dns: reject bad response data

10 years ago · b333e5feae
parent 260841827f
commit b333e5feae
1 changed files with 3 additions and 1 deletions
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@ -521,7 +521,9 @@ next_record:
        DNSTcpHeader *dns_tcp_header = (DNSTcpHeader *)input;
        SCLogDebug("DNS %p", dns_tcp_header);

-        if (ntohs(dns_tcp_header->len) == (input_len-2)) {
+        if (ntohs(dns_tcp_header->len) == 0) {
+            goto bad_data;
+        } else if (ntohs(dns_tcp_header->len) == (input_len-2)) {
            /* we have all data, so process w/o buffering */
            if (DNSReponseParseData(f, dns_state, input+2, input_len-2) < 0)
                goto bad_data;