tcp dns: fix advancement to next request in buffer

The advancement through the buffer was not taking into account
the size of the length field resulting in the second request
being detected as bad data.

diff --git a/src/app-layer-dns-tcp.c b/src/app-layer-dns-tcp.c
index dbce7ce30a8d8001b875c90e1d11ef8524fbfada..1449eb4c50124f6ce2c7f8f9867cab23f169c36d 100644 (file)
--- a/src/app-layer-dns-tcp.c
+++ b/src/app-layer-dns-tcp.c
@@ -321,8 +321,8 @@ next_record:
                 goto bad_data;
 
             /* treat the rest of the data as a (potential) new record */
-            input += ntohs(dns_tcp_header->len);
-            input_len -= ntohs(dns_tcp_header->len);
+            input += (2 + ntohs(dns_tcp_header->len));
+            input_len -= (2 + ntohs(dns_tcp_header->len));
             goto next_record;
         } else {
             /* not enough data, store record length and buffer */
@@ -534,8 +534,8 @@ next_record:
                 goto bad_data;
 
             /* treat the rest of the data as a (potential) new record */
-            input += ntohs(dns_tcp_header->len);
-            input_len -= ntohs(dns_tcp_header->len);
+            input += (2 + ntohs(dns_tcp_header->len));
+            input_len -= (2 + ntohs(dns_tcp_header->len));
             goto next_record;
         } else {
             /* not enough data, store record length and buffer */