From: Bert Hubert <bert.hubert@netherlabs.nl>
Date: Thu, 9 Jun 2011 21:18:10 +0000 (+0000)
Subject: Christoph Meerwald discovered we do not parse EDNS options on TSIG-signed questions... 
X-Git-Tag: auth-3.0~35
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=0e4ab7bce137fce1cde6899a0f9223df0e9f45d6;p=pdns

Christoph Meerwald discovered we do not parse EDNS options on TSIG-signed questions, since we expect the OPT record to be the last one.


git-svn-id: svn://svn.powerdns.com/pdns/trunk/pdns@2214 d19b8d6e-7fed-0310-83ef-9ca221ded41b
---

diff --git a/pdns/dnsrecords.cc b/pdns/dnsrecords.cc
index e5c9573af..80aa0bbfe 100644
--- a/pdns/dnsrecords.cc
+++ b/pdns/dnsrecords.cc
@@ -18,6 +18,7 @@
 
 #include "utility.hh"
 #include "dnsrecords.hh"
+#include <boost/foreach.hpp>
 
 boilerplate_conv(A, ns_t_a, conv.xfrIP(d_ip));
 
@@ -298,29 +299,32 @@ boilerplate_conv(MBOXFW, QType::MBOXFW,
         	 conv.xfrLabel(d_mboxfw);
         	 )
 
+
+
 bool getEDNSOpts(const MOADNSParser& mdp, EDNSOpts* eo)
 {
-  if(mdp.d_header.arcount && !mdp.d_answers.empty() && 
-     mdp.d_answers.back().first.d_type == QType::OPT) {
-    eo->d_packetsize=mdp.d_answers.back().first.d_class;
-    
-    EDNS0Record stuff;
-    uint32_t ttl=ntohl(mdp.d_answers.back().first.d_ttl);
-    memcpy(&stuff, &ttl, sizeof(stuff));
-
-    eo->d_extRCode=stuff.extRCode;
-    eo->d_version=stuff.version;
-    eo->d_Z = ntohs(stuff.Z);
-    OPTRecordContent* orc = 
-      dynamic_cast<OPTRecordContent*>(mdp.d_answers.back().first.d_content.get());
-    if(!orc)
-      return false;
-    orc->getData(eo->d_options);
-
-    return true;
+  if(mdp.d_header.arcount && !mdp.d_answers.empty()) {
+    BOOST_FOREACH(const MOADNSParser::answers_t::value_type& val, mdp.d_answers) {
+      if(val.first.d_place == DNSRecord::Additional && val.first.d_type == QType::OPT) {
+	eo->d_packetsize=val.first.d_class;
+       
+	EDNS0Record stuff;
+	uint32_t ttl=ntohl(val.first.d_ttl);
+	memcpy(&stuff, &ttl, sizeof(stuff));
+	
+	eo->d_extRCode=stuff.extRCode;
+	eo->d_version=stuff.version;
+	eo->d_Z = ntohs(stuff.Z);
+	OPTRecordContent* orc = 
+	  dynamic_cast<OPTRecordContent*>(val.first.d_content.get());
+	if(!orc)
+	  return false;
+	orc->getData(eo->d_options);
+	return true;
+      }
+    }
   }
-  else
-    return false;
+  return false;
 }