Ensure request name in buffer for ipset lookup.

82a14af5 · Simon Kelley · 97dce08e · 82a14af5
Commit 82a14af5 authored Apr 13, 2014 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 15 additions and 12 deletions

src/forward.c src/forward.c +15 -12

No files found.
--- a/src/forward.c
+++ b/src/forward.c
@@ -535,20 +535,23 @@ static size_t process_reply(struct dns_header *header, time_t now, struct server
  (void) do_bit;
 #ifdef HAVE_IPSET
-  /* Similar algorithm to search_servers. */
+  if (daemon->ipsets && extract_request(header, n, daemon->namebuff, NULL))
-  struct ipsets *ipset_pos;
-  unsigned int namelen = strlen(daemon->namebuff);
-  unsigned int matchlen = 0;
-  for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos = ipset_pos->next) 
    {
-      unsigned int domainlen = strlen(ipset_pos->domain);
+      /* Similar algorithm to search_servers. */
-      char *matchstart = daemon->namebuff + namelen - domainlen;
+      struct ipsets *ipset_pos;
-      if (namelen >= domainlen && hostname_isequal(matchstart, ipset_pos->domain) &&
+      unsigned int namelen = strlen(daemon->namebuff);
-	  (domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.' ) &&
+      unsigned int matchlen = 0;
-	  domainlen >= matchlen) 
+      for (ipset_pos = daemon->ipsets; ipset_pos; ipset_pos = ipset_pos->next) 
 	{
-	  matchlen = domainlen;
+	  unsigned int domainlen = strlen(ipset_pos->domain);
-	  sets = ipset_pos->sets;
+	  char *matchstart = daemon->namebuff + namelen - domainlen;
+	  if (namelen >= domainlen && hostname_isequal(matchstart, ipset_pos->domain) &&
+	      (domainlen == 0 || namelen == domainlen || *(matchstart - 1) == '.' ) &&
+	      domainlen >= matchlen) 
+	    {
+	      matchlen = domainlen;
+	      sets = ipset_pos->sets;
+	    }
 	}
    }
 #endif