From: Lennart Poettering Date: Tue, 29 Jul 2014 23:46:27 +0000 (+0200) Subject: resolved: only cache answer RRs, never additional or authoritative RRs of responses X-Git-Tag: v216~386 X-Git-Url: https://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=commitdiff_plain;h=d2f47562d5d834339ef3030e345a76a8c6f09c74 resolved: only cache answer RRs, never additional or authoritative RRs of responses --- diff --git a/src/resolve/resolved-dns-cache.c b/src/resolve/resolved-dns-cache.c index 8c859d19b..c97116745 100644 --- a/src/resolve/resolved-dns-cache.c +++ b/src/resolve/resolved-dns-cache.c @@ -337,7 +337,7 @@ static int dns_cache_put_negative(DnsCache *c, DnsResourceKey *key, int rcode, u return 0; } -int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, usec_t timestamp) { +int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, unsigned max_rrs, usec_t timestamp) { unsigned i; int r; @@ -365,7 +365,7 @@ int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, use timestamp = now(CLOCK_MONOTONIC); /* Second, add in positive entries for all contained RRs */ - for (i = 0; i < answer->n_rrs; i++) { + for (i = 0; i < MIN(max_rrs, answer->n_rrs); i++) { r = dns_cache_put_positive(c, answer->rrs[i], timestamp); if (r < 0) goto fail; diff --git a/src/resolve/resolved-dns-cache.h b/src/resolve/resolved-dns-cache.h index 590cf691b..d88d1d0e1 100644 --- a/src/resolve/resolved-dns-cache.h +++ b/src/resolve/resolved-dns-cache.h @@ -40,5 +40,5 @@ typedef struct DnsCache { void dns_cache_flush(DnsCache *c); void dns_cache_prune(DnsCache *c); -int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, usec_t timestamp); +int dns_cache_put(DnsCache *c, DnsQuestion *q, int rcode, DnsAnswer *answer, unsigned max_rrs, usec_t timestamp); int dns_cache_lookup(DnsCache *c, DnsQuestion *q, int *rcode, DnsAnswer **answer); diff --git a/src/resolve/resolved-dns-query.c b/src/resolve/resolved-dns-query.c index 271b8fd9c..857025152 100644 --- a/src/resolve/resolved-dns-query.c +++ b/src/resolve/resolved-dns-query.c @@ -344,7 +344,8 @@ void dns_query_transaction_process_reply(DnsQueryTransaction *t, DnsPacket *p) { return; } - dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, 0); + /* According to RFC 4795, section 2.9. only the RRs from the answer section shall be cached */ + dns_cache_put(&t->scope->cache, p->question, DNS_PACKET_RCODE(p), p->answer, DNS_PACKET_ANCOUNT(p), 0); if (DNS_PACKET_RCODE(p) == DNS_RCODE_SUCCESS) dns_query_transaction_complete(t, DNS_QUERY_SUCCESS);