From: Victor Julien <victor@inliniac.net>
Date: Wed, 2 Dec 2015 10:37:57 +0000 (+0100)
Subject: dns: reject bad response data
X-Git-Tag: suricata-3.0RC2~1
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b333e5feae1f0c14d7620490a543fc41bccaea85;p=thirdparty%2Fsuricata.git

dns: reject bad response data
---

diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c
index f1cb597d2a..9e85ca2981 100644
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@@ -521,7 +521,9 @@ next_record:
         DNSTcpHeader *dns_tcp_header = (DNSTcpHeader *)input;
         SCLogDebug("DNS %p", dns_tcp_header);
 
-        if (ntohs(dns_tcp_header->len) == (input_len-2)) {
+        if (ntohs(dns_tcp_header->len) == 0) {
+            goto bad_data;
+        } else if (ntohs(dns_tcp_header->len) == (input_len-2)) {
             /* we have all data, so process w/o buffering */
             if (DNSReponseParseData(f, dns_state, input+2, input_len-2) < 0)
                 goto bad_data;