[exim-dev] [Bug 3120] Crash in pdkim_parse_pubkey_record()

Pàgina inicial
Delete this message
Reply to this message
Autor: Exim Bugzilla
Data:  
A: exim-dev
Assumpte: [exim-dev] [Bug 3120] Crash in pdkim_parse_pubkey_record()
https://bugs.exim.org/show_bug.cgi?id=3120

--- Comment #6 from Maxim Galaganov <max@???> ---
(In reply to Jeremy Harris from comment #5)
> e8727833517c addresses.
> I decided the underlying service routine needed fixing.


Jeremy, thank you for the patch. It seems to work fine, but some possibly
irrelevant issues remain.

#include <stdio.h>
#include <ctype.h>
#include <string.h>
#include <stdlib.h>

typedef unsigned char uschar;

#define CCS (const char *)
#define Ustrlen(s) (int)strlen(CCS(s))

int main(void)
{
    uschar *val = malloc(1);
    *val = 0;


    (void)isspace(val[ Ustrlen(val)-1 ]);
}


Such program when compiled with -fsanitize=address will complain about
"AddressSanitizer: heap-buffer-overflow". Checking *val to be non-\0 could
eliminate that.

The retcodes are a bit different:
"v=DKIM1; p= " returns with PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD
"v=DKIM1; p=" returns with PDKIM_VERIFY_INVALID_PUBKEY_IMPORT

The non-space version does not trigger the new missing value log.

--
You are receiving this mail because:
You are on the CC list for the bug.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-dev-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/