From: Victor Julien <victor@inliniac.net>
Date: Fri, 25 Mar 2016 23:43:40 +0000 (+0100)
Subject: dns: improve handling of tx pick up on response
X-Git-Tag: suricata-3.1RC1~274
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=167d94efff23075db331bf9205f5c4366677dea0;p=thirdparty%2Fsuricata.git

dns: improve handling of tx pick up on response
---

diff --git a/src/app-layer-dns-udp.c b/src/app-layer-dns-udp.c
index 01393ceee7..dcb2f5aa18 100644
--- a/src/app-layer-dns-udp.c
+++ b/src/app-layer-dns-udp.c
@@ -277,27 +277,29 @@ static int DNSUDPResponseParse(Flow *f, void *dstate,
         }
     }
 
-    /* parse rcode, e.g. "noerror" or "nxdomain" */
-    uint8_t rcode = ntohs(dns_header->flags) & 0x0F;
-    if (rcode <= DNS_RCODE_NOTZONE) {
-        SCLogDebug("rcode %u", rcode);
-        if (tx != NULL)
-            tx->rcode = rcode;
-    } else {
-        /* this is not invalid, rcodes can be user defined */
-        SCLogDebug("unexpected DNS rcode %u", rcode);
+    /* if we previously didn't have a tx, it could have been created by the
+     * above code, so lets check again */
+    if (tx == NULL) {
+        tx = DNSTransactionFindByTxId(dns_state, ntohs(dns_header->tx_id));
     }
+    if (tx != NULL) {
+        /* parse rcode, e.g. "noerror" or "nxdomain" */
+        uint8_t rcode = ntohs(dns_header->flags) & 0x0F;
+        if (rcode <= DNS_RCODE_NOTZONE) {
+            SCLogDebug("rcode %u", rcode);
+            tx->rcode = rcode;
+        } else {
+            /* this is not invalid, rcodes can be user defined */
+            SCLogDebug("unexpected DNS rcode %u", rcode);
+        }
 
-    if (ntohs(dns_header->flags) & 0x0080) {
-        SCLogDebug("recursion desired");
-        if (tx != NULL)
+        if (ntohs(dns_header->flags) & 0x0080) {
+            SCLogDebug("recursion desired");
             tx->recursion_desired = 1;
-    }
+        }
 
-    if (tx != NULL) {
         tx->replied = 1;
     }
-
     SCReturnInt(1);
 
 bad_data: