unsigned short ede_flags; + + have_pseudoheader = 1; + pheader += 4; /* udp_size, ext_rcode */ + GETSHORT(ede_flags, pheader); + + if (ede_flags & 0x8000) + do_bit = 1; /* do bit */ + } + size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &cacheable); saved_question = blockdata_alloc((char *)header, (size_t)size); saved_size = size; @@ -2508,20 +2522,6 @@ unsigned char *tcp_request(int confd, time_t now, else dst_addr_4.s_addr = 0; - do_bit = 0; - - if (find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL)) - { - unsigned short ede_flags; - - have_pseudoheader = 1; - pheader += 4; /* udp_size, ext_rcode */ - GETSHORT(ede_flags, pheader); - - if (ede_flags & 0x8000) - do_bit = 1; /* do bit */ - } - ad_reqd = do_bit; /* RFC 6840 5.7 */ if (header->hb4 & HB4_AD)