Gitweb:
https://git.exim.org/exim.git/commitdiff/e8727833517ce189507b9199b5a3f5c3e129040e
Commit: e8727833517ce189507b9199b5a3f5c3e129040e
Parent: 6061fbe9fe65b06d48ac7e8d0d2412ec1d91bbbd
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Thu Oct 17 11:47:20 2024 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Thu Oct 17 11:47:20 2024 +0100
DKIM: fix parsing of pubkey RR
Broken-since: 2658a023286f
---
doc/doc-txt/ChangeLog | 4 ++++
src/src/functions.h | 2 +-
src/src/miscmods/pdkim/pdkim.c | 7 +++++-
test/dnszones-src/db.test.ex | 3 +++
test/log/4506 | 21 ++++++++++++++----
test/scripts/4500-DKIM/4506 | 50 ++++++++++++++++++++++++++++++++++++++++++
6 files changed, 81 insertions(+), 6 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 1c8e060c1..68632f516 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -59,6 +59,10 @@ JH/11 Lookups built as dynamic-load modules which support a single lookup
JH/12 Bug 3112: Fix logging of config-file position for "obsolete lookup
syntax". Previously, the end of the top-level file was reported.
+JH/13 Bug 3120: Fix parsing of DKIM pubkey DNS record. Previously a crafted
+ record could crash the meesage recieve process. Investigation by
+ Maxim Galaganov.
+
Exim version 4.98
-----------------
diff --git a/src/src/functions.h b/src/src/functions.h
index c9bb8cd70..57c4bb45c 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -991,7 +991,7 @@ return g ? (unsigned)g->ptr : 0;
static inline uschar
gstring_last_char(gstring * g)
{
-return g->s[g->ptr-1];
+return g ? g->s[g->ptr-1] : '\0';
}
static inline void
diff --git a/src/src/miscmods/pdkim/pdkim.c b/src/src/miscmods/pdkim/pdkim.c
index c60e0686b..9d240dac1 100644
--- a/src/src/miscmods/pdkim/pdkim.c
+++ b/src/src/miscmods/pdkim/pdkim.c
@@ -649,7 +649,12 @@ for (const uschar * ele = raw_record, * tspec, * end, * val; *ele; ele = end)
gstring * g = string_cat(NULL, val);
while (isspace(gstring_last_char(g)))
gstring_trim(g, 1);
- val = string_from_gstring(g);
+ if (!(val = string_from_gstring(g)))
+ {
+ DEBUG(D_acl)
+ debug_printf(" Missing value for tag '%.*s'\n", taglen, tspec);
+ return NULL;
+ }
}
if (taglen == 1) switch (tspec[0])
diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex
index d6de7aa6c..cf5128a97 100644
--- a/test/dnszones-src/db.test.ex
+++ b/test/dnszones-src/db.test.ex
@@ -603,6 +603,7 @@ DELAY=1500 delay1500 A HOSTIPV4
;
; Deliberate bad version, having extra backslashes
; sha256-hash-only version.... appears to be too long, gets truncated
+; Bad records, missing a value for the key
;
; Another, 512-bit (with a Notes field)
; 512 requiring sha1 hash
@@ -611,6 +612,8 @@ DELAY=1500 delay1500 A HOSTIPV4
sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
sel_bad._domainkey TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
sel_sha256._domainkey TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
+sel_nullkey._domainkey TXT "v=DKIM1; p="
+sel_snullkey._domainkey TXT "v=DKIM1; p= "
ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
ses_sha1._domainkey TXT "v=DKIM1; h=sha1; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
diff --git a/test/log/4506 b/test/log/4506
index 00139412f..4dea2f852 100644
--- a/test/log/4506
+++ b/test/log/4506
@@ -31,13 +31,26 @@
1999-03-02 09:44:33 10HmbD-000000005vi-0000 Authentication-Results: myhost.test.ex
1999-03-02 09:44:33 10HmbD-000000005vi-0000 dkim_state DOES NOT include pass
1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=20180418125440.Horde.vVKB6E7UvpLfJsPzv2ZPs6z@???
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 unknown
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey [failed key import]
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: validation error: error:068000E0:asn1 encoding routines::too small
1999-03-02 09:44:33 10HmbE-000000005vi-0000 signer: test.ex bits: 0
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record]
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (public key record import problem)\n header.d=test.ex header.s=sel_nullkey header.a=rsa-sha1
1999-03-02 09:44:33 10HmbE-000000005vi-0000 dkim_state DOES NOT include pass
1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@???
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey [failed key import]
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 signer: test.ex bits: 0
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record]
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (public key record import problem)\n header.d=test.ex header.s=sel_snullkey header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 dkim_state DOES NOT include pass
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@???
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 unknown
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 signer: test.ex bits: 0
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 dkim_state DOES NOT include pass
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@???
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 10HmaX-000000005vi-0000 signer: test.ex bits: 0
1999-03-02 09:44:33 10HmaX-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
diff --git a/test/scripts/4500-DKIM/4506 b/test/scripts/4500-DKIM/4506
index 0257511c4..89670d8ea 100644
--- a/test/scripts/4500-DKIM/4506
+++ b/test/scripts/4500-DKIM/4506
@@ -6228,6 +6228,56 @@ Mavis Wanczyk
Do You Need A Helping Hand?
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+# These should fail verify (missing pubkey in DNS record)
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel_nullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/
+ +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5
+ B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel_snullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/
+ +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5
+ B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
.
??? 250
QUIT
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-cvs.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-cvs-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
