From 2d4df19401968a56754b8f1acfd9613792003feb Mon Sep 17 00:00:00 2001
From: Jason Ish <ish@unx.ca>
Date: Tue, 25 Oct 2016 14:13:31 -0600
Subject: [PATCH] tcp dns: fix advancement to next request in buffer

The advancement through the buffer was not taking into account
the size of the length field resulting in the second request
being detected as bad data.
---
 src/app-layer-dns-tcp.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c
index dbce7ce30a..1449eb4c50 100644
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@@ -321,8 +321,8 @@ next_record:
                 goto bad_data;
 
             /* treat the rest of the data as a (potential) new record */
-            input += ntohs(dns_tcp_header->len);
-            input_len -= ntohs(dns_tcp_header->len);
+            input += (2 + ntohs(dns_tcp_header->len));
+            input_len -= (2 + ntohs(dns_tcp_header->len));
             goto next_record;
         } else {
             /* not enough data, store record length and buffer */
@@ -534,8 +534,8 @@ next_record:
                 goto bad_data;
 
             /* treat the rest of the data as a (potential) new record */
-            input += ntohs(dns_tcp_header->len);
-            input_len -= ntohs(dns_tcp_header->len);
+            input += (2 + ntohs(dns_tcp_header->len));
+            input_len -= (2 + ntohs(dns_tcp_header->len));
             goto next_record;
         } else {
             /* not enough data, store record length and buffer */