135 lines
4.6 KiB
Diff
135 lines
4.6 KiB
Diff
From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
|
|
From: Simon Arlott <sa.me.uk>
|
|
Date: Sat, 30 Sep 2023 12:18:51 +0100
|
|
Subject: [PATCH] Fix integer underflow
|
|
|
|
---
|
|
src/libspf2/spf_compile.c | 6 +++++-
|
|
1 file changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
|
|
index b08ffe2..d401028 100644
|
|
--- a/src/libspf2/spf_compile.c
|
|
+++ b/src/libspf2/spf_compile.c
|
|
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
|
|
/* Magic numbers for x/Nc in gdb. */ \
|
|
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
|
|
dst = SPF_data_str( data ); \
|
|
- ds_avail = _avail - sizeof(SPF_data_t); \
|
|
+ if ((_avail) < sizeof(SPF_data_t)) \
|
|
+ return SPF_response_add_error_ptr(spf_response, \
|
|
+ SPF_E_BIG_STRING, NULL, src, \
|
|
+ "Out of memory for string literal");\
|
|
+ ds_avail = (_avail) - sizeof(SPF_data_t); \
|
|
ds_len = 0; \
|
|
} while(0)
|
|
|
|
From faa9e02887e20d37e112c4ce7df34366e4f2fa2f Mon Sep 17 00:00:00 2001
|
|
From: Simon Arlott <sa.me.uk>
|
|
Date: Mon, 2 Oct 2023 19:34:38 +0100
|
|
Subject: [PATCH] Used a fixed size buffer for DNS responses instead of
|
|
doubling memory use
|
|
|
|
---
|
|
src/libspf2/spf_dns_resolv.c | 21 +++------------------
|
|
1 file changed, 3 insertions(+), 18 deletions(-)
|
|
|
|
diff --git a/src/libspf2/spf_dns_resolv.c b/src/libspf2/spf_dns_resolv.c
|
|
index 9dacafe..ec687b8 100644
|
|
--- a/src/libspf2/spf_dns_resolv.c
|
|
+++ b/src/libspf2/spf_dns_resolv.c
|
|
@@ -268,7 +268,7 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
|
|
}
|
|
#endif
|
|
|
|
- responselen = 2048;
|
|
+ responselen = 65536;
|
|
responsebuf = (u_char *)malloc(responselen);
|
|
if (! responsebuf)
|
|
return NULL; /* NULL always means OOM from DNS lookup. */
|
|
@@ -319,23 +319,8 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
|
|
domain, rr_type, 0, SPF_h_errno);
|
|
}
|
|
else if (dns_len > responselen) {
|
|
- void *tmp;
|
|
- /* We managed a lookup but our buffer was too small. */
|
|
- responselen = dns_len + (dns_len >> 1);
|
|
-#if 0
|
|
- /* Sanity-trap - we should never hit this. */
|
|
- if (responselen > 1048576) { /* One megabyte. */
|
|
- free(responsebuf);
|
|
- return SPF_dns_rr_new_init(spf_dns_server,
|
|
- domain, rr_type, 0, SPF_h_errno);
|
|
- }
|
|
-#endif
|
|
- tmp = realloc(responsebuf, responselen);
|
|
- if (!tmp) {
|
|
- free(responsebuf);
|
|
- return NULL;
|
|
- }
|
|
- responsebuf = tmp;
|
|
+ free(responsebuf);
|
|
+ return NULL;
|
|
}
|
|
else {
|
|
/* We managed a lookup, and our buffer was large enough. */
|
|
From 1bd4c108b63927cd1229760e30936160d050d997 Mon Sep 17 00:00:00 2001
|
|
From: Simon Arlott <sa.me.uk>
|
|
Date: Mon, 2 Oct 2023 19:37:00 +0100
|
|
Subject: [PATCH] Allocate memory for string when the buffer is NULL
|
|
|
|
These can't ever be NULL but scan-build complains about them.
|
|
---
|
|
src/libspf2/spf_dns_cache.c | 2 +-
|
|
src/libspf2/spf_get_exp.c | 2 +-
|
|
2 files changed, 2 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/libspf2/spf_dns_cache.c b/src/libspf2/spf_dns_cache.c
|
|
index 16c9819..50d2660 100644
|
|
--- a/src/libspf2/spf_dns_cache.c
|
|
+++ b/src/libspf2/spf_dns_cache.c
|
|
@@ -327,7 +327,7 @@ SPF_dns_cache_rr_fixup(SPF_dns_cache_config_t *spfhook,
|
|
char *new_domain;
|
|
size_t new_len = strlen(domain) + 1;
|
|
|
|
- if (cached_rr->domain_buf_len < new_len) {
|
|
+ if (cached_rr->domain == NULL || cached_rr->domain_buf_len < new_len) {
|
|
new_domain = realloc(cached_rr->domain, new_len);
|
|
if (new_domain == NULL)
|
|
return SPF_E_NO_MEMORY;
|
|
diff --git a/src/libspf2/spf_get_exp.c b/src/libspf2/spf_get_exp.c
|
|
index f4b5055..4a663e4 100644
|
|
--- a/src/libspf2/spf_get_exp.c
|
|
+++ b/src/libspf2/spf_get_exp.c
|
|
@@ -62,7 +62,7 @@ SPF_server_get_default_explanation(SPF_server_t *spf_server,
|
|
}
|
|
else {
|
|
size_t len = sizeof(SPF_LAME_EXP) + 1;
|
|
- if (*buflenp < len) {
|
|
+ if (*bufp == NULL || *buflenp < len) {
|
|
char *tmp = realloc(*bufp, len);
|
|
if (tmp == NULL)
|
|
return SPF_E_NO_MEMORY;
|
|
From 36c3af1dcfeb6c987dac00161f2ed57c6a42ed03 Mon Sep 17 00:00:00 2001
|
|
From: Simon Arlott <sa.me.uk>
|
|
Date: Sat, 30 Sep 2023 11:40:47 +0100
|
|
Subject: [PATCH] Use correct integer size for format string
|
|
|
|
---
|
|
src/libspf2/spf_compile.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
|
|
index b08ffe2..ba3d804 100644
|
|
--- a/src/libspf2/spf_compile.c
|
|
+++ b/src/libspf2/spf_compile.c
|
|
@@ -604,7 +604,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
|
|
|
|
default:
|
|
if (spf_server->debug > 3)
|
|
- SPF_debugf("Adding illegal %%-follower '%c' at %d",
|
|
+ SPF_debugf("Adding illegal %%-follower '%c' at %zu",
|
|
src[idx], idx);
|
|
/* SPF spec says to treat it as a literal, not
|
|
* SPF_E_INVALID_ESC */
|