Bugzilla – Bug 1125
unbound could reuse an answer packet incorrectly for clients with different EDNS parameters
Last modified: 2016-10-18 15:42:32 CEST
...and, less harmfully, it could skip reusing the answer when it actually can.
The problem is in services/mesh.c:mesh_send_reply(). It tries to determine whether it could reuse already encoded data (=prev) as follows:
if(prev && prev->qflags == r->qflags &&
prev->edns.edns_present == r->edns.edns_present &&
prev->edns.bits == r->edns.bits &&
prev->edns.udp_size == r->edns.udp_size &&
But this same function overrides r->edns (which will be used in prev->edns in the next call) first time and when it determines it cannot reuse 'prev':
r->edns.edns_version = EDNS_ADVERTISED_VERSION;
r->edns.udp_size = EDNS_ADVERTISED_SIZE;
r->edns.ext_rcode = 0;
r->edns.bits &= EDNS_DO;
So, on a subsequent call it can use the incorrect prev->edns parameters and could make a wrong conclusion.
Fixing this will be easy, but I guess you might also want to write a new automated test to exercise this regression. This is quite subtle and it won't be very likely to notice it quickly in the field even if you re-introduce the same/similar regression. In fact, I noticed it when I tried to write an automated test for my own project.
Thank you for the patch, I have applied it.
Best regards, Wouter