From b333e5feae1f0c14d7620490a543fc41bccaea85 Mon Sep 17 00:00:00 2001
From: Victor Julien <victor@inliniac.net>
Date: Wed, 2 Dec 2015 11:37:57 +0100
Subject: [PATCH] dns: reject bad response data

---
 src/app-layer-dns-tcp.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c
index f1cb597d2a..9e85ca2981 100644
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@@ -521,7 +521,9 @@ next_record:
         DNSTcpHeader *dns_tcp_header = (DNSTcpHeader *)input;
         SCLogDebug("DNS %p", dns_tcp_header);
 
-        if (ntohs(dns_tcp_header->len) == (input_len-2)) {
+        if (ntohs(dns_tcp_header->len) == 0) {
+            goto bad_data;
+        } else if (ntohs(dns_tcp_header->len) == (input_len-2)) {
             /* we have all data, so process w/o buffering */
             if (DNSReponseParseData(f, dns_state, input+2, input_len-2) < 0)
                 goto bad_data;
-- 
2.47.2