From 1dccaf37b075ebfb726d407b9c4d95fcf2983135 Mon Sep 17 00:00:00 2001
From: Ivan Nardi <12729895+IvanNardi@users.noreply.github.com>
Date: Tue, 11 Feb 2025 15:48:53 +0100
Subject: DNS: fix check for DGA domain (#2716)

If we have a (potential) valid sub-classification, we shoudn't check for
DGA, even if the subclassification itself is disabled!
---
 src/lib/protocols/tls.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/lib/protocols/tls.c')

diff --git a/src/lib/protocols/tls.c b/src/lib/protocols/tls.c
index 60d54e9ba..8d2f4dd7f 100644
--- a/src/lib/protocols/tls.c
+++ b/src/lib/protocols/tls.c
@@ -2813,7 +2813,7 @@ int processClientServerHello(struct ndpi_detection_module_struct *ndpi_struct,
 		      ndpi_set_risk(ndpi_struct, flow, NDPI_NUMERIC_IP_HOST, sni);
 		    }
 
-		    if(ndpi_check_dga_name(ndpi_struct, flow, sni, 1, 0)) {
+		    if(ndpi_check_dga_name(ndpi_struct, flow, sni, 1, 0, 0)) {
 #ifdef DEBUG_TLS
 		      printf("[TLS] SNI: (DGA) [%s]\n", sni);
 #endif
-- 
cgit v1.2.3