From: Victor Julien <victor@inliniac.net>
Date: Wed, 17 Aug 2016 11:12:40 +0000 (+0200)
Subject: dns: fix OOB read on malformed TXT record
X-Git-Tag: suricata-3.1.2~43
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=731d4a70492ae6ca37c9274f117905691c66aac9;p=thirdparty%2Fsuricata.git

dns: fix OOB read on malformed TXT record
---

diff --git a/src/app-layer-dns-common.c b/src/app-layer-dns-common.c
index 0f4595ac2c..8c5bc02aff 100644
--- a/src/app-layer-dns-common.c
+++ b/src/app-layer-dns-common.c
@@ -983,6 +983,12 @@ const uint8_t *DNSReponseParse(DNSState *dns_state, const DNSHeader * const dns_
         case DNS_RECORD_TYPE_TXT:
         {
             uint16_t datalen = ntohs(head->len);
+
+            if (datalen == 0) {
+                DNSSetEvent(dns_state, DNS_DECODER_EVENT_MALFORMED_DATA);
+                goto bad_data;
+            }
+
             uint8_t txtlen = *data;
             const uint8_t *tdata = data + 1;