Move find_pseudoheader() before add_edns0_config() in TCP codepath.

There's no point in checking if the query has edns0 headers _after_ adding our own. This has the affect that if --add-cpe-id or --add-subnet or their friends are configured, a query via TCP without EDNS0 will get an answer with EDNS0. It's highly unlikely that this breaks anything, but it is incorrect. Thanks to Tijs Van Buggenhout for spotting this.
2025-12-19 18:28:25 +00:00 · 2025-02-28 23:48:17 +00:00
parent 484fea238a
commit f5659b406b
1 changed files with 14 additions and 14 deletions
--- a/src/forward.c
+++ b/src/forward.c
@@ -2470,6 +2470,20 @@ unsigned char *tcp_request(int confd, time_t now,
 	      if (saved_question)
 		blockdata_free(saved_question);

+	      do_bit = 0;
+	      
+	      if (find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL))
+		{ 
+		  unsigned short ede_flags;
+		  
+		  have_pseudoheader = 1;
+		  pheader += 4; /* udp_size, ext_rcode */
+		  GETSHORT(ede_flags, pheader);
+		  
+		  if (ede_flags & 0x8000)
+		    do_bit = 1; /* do bit */ 
+		}
+
 	      size = add_edns0_config(header, size, ((unsigned char *) header) + 65536, &peer_addr, now, &cacheable);
 	      saved_question = blockdata_alloc((char *)header, (size_t)size);
 	      saved_size = size;
@@ -2508,20 +2522,6 @@ unsigned char *tcp_request(int confd, time_t now,
 	      else
 		dst_addr_4.s_addr = 0;
 	      
-	      do_bit = 0;
-	      
-	      if (find_pseudoheader(header, (size_t)size, NULL, &pheader, NULL, NULL))
-		{ 
-		  unsigned short ede_flags;
-		  
-		  have_pseudoheader = 1;
-		  pheader += 4; /* udp_size, ext_rcode */
-		  GETSHORT(ede_flags, pheader);
-		  
-		  if (ede_flags & 0x8000)
-		    do_bit = 1; /* do bit */ 
-		}
-
 	      ad_reqd = do_bit;
 	      /* RFC 6840 5.7 */
 	      if (header->hb4 & HB4_AD)