fixup

jasonish · Nov 15, 2023 · 383b379 · 383b379
1 parent 4f6baa0
commit 383b379
Show file tree

Hide file tree

Showing 2 changed files with 32 additions and 6 deletions.
diff --git a/rust/src/dns/dns.rs b/rust/src/dns/dns.rs
@@ -881,6 +881,31 @@ pub unsafe extern "C" fn rs_dns_tx_get_query_name(
     return 0;
 }
 
+/// Get the DNS query name at index i.
+#[no_mangle]
+pub unsafe extern "C" fn SCDnsTxGetQueryName(
+    tx: &mut DNSTransaction, to_client: bool, i: u32, buf: *mut *const u8, len: *mut u32,
+) -> bool {
+    let queries = if to_client {
+        tx.response.as_ref().map(|response| &response.queries)
+    } else {
+        tx.request.as_ref().map(|request| &request.queries)
+    };
+    let index = i as usize;
+
+    if let Some(queries) = queries {
+        if let Some(query) = queries.get(index) {
+            if !query.name.is_empty() {
+                *buf = query.name.as_ptr();
+                *len = query.name.len() as u32;
+                return true;
+            }
+        }
+    }
+
+    false
+}
+
 /// Get the DNS response answer name and index i.
 #[no_mangle]
 pub unsafe extern "C" fn SCDnsTxGetAnswerName(

diff --git a/src/detect-dns-query-name.c b/src/detect-dns-query-name.c
@@ -80,7 +80,7 @@ static int DetectSetup(DetectEngineCtx *de_ctx, Signature *s, const char *str)
     return 0;
 }
 
-static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx,
+static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx, const uint8_t flags,
         const DetectEngineTransforms *transforms, void *txv, uint32_t index, int list_id)
 {
     InspectionBuffer *buffer = InspectionBufferMultipleForListGet(det_ctx, list_id, index);
@@ -91,12 +91,13 @@ static InspectionBuffer *GetBuffer(DetectEngineThreadCtx *det_ctx,
         return buffer;
     }
 
+    bool to_client = (flags & STREAM_TOSERVER) == 0;
     const uint8_t *data = NULL;
     uint32_t data_len = 0;
 
-    if (!SCDnsTxGetAnswerName(txv, index, &data, &data_len)) {
-        InspectionBufferSetupMultiEmpty(buffer);
-        return NULL;
+    if (!SCDnsTxGetQueryName(txv, to_client, index, &data, &data_len)) {
+	InspectionBufferSetupMultiEmpty(buffer);
+	return NULL;
     }
     InspectionBufferSetupMulti(buffer, transforms, data, data_len);
     return buffer;
@@ -112,7 +113,7 @@ static uint8_t DetectEngineInspectCb(DetectEngineCtx *de_ctx, DetectEngineThread
     }
 
     for (uint32_t i = 0;; i++) {
-        InspectionBuffer *buffer = GetBuffer(det_ctx, transforms, txv, i, engine->sm_list);
+        InspectionBuffer *buffer = GetBuffer(det_ctx, flags, transforms, txv, i, engine->sm_list);
         if (buffer == NULL || buffer->inspect == NULL) {
             break;
         }
@@ -148,7 +149,7 @@ static void PrefilterTx(DetectEngineThreadCtx *det_ctx, const void *pectx, Packe
     const int list_id = ctx->list_id;
 
     for (uint32_t i = 0;; i++) {
-        InspectionBuffer *buffer = GetBuffer(det_ctx, ctx->transforms, txv, i, list_id);
+        InspectionBuffer *buffer = GetBuffer(det_ctx, flags, ctx->transforms, txv, i, list_id);
         if (buffer == NULL) {
             break;
         }