From: Philippe Antoine <pantoine@oisf.net>
Date: Thu, 3 Oct 2024 13:16:44 +0000 (+0200)
Subject: dns/probe: check that a request has at least one query
X-Git-Tag: suricata-8.0.0-beta1~632
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5da2b5d7a4e42b4916b16cd206ef59fb512a06d7;p=thirdparty%2Fsuricata.git

dns/probe: check that a request has at least one query

Ticket: 7279
---

diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
index 11ebfb1a4c..1dad2a94d9 100644
--- a/rust/src/dns/dns.rs
+++ b/rust/src/dns/dns.rs
@@ -789,6 +789,9 @@ fn probe_header_validity(header: &DNSHeader, rlen: usize) -> (bool, bool, bool)
     }
 
     let is_request = header.flags & 0x8000 == 0;
+    if is_request && header.questions == 0 {
+        return (false, false, false);
+    }
     return (true, is_request, false);
 }