[exim-cvs] Fix crash from SRV lookup hitting a CNAME

Gitweb: https://git.exim.org/exim.git/commitdiff/14bc9cf085aff7bd5147881e5b7068769a29b026

Commit:     14bc9cf085aff7bd5147881e5b7068769a29b026
Parent:     a23acfd5c4366f1c4d97e87ac61ee841f39b819a
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Mar 14 12:26:34 2019 +0000
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Mar 14 12:29:06 2019 +0000

    Fix crash from SRV lookup hitting a CNAME
---
 doc/doc-txt/ChangeLog |  4 ++++
 src/src/dns.c         | 10 +++++++---
 2 files changed, 11 insertions(+), 3 deletions(-)

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 5a42f0e..2239d9c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -35,6 +35,10 @@ JH/07 GnuTLS: Our use of late (post-handshake) certificate verification, under
 JB/01 Bug 2375: fix expansions of 822 addresses having comments in local-part
       and/or domain.  Found and fixed by Jason Betts.

+JH/08 Add hardening against SRV & TLSA lookups the hit CNAMEs (a nonvalid
+      configuration).  If a CNAME target was not a wellformed name pattern, a
+      crash could result.
+

Exim version 4.92
-----------------
diff --git a/src/src/dns.c b/src/src/dns.c
index dd929d4..6ef6b77 100644
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -710,7 +710,11 @@ lookup, which constructs the names itself, so they should be OK. Besides,
bitstring labels don't conform to normal name syntax. (But the aren't used any
more.)

-For SRV records, we omit the initial _smtp._tcp. components at the start. */
+For SRV records, we omit the initial _smtp._tcp. components at the start.
+The check has been seen to bite on the destination of a SRV lookup that
+initiall hit a CNAME, for which the next name had only two components.
+RFC2782 makes no mention of the possibiility of CNAMES, but the Wikipedia
+article on SRV says they are not a valid configuration. */

#ifndef STAND_ALONE /* Omit this for stand-alone tests */

@@ -726,8 +730,8 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)

   if (type == T_SRV || type == T_TLSA)
     {
-    while (*checkname++ != '.');
-    while (*checkname++ != '.');
+    while (*checkname && *checkname++ != '.') ;
+    while (*checkname && *checkname++ != '.') ;
     }

if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname),