From 04be0f217c3a9f788cfe61a6f6c7296fb7628a52 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Tue, 30 May 2023 16:14:04 +0100 Subject: [Fix] Fix parsing of the mask values that are invalid --- src/libserver/spf.c | 28 +++++++++++++++++++++------- 1 file changed, 21 insertions(+), 7 deletions(-) diff --git a/src/libserver/spf.c b/src/libserver/spf.c index a422d2819..06352f5db 100644 --- a/src/libserver/spf.c +++ b/src/libserver/spf.c @@ -1458,13 +1458,22 @@ parse_spf_ip4 (struct spf_record *rec, struct spf_addr *addr) } if (slash) { - mask = strtoul (slash + 1, NULL, 10); + gchar *end = NULL; + + mask = strtoul (slash + 1, &end, 10); if (mask > 32) { msg_info_spf ("invalid mask for ip4 element for %s: %s", addr->spf_string, rec->sender_domain); return FALSE; } + if (end != NULL && !g_ascii_isspace(*end) && *end != '\0') { + /* Invalid mask definition */ + msg_info_spf ("invalid mask for ip4 element for %s: %s", addr->spf_string, + rec->sender_domain); + return FALSE; + } + addr->m.dual.mask_v4 = mask; if (mask < min_valid_mask) { @@ -1525,13 +1534,21 @@ parse_spf_ip6 (struct spf_record *rec, struct spf_addr *addr) } if (slash) { - mask = strtoul (slash + 1, NULL, 10); + gchar *end = NULL; + mask = strtoul (slash + 1, &end, 10); if (mask > 128) { msg_info_spf ("invalid mask for ip6 element for %s: %s", addr->spf_string, rec->sender_domain); return FALSE; } + if (end != NULL && !g_ascii_isspace(*end) && *end != '\0') { + /* Invalid mask definition */ + msg_info_spf ("invalid mask for ip4 element for %s: %s", addr->spf_string, + rec->sender_domain); + return FALSE; + } + addr->m.dual.mask_v6 = mask; if (mask < min_valid_mask) { @@ -1823,7 +1840,7 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved, { const gchar *p, *macro_value = NULL; gchar *c, *new, *tmp, delim = '.'; - gsize len = 0, slen = 0, macro_len = 0; + gsize len = 0, macro_len = 0; gint state = 0, ndelim = 0; gchar ip_buf[64 + 1]; /* cannot use INET6_ADDRSTRLEN as we use ptr lookup */ gboolean need_expand = FALSE, reversed; @@ -1846,7 +1863,6 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved, len++; } - slen++; p++; break; case 1: @@ -1872,7 +1888,7 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved, return begin; } p++; - slen++; + break; case 2: /* Read macro name */ @@ -1933,7 +1949,6 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved, return begin; } p++; - slen++; state = 3; break; case 3: @@ -1943,7 +1958,6 @@ expand_spf_macro (struct spf_record *rec, struct spf_resolved_element *resolved, need_expand = TRUE; } p++; - slen++; break; default: -- cgit v1.2.3