[exim-cvs] DKIM: fix parsing of pubkey RR

Pàgina inicial
Delete this message
Reply to this message
Autor: Exim Git Commits Mailing List
Data:  
A: exim-cvs
Assumpte: [exim-cvs] DKIM: fix parsing of pubkey RR
Gitweb: https://git.exim.org/exim.git/commitdiff/e8727833517ce189507b9199b5a3f5c3e129040e
Commit:     e8727833517ce189507b9199b5a3f5c3e129040e
Parent:     6061fbe9fe65b06d48ac7e8d0d2412ec1d91bbbd
Author:     Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Oct 17 11:47:20 2024 +0100
Committer:  Jeremy Harris <jgh146exb@???>
CommitDate: Thu Oct 17 11:47:20 2024 +0100


    DKIM: fix parsing of pubkey RR


    Broken-since: 2658a023286f
---
 doc/doc-txt/ChangeLog          |  4 ++++
 src/src/functions.h            |  2 +-
 src/src/miscmods/pdkim/pdkim.c |  7 +++++-
 test/dnszones-src/db.test.ex   |  3 +++
 test/log/4506                  | 21 ++++++++++++++----
 test/scripts/4500-DKIM/4506    | 50 ++++++++++++++++++++++++++++++++++++++++++
 6 files changed, 81 insertions(+), 6 deletions(-)


diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1c8e060c1..68632f516 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -59,6 +59,10 @@ JH/11 Lookups built as dynamic-load modules which support a single lookup
 JH/12 Bug 3112: Fix logging of config-file position for "obsolete lookup
       syntax". Previously, the end of the top-level file was reported.


+JH/13 Bug 3120: Fix parsing of DKIM pubkey DNS record. Previously a crafted
+      record could crash the meesage recieve process. Investigation by
+      Maxim Galaganov.
+
 Exim version 4.98
 -----------------


diff --git a/src/src/functions.h b/src/src/functions.h
index c9bb8cd70..57c4bb45c 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -991,7 +991,7 @@ return g ? (unsigned)g->ptr : 0;
static inline uschar
gstring_last_char(gstring * g)
{
-return g->s[g->ptr-1];
+return g ? g->s[g->ptr-1] : '\0';
}

 static inline void
diff --git a/src/src/miscmods/pdkim/pdkim.c b/src/src/miscmods/pdkim/pdkim.c
index c60e0686b..9d240dac1 100644
--- a/src/src/miscmods/pdkim/pdkim.c
+++ b/src/src/miscmods/pdkim/pdkim.c
@@ -649,7 +649,12 @@ for (const uschar * ele = raw_record, * tspec, * end, * val; *ele; ele = end)
       gstring * g = string_cat(NULL, val);
       while (isspace(gstring_last_char(g)))
     gstring_trim(g, 1);
-      val = string_from_gstring(g);
+      if (!(val = string_from_gstring(g)))
+    {
+    DEBUG(D_acl)
+      debug_printf(" Missing value for tag '%.*s'\n", taglen, tspec);
+    return NULL;
+    }
       }


     if (taglen == 1) switch (tspec[0])
diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex
index d6de7aa6c..cf5128a97 100644
--- a/test/dnszones-src/db.test.ex
+++ b/test/dnszones-src/db.test.ex
@@ -603,6 +603,7 @@ DELAY=1500 delay1500 A HOSTIPV4
 ;
 ; Deliberate bad version, having extra backslashes
 ; sha256-hash-only version.... appears to be too long, gets truncated
+; Bad records, missing a value for the key
 ;
 ; Another, 512-bit (with a Notes field)
 ; 512 requiring sha1 hash
@@ -611,6 +612,8 @@ DELAY=1500 delay1500 A HOSTIPV4
 sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
 sel_bad._domainkey TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
 sel_sha256._domainkey TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
+sel_nullkey._domainkey TXT "v=DKIM1; p="
+sel_snullkey._domainkey TXT "v=DKIM1; p= "


 ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
 ses_sha1._domainkey TXT "v=DKIM1; h=sha1; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
diff --git a/test/log/4506 b/test/log/4506
index 00139412f..4dea2f852 100644
--- a/test/log/4506
+++ b/test/log/4506
@@ -31,13 +31,26 @@
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Authentication-Results: myhost.test.ex
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 dkim_state DOES NOT include pass
 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=20180418125440.Horde.vVKB6E7UvpLfJsPzv2ZPs6z@???
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 unknown
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey [failed key import]
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: validation error: error:068000E0:asn1 encoding routines::too small
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 signer: test.ex bits: 0
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n    dkim=neutral (signature tag missing or invalid)\n         header.d=test.ex header.s=sel header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record]
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n    dkim=neutral (public key record import problem)\n         header.d=test.ex header.s=sel_nullkey header.a=rsa-sha1
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 dkim_state DOES NOT include pass
 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@???
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey [failed key import]
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 signer: test.ex bits: 0
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record]
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 Authentication-Results: myhost.test.ex;\n    dkim=neutral (public key record import problem)\n         header.d=test.ex header.s=sel_snullkey header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 dkim_state DOES NOT include pass
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@???
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 unknown
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 signer: test.ex bits: 0
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 Authentication-Results: myhost.test.ex;\n    dkim=neutral (signature tag missing or invalid)\n         header.d=test.ex header.s=sel header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 dkim_state DOES NOT include pass
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@???
 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 signer: test.ex bits: 0
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
diff --git a/test/scripts/4500-DKIM/4506 b/test/scripts/4500-DKIM/4506
index 0257511c4..89670d8ea 100644
--- a/test/scripts/4500-DKIM/4506
+++ b/test/scripts/4500-DKIM/4506
@@ -6228,6 +6228,56 @@ Mavis Wanczyk


Do You Need A Helping Hand?

+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+# These should fail verify (missing pubkey in DNS record)
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+        :date:message-id:subject; s=sel_nullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+        CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/
+        +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5
+        B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+        :date:message-id:subject; s=sel_snullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+        CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/
+        +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5
+        B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
 .
 ??? 250
 QUIT


--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/