If server sends answer with TC set via TCP, bail

[adns.git] / src / reply.c

diff --git a/src/reply.c b/src/reply.c
index 0379ca441ff52f90feefdce6cf3dc333c7b808a7..fbe4c95ecdde5ccaa52f638293253b80e3629d4a 100644 (file)
--- a/src/reply.c
+++ b/src/reply.c
@@ -340,8 +340,8 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
                     &ownermatched);
     assert(!st); assert(rrtype != -1);
     if (rri < restartfrom ||
-       rrclass != DNS_CLASS_IN ||
        rrtype != (qu->answer->type & adns_rrt_typemask) ||
+       rrclass != DNS_CLASS_IN ||
        !ownermatched)
       continue;
     adns__update_expires(qu,ttl,now);
@@ -370,6 +370,11 @@ void adns__procdgram(adns_state ads, const byte *dgram, int dglen,
     adns__query_fail(qu,adns_s_invalidresponse);
     return;
   }
+  if (qu->flags & adns_qf_usevc) {
+    adns__diag(ads,serv,qu,"server sent datagram with TC over TCP");
+    adns__query_fail(qu,adns_s_invalidresponse);
+    return;
+  }
   qu->flags |= adns_qf_usevc;
   
  x_restartquery: