resolved: if we detect a message with incomplete DNSSEC data, consider this an invalid packet event

2016-01-21 01:07:56 +01:00 · 2016-01-21 01:07:56 +01:00 · fcfaff1235
parent 7aa8ce9855
commit fcfaff1235
1 changed files with 4 additions and 0 deletions
--- a/src/resolve/resolved-dns-transaction.c
+++ b/src/resolve/resolved-dns-transaction.c
@ -675,6 +675,10 @@ static void dns_transaction_process_dnssec(DnsTransaction *t) {
        /* All our auxiliary DNSSEC transactions are complete now. Try
         * to validate our RRset now. */
        r = dns_transaction_validate_dnssec(t);
+        if (r == -EBADMSG) {
+                dns_transaction_complete(t, DNS_TRANSACTION_INVALID_REPLY);
+                return;
+        }
        if (r < 0) {
                dns_transaction_complete(t, DNS_TRANSACTION_RESOURCES);
                return;