/
75_10-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch
58 lines (48 loc) · 2.18 KB
/
75_10-Fix-crash-from-SRV-lookup-hitting-a-CNAME.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
From a189eb636256833f3053d8f2fbb95e51dc0f936c Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 14 Mar 2019 12:26:34 +0000
Subject: [PATCH 10/29] Fix crash from SRV lookup hitting a CNAME
(cherry picked from commit 14bc9cf085aff7bd5147881e5b7068769a29b026)
(cherry picked from commit 09720dd9506176294154dad7152f5f40554046a4)
---
doc/ChangeLog | 4 ++++
src/dns.c | 10 +++++++---
2 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/doc/ChangeLog b/doc/ChangeLog
index 26221318..585ccffc 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -27,6 +27,10 @@ JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
and/or domain. Found and fixed by Jason Betts.
+JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
+ configuration). If a CNAME target was not a wellformed name pattern, a
+ crash could result.
+
Exim version 4.92
-----------------
diff --git a/src/dns.c b/src/dns.c
index 0f0b435d..b7978c52 100644
--- a/src/dns.c
+++ b/src/dns.c
@@ -716,7 +716,11 @@ lookup, which constructs the names itself, so they should be OK. Besides,
bitstring labels don't conform to normal name syntax. (But the aren't used any
more.)
-For SRV records, we omit the initial _smtp._tcp. components at the start. */
+For SRV records, we omit the initial _smtp._tcp. components at the start.
+The check has been seen to bite on the destination of a SRV lookup that
+initiall hit a CNAME, for which the next name had only two components.
+RFC2782 makes no mention of the possibiility of CNAMES, but the Wikipedia
+article on SRV says they are not a valid configuration. */
#ifndef STAND_ALONE /* Omit this for stand-alone tests */
@@ -732,8 +736,8 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
if (type == T_SRV || type == T_TLSA)
{
- while (*checkname++ != '.');
- while (*checkname++ != '.');
+ while (*checkname && *checkname++ != '.') ;
+ while (*checkname && *checkname++ != '.') ;
}
if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname),
--
2.20.1