dns: fix out of bounds read

On a zero size A or AAAA record, 4 or 16 bytes would still be read. Found with AFL+ASAN.
9 years ago · 20990f7a7e
parent 4a04f814b1
commit 20990f7a7e
1 changed files with 2 additions and 2 deletions
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@ -858,7 +858,7 @@ const uint8_t *DNSReponseParse(DNSState *dns_state, const DNSHeader * const dns_

                DNSStoreAnswerInState(dns_state, list, fqdn, fqdn_len,
                        ntohs(head->type), ntohs(head->class), ntohl(head->ttl),
-                        data, 4, ntohs(dns_header->tx_id));
+                        data, datalen, ntohs(dns_header->tx_id));
            } else {
                SCLogDebug("invalid length for A response data: %u", ntohs(head->len));
                goto bad_data;
@ -876,7 +876,7 @@ const uint8_t *DNSReponseParse(DNSState *dns_state, const DNSHeader * const dns_

                DNSStoreAnswerInState(dns_state, list, fqdn, fqdn_len,
                        ntohs(head->type), ntohs(head->class), ntohl(head->ttl),
-                        data, 16, ntohs(dns_header->tx_id));
+                        data, datalen, ntohs(dns_header->tx_id));
            } else {
                SCLogDebug("invalid length for AAAA response data: %u", ntohs(head->len));
                goto bad_data;