From: Serhii Vlasiuk -X (svlasiuk - SOFTSERVE INC at Cisco) <svlasiuk@cisco.com>
Date: Tue, 21 Nov 2023 15:15:32 +0000 (+0000)
Subject: Pull request #4102: dns: fix parsing 'additionals' section in dns response
X-Git-Tag: 3.1.76.0~7
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b29b0e959a6ff07708f70152873ba82a0b44b8ea;p=thirdparty%2Fsnort3.git

Pull request #4102: dns: fix parsing 'additionals' section in dns response

Merge in SNORT/snort3 from ~SVLASIUK/snort3:fix_dns_parser to master

Squashed commit of the following:

commit 59f0c3ae7d2ed2629ca72b2446cd34fe7f43be1f
Author: Serhii Vlasiuk <svlasiuk@cisco.com>
Date:   Thu Nov 16 16:56:33 2023 +0200

    dns: fix parsing 'additionals' section in dns response
---

diff --git a/src/service_inspectors/dns/dns.cc b/src/service_inspectors/dns/dns.cc
index b02a74693..4832145c5 100644
--- a/src/service_inspectors/dns/dns.cc
+++ b/src/service_inspectors/dns/dns.cc
@@ -348,6 +348,9 @@ static uint16_t ParseDNSName(
                 {
                     /* If this one is a relative offset, read that extra byte */
                     dnsSessionData->curr_txt.offset |= *data;
+                    if (dnsSessionData->length > 0)
+                        dnsSessionData->curr_txt.offset += 2; // first two bytes are length in TCP
+
                     if (parse_dns_name)
                     {
                         // parse recursively relative name
@@ -951,7 +954,7 @@ static void ParseDNSResponseMessage(Packet* p, DNSData* dnsSessionData, bool& ne
             dnsSessionData->curr_rec = 0;
         /* Fall through */
         case DNS_RESP_STATE_ADD_RR: /* ADDITIONALS section */
-            for (i=dnsSessionData->curr_rec; i<dnsSessionData->hdr.authorities; i++)
+            for (i=dnsSessionData->curr_rec; i<dnsSessionData->hdr.additionals; i++)
             {
                 bytes_unused = ParseDNSAnswer(data, bytes_unused, dnsSessionData);