diff options
| author | Cy Schubert <cy@FreeBSD.org> | 2022-08-05 20:02:55 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2022-08-05 20:02:55 +0000 |
| commit | 9b76d32f2310b735dbeb896cbf2776cad61f23e8 (patch) | |
| tree | cac9730d14d9c15b0c773429e65bba9e97506c93 /iterator/iterator.c | |
| parent | d57351465531b38689892ec862de2725b52842dd (diff) | |
unbound: Vendor import 1.16.2vendor/unbound/1.16.2
Security update to unbound.
PR: 265645
Security: CVE-2022-30698, CVE-2022-30699
Security: bc43a578-14ec-11ed-856e-d4c9ef517024
Diffstat (limited to 'iterator/iterator.c')
| -rw-r--r-- | iterator/iterator.c | 23 |
1 files changed, 16 insertions, 7 deletions
diff --git a/iterator/iterator.c b/iterator/iterator.c index 727631d6cf8e..25e5cfee4645 100644 --- a/iterator/iterator.c +++ b/iterator/iterator.c @@ -71,6 +71,10 @@ /* in msec */ int UNKNOWN_SERVER_NICENESS = 376; +/* in msec */ +int USEFUL_SERVER_TOP_TIMEOUT = 120000; +/* Equals USEFUL_SERVER_TOP_TIMEOUT*4 */ +int BLACKLIST_PENALTY = (120000*4); static void target_count_increase_nx(struct iter_qstate* iq, int num); @@ -371,7 +375,7 @@ error_response_cache(struct module_qstate* qstate, int id, int rcode) err.security = sec_status_indeterminate; verbose(VERB_ALGO, "store error response in message cache"); iter_dns_store(qstate->env, &qstate->qinfo, &err, 0, 0, 0, NULL, - qstate->query_flags); + qstate->query_flags, qstate->qstarttime); } return error_response(qstate, id, rcode); } @@ -1485,7 +1489,8 @@ processInitRequest(struct module_qstate* qstate, struct iter_qstate* iq, iq->dp = dns_cache_find_delegation(qstate->env, delname, delnamelen, iq->qchase.qtype, iq->qchase.qclass, qstate->region, &iq->deleg_msg, - *qstate->env->now+qstate->prefetch_leeway); + *qstate->env->now+qstate->prefetch_leeway, 1, + dpname, dpnamelen); else iq->dp = NULL; /* If the cache has returned nothing, then we have a @@ -1777,7 +1782,8 @@ generate_parentside_target_query(struct module_qstate* qstate, subiq->dp = dns_cache_find_delegation(qstate->env, name, namelen, qtype, qclass, subq->region, &subiq->deleg_msg, - *qstate->env->now+subq->prefetch_leeway); + *qstate->env->now+subq->prefetch_leeway, + 1, NULL, 0); /* if no dp, then it's from root, refetch unneeded */ if(subiq->dp) { subiq->dnssec_expected = iter_indicates_dnssec( @@ -2943,7 +2949,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iq->qchase.qtype != iq->response->qinfo.qtype, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, - qstate->region, qstate->query_flags); + qstate->region, qstate->query_flags, + qstate->qstarttime); /* close down outstanding requests to be discarded */ outbound_list_clear(&iq->outlist); iq->num_current_queries = 0; @@ -3032,7 +3039,8 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, /* Store the referral under the current query */ /* no prefetch-leeway, since its not the answer */ iter_dns_store(qstate->env, &iq->response->qinfo, - iq->response->rep, 1, 0, 0, NULL, 0); + iq->response->rep, 1, 0, 0, NULL, 0, + qstate->qstarttime); if(iq->store_parent_NS) iter_store_parentside_NS(qstate->env, iq->response->rep); @@ -3146,7 +3154,7 @@ processQueryResponse(struct module_qstate* qstate, struct iter_qstate* iq, iter_dns_store(qstate->env, &iq->response->qinfo, iq->response->rep, 1, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, NULL, - qstate->query_flags); + qstate->query_flags, qstate->qstarttime); /* set the current request's qname to the new value. */ iq->qchase.qname = sname; iq->qchase.qname_len = snamelen; @@ -3752,7 +3760,8 @@ processFinished(struct module_qstate* qstate, struct iter_qstate* iq, iter_dns_store(qstate->env, &qstate->qinfo, iq->response->rep, 0, qstate->prefetch_leeway, iq->dp&&iq->dp->has_parent_side_NS, - qstate->region, qstate->query_flags); + qstate->region, qstate->query_flags, + qstate->qstarttime); } } qstate->return_rcode = LDNS_RCODE_NOERROR; |