From 36b894a60b9431d20a8b8b1aa557673c747c4b47 Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 14 Aug 2014 21:21:45 +0100
Subject: [PATCH] Fix fakens TLSA generation and DANE TLSA lookup

---
 src/src/tls-openssl.c | 18 ++++++++++++++----
 test/src/fakens.c     | 19 ++++++++++++++++---
 test/stdout/5800      |  2 +-
 3 files changed, 31 insertions(+), 8 deletions(-)

diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 1ec7786bd..79beffadf 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -1806,6 +1806,7 @@ if (dane)
   dns_record * rr;
   dns_scan dnss;
   uschar * hostnames[2] = { host->name, NULL };
+  int found = 0;
 
   if (DANESSL_init(client_ssl, NULL, hostnames) != 1)
     return tls_error(US"hostnames load", host, NULL);
@@ -1819,13 +1820,16 @@ if (dane)
     int usage, selector, mtype;
     const char * mdname;
 
-    GETSHORT(usage, p);
-    GETSHORT(selector, p);
-    GETSHORT(mtype, p);
+    found++;
+    usage = *p++;
+    selector = *p++;
+    mtype = *p++;
 
     switch (mtype)
       {
-      default: /* log bad */ return FAIL;
+      default:
+	log_write(0, LOG_MAIN, "DANE error: TLSA record w/bad mtype 0x%x", mtype);
+	return FAIL;
       case 0:	mdname = NULL; break;
       case 1:	mdname = "sha256"; break;
       case 2:	mdname = "sha512"; break;
@@ -1841,6 +1845,12 @@ if (dane)
       case 1:	break;
       }
     }
+
+  if (!found)
+    {
+    log_write(0, LOG_MAIN, "DANE error: No TLSA records");
+    return FAIL;
+    }
   }
 #endif
 
diff --git a/test/src/fakens.c b/test/src/fakens.c
index 912f41984..fd3604a3c 100644
--- a/test/src/fakens.c
+++ b/test/src/fakens.c
@@ -194,6 +194,19 @@ while (*name != 0)
 return pk;
 }
 
+uschar *
+bytefield(uschar ** pp, uschar * pk)
+{
+unsigned value = 0;
+uschar * p = *pp;
+
+while (isdigit(*p)) value = value*10 + *p++ - '0';
+while (isspace(*p)) p++;
+*pp = p;
+*pk++ = value & 255;
+return pk;
+}
+
 uschar *
 shortfield(uschar ** pp, uschar * pk)
 {
@@ -420,9 +433,9 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL)
     break;
 
     case ns_t_tlsa:
-    pk = shortfield(&p, pk);	/* usage */
-    pk = shortfield(&p, pk);	/* selector */
-    pk = shortfield(&p, pk);	/* match type */
+    pk = bytefield(&p, pk);	/* usage */
+    pk = bytefield(&p, pk);	/* selector */
+    pk = bytefield(&p, pk);	/* match type */
     while (isxdigit(*p))
       {
       value = toupper(*p) - (isdigit(*p) ? '0' : '7') << 4;
diff --git a/test/stdout/5800 b/test/stdout/5800
index bcbbd88e0..b9c64fea0 100644
--- a/test/stdout/5800
+++ b/test/stdout/5800
@@ -1,4 +1,4 @@
 > 
-> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d000000
+> dnslookup tlsa: 3 1 2 3d5eb81b1dfc3f93c1fa8819e3fb3fdb41bb590441d5f3811db17772f4bc6de29bdd7c4f4b723750dda871b99379192b3f979f03db1252c4f08b03ef7176528d
 > 
 > 
-- 
2.30.2