[Fix] Fix parsing of the mask values that are invalid

diff --git a/src/libserver/spf.c b/src/libserver/spf.c
index a422d2819371570852af8d8a6648a0daf74ebf27..06352f5db5801dd029456cc84a9c14fc55abd252 100644 (file)
--- a/src/libserver/spf.c
+++ b/src/libserver/spf.c
@@ -1458,13 +1458,22 @@ parse_spf_ip4 (struct spf_record *rec, struct spf_addr *addr)
        }
 
        if (slash) {
-               mask = strtoul (slash + 1, NULL, 10);
+               gchar *end = NULL;
+
+               mask = strtoul (slash + 1, &end, 10);
                if (mask > 32) {
                        msg_info_spf ("invalid mask for ip4 element for %s: %s", addr->spf_string,
                                        rec->sender_domain);
                        return FALSE;
                }
 
+               if (end != NULL && !g_ascii_isspace(*end) && *end != '\0') {
+                       /* Invalid mask definition */
+                       msg_info_spf ("invalid mask for ip4 element for %s: %s", addr->spf_string,
+                               rec->sender_domain);
+                       return FALSE;
+               }
+
                addr->m.dual.mask_v4 = mask;
 
                if (mask < min_valid_mask) {
@@ -1525,13 +1534,21 @@ parse_spf_ip6 (struct spf_record *rec, struct spf_addr *addr)
        }
 
        if (slash) {
-               mask = strtoul (slash + 1, NULL, 10);
+               gchar *end = NULL;
+               mask = strtoul (slash + 1, &end, 10);
                if (mask > 128) {
                        msg_info_spf ("invalid mask for ip6 element for %s: %s", addr->spf_string,
                                        rec->sender_domain);
                        return FALSE;
                }
 
+               if (end != NULL && !g_ascii_isspace(*end) && *end != '\0') {
+                       /* Invalid mask definition */
+                       msg_info_spf ("invalid mask for ip4 element for %s: %s", addr->spf_string,
+                               rec->sender_domain);
+                       return FALSE;
+               }
+
                addr->m.dual.mask_v6 = mask;
 
                if (mask < min_valid_mask) {
@@ -1823,7 +1840,7 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved,
 {
        const gchar *p, *macro_value = NULL;
        gchar *c, *new, *tmp, delim = '.';
-       gsize len = 0, slen = 0, macro_len = 0;
+       gsize len = 0, macro_len = 0;
        gint state = 0, ndelim = 0;
        gchar ip_buf[64 + 1]; /* cannot use INET6_ADDRSTRLEN as we use ptr lookup */
        gboolean need_expand = FALSE, reversed;
@@ -1846,7 +1863,6 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved,
                                len++;
                        }
 
-                       slen++;
                        p++;
                        break;
                case 1:
@@ -1872,7 +1888,7 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved,
                                return begin;
                        }
                        p++;
-                       slen++;
+
                        break;
                case 2:
                        /* Read macro name */
@@ -1933,7 +1949,6 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved,
                                return begin;
                        }
                        p++;
-                       slen++;
                        state = 3;
                        break;
                case 3:
@@ -1943,7 +1958,6 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved,
                                need_expand = TRUE;
                        }
                        p++;
-                       slen++;
                        break;
 
                default: