mirror of https://github.com/OISF/suricata
dns: don't parse a full request during probe if not enough data
If there is more data than a header, but not enough for a complete DNS message, the hostname parser could return an error causing the probe to fail on valid DNS messages. So only parse the complete message if we have enough input data. This is reliable for TCP as DNS messages are prefixed, but for UDP its just going to be the size of the input buffer presented to the parser, so incomplete could still happen. Ticket #5034pull/7282/head
parent
2a89185f04
commit
27679a12aa
Loading…
Reference in New Issue