DNS: more hardening against crafted responses

[exim.git] / src / src / acl.c

diff --git a/src/src/acl.c b/src/src/acl.c
index 5ab6747764959f5380fbc998411e538fd4a5ea7f..302dedaeb21fdde5f982fd5613701b04810a13f2 100644 (file)
--- a/src/src/acl.c
+++ b/src/src/acl.c
@@ -1092,7 +1092,7 @@ for (header_line * h = acl_added_headers; h; h = h->next)
   g = string_append_listele_n(g, '\n', h->text, i);
   }
 
-return g ? g->s : NULL;
+return string_from_gstring(g);
 }
 
 
@@ -1434,6 +1434,7 @@ for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
 
   /* Extract the numerical SRV fields (p is incremented) */
 
+  if (rr_bad_size(rr, 3 * sizeof(uint16_t))) continue;
   GETSHORT(priority, p);
   GETSHORT(weight, p);
   GETSHORT(port, p);
@@ -3428,7 +3429,7 @@ for (; cb; cb = cb->next)
        case CONTROL_FAKEREJECT:
          cancel_cutthrough_connection(TRUE, US"fakereject");
        case CONTROL_FAKEDEFER:
-         fake_response = (control_type == CONTROL_FAKEDEFER) ? DEFER : FAIL;
+         fake_response = control_type == CONTROL_FAKEDEFER ? DEFER : FAIL;
          if (*p == '/')
            {
            const uschar *pp = p + 1;
@@ -3773,8 +3774,9 @@ for (; cb; cb = cb->next)
       if (!f.dmarc_has_been_checked)
        dmarc_process();
       f.dmarc_has_been_checked = TRUE;
+
       /* used long way of dmarc_exim_expand_query() in case we need more
-       * view into the process in the future. */
+      view into the process in the future. */
       rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
                          &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
       break;