Added NDPI_ERROR_CODE_DETECTED risk

2 files changed, 6 insertions, 0 deletions

diff --git a/src/lib/protocols/dns.c b/src/lib/protocols/dns.c
index 6537b8b2e..96b1f5da7 100644
--- a/src/lib/protocols/dns.c
+++ b/src/lib/protocols/dns.c
@@ -233,6 +233,9 @@ static int search_valid_dns(struct ndpi_detection_module_struct *ndpi_struct,
     /* DNS Reply */
     flow->protos.dns.reply_code = dns_header->flags & 0x0F;
 
+    if(flow->protos.dns.reply_code != 0)
+      ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED);
+    
     if((dns_header->num_queries > 0) && (dns_header->num_queries <= NDPI_MAX_DNS_REQUESTS) /* Don't assume that num_queries must be zero */
        && ((((dns_header->num_answers > 0) && (dns_header->num_answers <= NDPI_MAX_DNS_REQUESTS))
 	    || ((dns_header->authority_rrs > 0) && (dns_header->authority_rrs <= NDPI_MAX_DNS_REQUESTS))
diff --git a/src/lib/protocols/http.c b/src/lib/protocols/http.c
index fd3a64664..cf1e6282b 100644
--- a/src/lib/protocols/http.c
+++ b/src/lib/protocols/http.c
@@ -999,9 +999,12 @@ static void ndpi_check_http_tcp(struct ndpi_detection_module_struct *ndpi_struct
 	  buf[3] = '\0';
 
 	  flow->http.response_status_code = atoi(buf);
+	  
 	  /* https://en.wikipedia.org/wiki/List_of_HTTP_status_codes */
 	  if((flow->http.response_status_code < 100) || (flow->http.response_status_code > 509))
 	    flow->http.response_status_code = 0; /* Out of range */
+	  else if(flow->http.response_status_code >= 400)
+	    ndpi_set_risk(ndpi_struct, flow, NDPI_ERROR_CODE_DETECTED);
 	}
 
 	ndpi_parse_packet_line_info(ndpi_struct, flow);