git://git.exim.org
/
exim.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
DNS: more hardening against crafted responses
[exim.git]
/
src
/
src
/
host.c
diff --git
a/src/src/host.c
b/src/src/host.c
index 136ee89537801420c904b4ad963d563d37ef2f2c..ce7ca2bab1098d6f5167cd485dd46c42d0451163 100644
(file)
--- a/
src/src/host.c
+++ b/
src/src/host.c
@@
-600,35
+600,38
@@
return depends on whether sender_fullhost and sender_ident are set or not:
ident set, no host => U=ident
ident set, host set => H=sender_fullhost U=ident
ident set, no host => U=ident
ident set, host set => H=sender_fullhost U=ident
-Use taint-unchecked routines on the assumption we'll never expand the results.
-
Arguments:
useflag TRUE if first item to be flagged (H= or U=); if there are two
items, the second is always flagged
Arguments:
useflag TRUE if first item to be flagged (H= or U=); if there are two
items, the second is always flagged
-Returns: pointer to a
string in big_buffer
+Returns: pointer to a
n allocated string
*/
uschar *
host_and_ident(BOOL useflag)
{
*/
uschar *
host_and_ident(BOOL useflag)
{
+gstring * g = NULL;
+
if (!sender_fullhost)
if (!sender_fullhost)
- string_format_nt(big_buffer, big_buffer_size, "%s%s", useflag ? "U=" : "",
- sender_ident ? sender_ident : US"unknown");
+ {
+ if (useflag)
+ g = string_catn(g, US"U=", 2);
+ g = string_cat(g, sender_ident ? sender_ident : US"unknown");
+ }
else
{
else
{
- uschar * flag = useflag ? US"H=" : US"";
- uschar * iface = US"";
+ if (useflag)
+ g = string_catn(g, US"H=", 2);
+ g = string_cat(g, sender_fullhost);
if (LOGGING(incoming_interface) && interface_address)
if (LOGGING(incoming_interface) && interface_address)
-
iface = string_sprintf(
" I=[%s]:%d", interface_address, interface_port);
+
g = string_fmt_append(g,
" I=[%s]:%d", interface_address, interface_port);
if (sender_ident)
if (sender_ident)
- string_format_nt(big_buffer, big_buffer_size, "%s%s%s U=%s",
- flag, sender_fullhost, iface, sender_ident);
- else
- string_format_nt(big_buffer, big_buffer_size, "%s%s%s",
- flag, sender_fullhost, iface);
+ g = string_fmt_append(g, " U=%s", sender_ident);
}
}
-return big_buffer;
+if (LOGGING(connection_id))
+ g = string_fmt_append(g, " Ci=%lu", connection_id);
+gstring_release_unused(g);
+return string_from_gstring(g);
}
#endif /* STAND_ALONE */
}
#endif /* STAND_ALONE */
@@
-2078,11
+2081,11
@@
so we pass that back. */
if (!host->address)
{
uschar *msg =
if (!host->address)
{
uschar *msg =
-
#ifndef STAND_ALONE
+#ifndef STAND_ALONE
!message_id[0] && smtp_in
? string_sprintf("no IP address found for host %s (during %s)", host->name,
smtp_get_connection_info()) :
!message_id[0] && smtp_in
? string_sprintf("no IP address found for host %s (during %s)", host->name,
smtp_get_connection_info()) :
-
#endif
+#endif
string_sprintf("no IP address found for host %s", host->name);
HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
string_sprintf("no IP address found for host %s", host->name);
HDEBUG(D_host_lookup) debug_printf("%s\n", msg);
@@
-2722,6
+2725,7
@@
for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
uschar data[256];
const uschar * s = rr->data; /* MUST be unsigned for GETSHORT */
uschar data[256];
+ if (rr_bad_size(rr, sizeof(uint16_t))) continue;
GETSHORT(precedence, s); /* Pointer s is advanced */
/* For MX records, we use a random "weight" which causes multiple records of
GETSHORT(precedence, s); /* Pointer s is advanced */
/* For MX records, we use a random "weight" which causes multiple records of
@@
-2734,6
+2738,8
@@
for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
/* SRV records are specified with a port and a weight. The weight is used
in a special algorithm. However, to start with, we just use it to order the
records of equal priority (precedence). */
/* SRV records are specified with a port and a weight. The weight is used
in a special algorithm. However, to start with, we just use it to order the
records of equal priority (precedence). */
+
+ if (rr_bad_increment(rr, s, 2 * sizeof(uint16_t))) continue;
GETSHORT(weight, s);
GETSHORT(port, s);
}
GETSHORT(weight, s);
GETSHORT(port, s);
}