From: Andrew Lewis <nerf@judo.za.org>
Date: Wed, 8 Apr 2015 10:05:32 +0000 (+0200)
Subject: DMARC: Allow bogus backslashes in policy records; ignore non policy records; fail... 
X-Git-Tag: 0.9.0~286^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=1792090c783d765b155a5806ab0090d38a5bb786;p=rspamd.git

DMARC: Allow bogus backslashes in policy records; ignore non policy records; fail on multiple policy records
---

diff --git a/src/plugins/lua/dmarc.lua b/src/plugins/lua/dmarc.lua
index 70fd34e29..94ef119a5 100644
--- a/src/plugins/lua/dmarc.lua
+++ b/src/plugins/lua/dmarc.lua
@@ -1,5 +1,6 @@
 --[[
 Copyright (c) 2011-2015, Vsevolod Stakhov <vsevolod@highsecure.ru>
+Copyright (c) 2015, Andrew Lewis <nerf@judo.za.org>
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -46,7 +47,7 @@ local default_port = 6379
 local upstreams = nil
 local dmarc_redis_key_prefix = "dmarc_"
 
-local elts_re = rspamd_regexp.create_cached(";\\s+")
+local elts_re = rspamd_regexp.create_cached("\\\\*;\\s+")
 
 local function dmarc_report(task, spf_ok, dkim_ok)
   local ip = task:get_from_ip()
@@ -77,10 +78,26 @@ local function dmarc_callback(task)
     local strict_dkim = false
     local strict_policy = false
     local quarantine_policy = false
+    local found_policy = false
+    local failed_policy = false
     local rua
     
-    if results then
-      for _,r in ipairs(results) do
+    if not results then
+      return
+    end
+    for _,r in ipairs(results) do
+      if failed_policy then break end
+      (function()
+        if(string.sub(r,1,8) ~= 'v=DMARC1') then
+          return
+        else
+          if found_policy then
+            failed_policy = true
+            return
+          else
+            found_policy = true
+          end
+        end
         local elts = elts_re:split(r)
 
         if elts then
@@ -93,7 +110,7 @@ local function dmarc_callback(task)
             if spf_pol and spf_pol == 's' then
               strict_spf = true
             end
-            policy = string.match(e, '^p=(.*)$')
+            policy = string.match(e, '^p=(%a+)$')
             if policy then
               if (policy == 'reject') then
                 strict_policy = true
@@ -102,7 +119,7 @@ local function dmarc_callback(task)
                 quarantine_policy = true
               end
             end
-            pct = string.match(e, '^pct=(.*)$')
+            pct = string.match(e, '^pct=(%d+)$')
             if pct then
               pct = tonumber(pct)
             end
@@ -112,11 +129,11 @@ local function dmarc_callback(task)
             end
           end
         end
-      end
-    else
-      return
+      end)()
     end
 
+    if not found_policy or failed_policy then return end
+
     -- Check dkim and spf symbols
     local spf_ok = false
     local dkim_ok = false