Fix crash from SRV lookup hitting a CNAME

[exim.git] / src / src / dns.c

diff --git a/src/src/dns.c b/src/src/dns.c
index 1da7feb38366363bc41406f72f63250172f36ba9..b7978c52133519455a211bbc4ef2789175e9f7a0 100644 (file)
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -639,6 +639,10 @@ up nameservers that produce this error continually, so there is the option of
 providing a list of domains for which this is treated as a non-existent
 host.
 
 providing a list of domains for which this is treated as a non-existent
 host.
 

+The dns_answer structure is pretty big; enough to hold a max-sized DNS message
+- so best allocated from fast-release memory.  As of writing, all our callers
+use a stack-auto variable.
+

 Arguments:
   dnsa      pointer to dns_answer structure
   name      name to look up
 Arguments:
   dnsa      pointer to dns_answer structure
   name      name to look up


@@ -712,7 +716,11 @@ lookup, which constructs the names itself, so they should be OK. Besides,
 bitstring labels don't conform to normal name syntax. (But the aren't used any
 more.)
 
 bitstring labels don't conform to normal name syntax. (But the aren't used any
 more.)
 

-For SRV records, we omit the initial _smtp._tcp. components at the start. */
+For SRV records, we omit the initial _smtp._tcp. components at the start.
+The check has been seen to bite on the destination of a SRV lookup that
+initiall hit a CNAME, for which the next name had only two components.
+RFC2782 makes no mention of the possibiility of CNAMES, but the Wikipedia
+article on SRV says they are not a valid configuration. */

 
 #ifndef STAND_ALONE   /* Omit this for stand-alone tests */
 
 
 #ifndef STAND_ALONE   /* Omit this for stand-alone tests */
 


@@ -728,8 +736,8 @@ if (check_dns_names_pattern[0] != 0 && type != T_PTR && type != T_TXT)
 
   if (type == T_SRV || type == T_TLSA)
     {
 
   if (type == T_SRV || type == T_TLSA)
     {

-    while (*checkname++ != '.');
-    while (*checkname++ != '.');
+    while (*checkname && *checkname++ != '.') ;
+    while (*checkname && *checkname++ != '.') ;

     }
 
   if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname),
     }
 
   if (pcre_exec(regex_check_dns_names, NULL, CCS checkname, Ustrlen(checkname),


@@ -885,7 +893,7 @@ for (i = 0; i <= dns_cname_loops; i++)
   uschar * data;
   dns_record *rr, cname_rr, type_rr;
   dns_scan dnss;
   uschar * data;
   dns_record *rr, cname_rr, type_rr;
   dns_scan dnss;

-  int datalen, rc;
+  int rc;

 
   /* DNS lookup failures get passed straight back. */
 
 
   /* DNS lookup failures get passed straight back. */
 


@@ -947,8 +955,8 @@ for (i = 0; i <= dns_cname_loops; i++)
     return DNS_FAIL;
 
   data = store_get(256);
     return DNS_FAIL;
 
   data = store_get(256);

-  if ((datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
-    cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256)) < 0)
+  if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen,
+      cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256) < 0)

     return DNS_FAIL;
   name = data;
 
     return DNS_FAIL;
   name = data;
 


@@ -1101,7 +1109,7 @@ switch (type)
          && (h->rcode == NOERROR || h->rcode == NXDOMAIN)
          && ntohs(h->qdcount) == 1 && ntohs(h->ancount) == 0
          && ntohs(h->nscount) >= 1)
          && (h->rcode == NOERROR || h->rcode == NXDOMAIN)
          && ntohs(h->qdcount) == 1 && ntohs(h->ancount) == 0
          && ntohs(h->nscount) >= 1)

-           dnsa->answerlen = MAXPACKET;
+           dnsa->answerlen = sizeof(dnsa->answer);

 
       for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);
           rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)
 
       for (rr = dns_next_rr(dnsa, &dnss, RESET_AUTHORITY);
           rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)