summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/tsg_dns.cpp5
-rw-r--r--src/tsg_entry.cpp11
2 files changed, 13 insertions, 3 deletions
diff --git a/src/tsg_dns.cpp b/src/tsg_dns.cpp
index cba642f..5accc16 100644
--- a/src/tsg_dns.cpp
+++ b/src/tsg_dns.cpp
@@ -228,6 +228,11 @@ unsigned char do_action_redirect_dns(const struct streaminfo *a_stream, struct m
struct dns_user_region *user_region_record=NULL;
struct _dns_info *dns_info=(struct _dns_info *)user_data;
+ if(dns_info==NULL)
+ {
+ return STATE_GIVEME;
+ }
+
if(dns_info->hdr_info.qr==1 && g_tsg_para.deploy_mode==DEPLOY_MODE_MIRROR) //mirror
{
return STATE_GIVEME;
diff --git a/src/tsg_entry.cpp b/src/tsg_entry.cpp
index 3c6330e..6902f47 100644
--- a/src/tsg_entry.cpp
+++ b/src/tsg_entry.cpp
@@ -1793,6 +1793,7 @@ size_t session_app_gather_results_scan(const struct streaminfo *a_stream, struct
static unsigned char matched_security_rules_deal(const struct streaminfo *a_stream, struct session_runtime_process_context *srt_process_context, struct maat_rule *security_rules, size_t n_security_rules, const void *a_packet, int thread_seq)
{
+ void *user_data=NULL;
unsigned char state=APP_STATE_GIVEME;
struct maat_rule *p_rule=matched_rules_decision_criteria(security_rules, n_security_rules);
if(p_rule->action==TSG_ACTION_SHUNT)
@@ -1807,7 +1808,11 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre
case TSG_ACTION_DENY:
if(srt_process_context->proto==PROTO_DNS) /* deal action of deny in firewall */
{
- break;
+ user_data=NULL;
+ }
+ else
+ {
+ user_data=(void *)a_packet;
}
if(is_deny_application(p_rule))
@@ -1818,11 +1823,11 @@ static unsigned char matched_security_rules_deal(const struct streaminfo *a_stre
}
srt_action_context_set_hitted_app_id(a_stream, srt_process_context->hited_para.matched_app_id, a_stream->threadnum);
- state=tsg_enforing_deny_application(a_stream, p_rule, srt_process_context->proto, srt_process_context->hited_para.matched_app_id, ACTION_RETURN_TYPE_APP, a_packet);
+ state=tsg_enforing_deny_application(a_stream, p_rule, srt_process_context->proto, srt_process_context->hited_para.matched_app_id, ACTION_RETURN_TYPE_APP, user_data);
}
else
{
- state=tsg_enforing_deny(a_stream, p_rule, srt_process_context->proto, ACTION_RETURN_TYPE_APP, a_packet);
+ state=tsg_enforing_deny(a_stream, p_rule, srt_process_context->proto, ACTION_RETURN_TYPE_APP, user_data);
}
if(is_deny_after_N_packets(p_rule))
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-31 00:23:51 +0000