From ac983d3d02339d73457a8c03be091b13f4b056dc Mon Sep 17 00:00:00 2001
From: Philippe Antoine <pantoine@oisf.net>
Date: Wed, 27 Aug 2025 22:42:57 +0200
Subject: [PATCH] dns: add test with response with data length 0

Ticket: 7574
---
 tests/dns/dns-answer-emptydata/README.md  |   5 +++++
 tests/dns/dns-answer-emptydata/input.pcap | Bin 0 -> 1136 bytes
 tests/dns/dns-answer-emptydata/test.rules |   2 ++
 tests/dns/dns-answer-emptydata/test.yaml  |   9 +++++++++
 4 files changed, 16 insertions(+)
 create mode 100644 tests/dns/dns-answer-emptydata/README.md
 create mode 100644 tests/dns/dns-answer-emptydata/input.pcap
 create mode 100644 tests/dns/dns-answer-emptydata/test.rules
 create mode 100644 tests/dns/dns-answer-emptydata/test.yaml

diff --git a/tests/dns/dns-answer-emptydata/README.md b/tests/dns/dns-answer-emptydata/README.md
new file mode 100644
index 000000000..2f0b0e88e
--- /dev/null
+++ b/tests/dns/dns-answer-emptydata/README.md
@@ -0,0 +1,5 @@
+Test that we do not fail parsing on DNS answer with Data Length 0 `dns.resp.len == 0`
+
+Ticket: https://redmine.openinfosecfoundation.org/issues/7574
+
+Pcap from ticket
diff --git a/tests/dns/dns-answer-emptydata/input.pcap b/tests/dns/dns-answer-emptydata/input.pcap
new file mode 100644
index 0000000000000000000000000000000000000000..7a57bc2567d6872e3b0021a6a2a3cdbb297f2df6
GIT binary patch
literal 1136
zc-p&ic+)~A1{MYcfUqY?9ZOfA%){UUWP>mh5W6xkIDn7?o5Tw)Zl+CKT-;o@S237=
zFcv!t(zAi-|Noy8fNEJ-D;SxX*%%o)xNZn1JOZ1_1TnK@3J=H-Fov3G!@Syop`PuU
z1IRp(xeTVaS9u+J77aA_+yWs5hB>#uW^MtR$-%<J!4<UP<Wi8iAoKL?c^NE#=2#%i
zGl9DC3z{3x0nLnQ5a8f>oWsBXaa*Dw$SjaK?tZ)s=YaapA<Q`iH75?MIT9Q^Puoz<
zVVL57NdqXv0K$w+i7703<wc3i$@#eq3~UUHtobD+sYM5P82$qx7;qVx7#o_H8k<-c
z@DyjJ>n5h?Cgr3U7@}(Z1yydwkzQP^TLM%F<fI>yn#8EXAj87K@*f013Y0VVe~mcQ
zp|Vd;I-~RJF;o9bu$UCSgc(ZAYr&!Jh8F5EAB@FQ8U$Dvo=t%G4(PM*ARmIvd2)dd
zBb1oefy}wO9;-PLEDRYbFmp~>fXo4f(hAnW7D|(WzB^>cKxA4HPXYSy6EH1tK9q&0
zfh8axg3NhFsyTu{b7U~hF?PT-hj~3X)?Cm+`xDTtR8Xuv`2i2@RFGL9a~5JVX9L(A
hXRPK30?ql3X^!kKqWzT$H0v`cd>$Nt`|A?OEC8FKDWw1a

literal 0
Hc-jL100001

diff --git a/tests/dns/dns-answer-emptydata/test.rules b/tests/dns/dns-answer-emptydata/test.rules
new file mode 100644
index 000000000..a6cb2a2f2
--- /dev/null
+++ b/tests/dns/dns-answer-emptydata/test.rules
@@ -0,0 +1,2 @@
+alert dns any any -> any any (msg:"SURICATA DNS malformed request data"; flow:to_server; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240002; rev:2;)
+alert dns any any -> any any (msg:"SURICATA DNS malformed response data"; flow:to_client; app-layer-event:dns.malformed_data; classtype:protocol-command-decode; sid:2240003; rev:2;)
diff --git a/tests/dns/dns-answer-emptydata/test.yaml b/tests/dns/dns-answer-emptydata/test.yaml
new file mode 100644
index 000000000..cf28e97e6
--- /dev/null
+++ b/tests/dns/dns-answer-emptydata/test.yaml
@@ -0,0 +1,9 @@
+checks:
+  - filter:
+      count: 2
+      match:
+        event_type: dns
+  - filter:
+      count: 0
+      match:
+        event_type: alert
-- 
2.47.3