From e8727833517ce189507b9199b5a3f5c3e129040e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 17 Oct 2024 11:47:20 +0100 Subject: [PATCH 1/1] DKIM: fix parsing of pubkey RR Broken-since: 2658a023286f --- doc/doc-txt/ChangeLog | 4 +++ src/src/functions.h | 2 +- src/src/miscmods/pdkim/pdkim.c | 7 ++++- test/dnszones-src/db.test.ex | 3 ++ test/log/4506 | 21 +++++++++++--- test/scripts/4500-DKIM/4506 | 50 ++++++++++++++++++++++++++++++++++ 6 files changed, 81 insertions(+), 6 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 1c8e060c1..68632f516 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -59,6 +59,10 @@ JH/11 Lookups built as dynamic-load modules which support a single lookup JH/12 Bug 3112: Fix logging of config-file position for "obsolete lookup syntax". Previously, the end of the top-level file was reported. +JH/13 Bug 3120: Fix parsing of DKIM pubkey DNS record. Previously a crafted + record could crash the meesage recieve process. Investigation by + Maxim Galaganov. + Exim version 4.98 ----------------- diff --git a/src/src/functions.h b/src/src/functions.h index c9bb8cd70..57c4bb45c 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -991,7 +991,7 @@ return g ? (unsigned)g->ptr : 0; static inline uschar gstring_last_char(gstring * g) { -return g->s[g->ptr-1]; +return g ? g->s[g->ptr-1] : '\0'; } static inline void diff --git a/src/src/miscmods/pdkim/pdkim.c b/src/src/miscmods/pdkim/pdkim.c index c60e0686b..9d240dac1 100644 --- a/src/src/miscmods/pdkim/pdkim.c +++ b/src/src/miscmods/pdkim/pdkim.c @@ -649,7 +649,12 @@ for (const uschar * ele = raw_record, * tspec, * end, * val; *ele; ele = end) gstring * g = string_cat(NULL, val); while (isspace(gstring_last_char(g))) gstring_trim(g, 1); - val = string_from_gstring(g); + if (!(val = string_from_gstring(g))) + { + DEBUG(D_acl) + debug_printf(" Missing value for tag '%.*s'\n", taglen, tspec); + return NULL; + } } if (taglen == 1) switch (tspec[0]) diff --git a/test/dnszones-src/db.test.ex b/test/dnszones-src/db.test.ex index d6de7aa6c..cf5128a97 100644 --- a/test/dnszones-src/db.test.ex +++ b/test/dnszones-src/db.test.ex @@ -603,6 +603,7 @@ DELAY=1500 delay1500 A HOSTIPV4 ; ; Deliberate bad version, having extra backslashes ; sha256-hash-only version.... appears to be too long, gets truncated +; Bad records, missing a value for the key ; ; Another, 512-bit (with a Notes field) ; 512 requiring sha1 hash @@ -611,6 +612,8 @@ DELAY=1500 delay1500 A HOSTIPV4 sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB" sel_bad._domainkey TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB" sel_sha256._domainkey TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB" +sel_nullkey._domainkey TXT "v=DKIM1; p=" +sel_snullkey._domainkey TXT "v=DKIM1; p= " ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ==" ses_sha1._domainkey TXT "v=DKIM1; h=sha1; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ==" diff --git a/test/log/4506 b/test/log/4506 index 00139412f..4dea2f852 100644 --- a/test/log/4506 +++ b/test/log/4506 @@ -31,13 +31,26 @@ 1999-03-02 09:44:33 10HmbD-000000005vi-0000 Authentication-Results: myhost.test.ex 1999-03-02 09:44:33 10HmbD-000000005vi-0000 dkim_state DOES NOT include pass 1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=20180418125440.Horde.vVKB6E7UvpLfJsPzv2ZPs6z@webmail.sego.es -1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D -1999-03-02 09:44:33 10HmbE-000000005vi-0000 unknown +1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey [failed key import] +1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: validation error: error:068000E0:asn1 encoding routines::too small 1999-03-02 09:44:33 10HmbE-000000005vi-0000 signer: test.ex bits: 0 -1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] -1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1 +1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record] +1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (public key record import problem)\n header.d=test.ex header.s=sel_nullkey header.a=rsa-sha1 1999-03-02 09:44:33 10HmbE-000000005vi-0000 dkim_state DOES NOT include pass 1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey [failed key import] +1999-03-02 09:44:33 10HmbF-000000005vi-0000 signer: test.ex bits: 0 +1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record] +1999-03-02 09:44:33 10HmbF-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (public key record import problem)\n header.d=test.ex header.s=sel_snullkey header.a=rsa-sha1 +1999-03-02 09:44:33 10HmbF-000000005vi-0000 dkim_state DOES NOT include pass +1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net +1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D +1999-03-02 09:44:33 10HmbG-000000005vi-0000 unknown +1999-03-02 09:44:33 10HmbG-000000005vi-0000 signer: test.ex bits: 0 +1999-03-02 09:44:33 10HmbG-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] +1999-03-02 09:44:33 10HmbG-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1 +1999-03-02 09:44:33 10HmbG-000000005vi-0000 dkim_state DOES NOT include pass +1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net 1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D 1999-03-02 09:44:33 10HmaX-000000005vi-0000 signer: test.ex bits: 0 1999-03-02 09:44:33 10HmaX-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid] diff --git a/test/scripts/4500-DKIM/4506 b/test/scripts/4500-DKIM/4506 index 0257511c4..89670d8ea 100644 --- a/test/scripts/4500-DKIM/4506 +++ b/test/scripts/4500-DKIM/4506 @@ -6228,6 +6228,56 @@ Mavis Wanczyk Do You Need A Helping Hand? +. +??? 250 +QUIT +??? 221 +**** +# +# +# These should fail verify (missing pubkey in DNS record) +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel_nullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b= + CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/ + +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5 + B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0= +From: mrgus@test.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: +Subject: simple test + +This is a simple test. +. +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to + :date:message-id:subject; s=sel_snullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b= + CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/ + +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5 + B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0= +From: mrgus@test.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: +Subject: simple test + +This is a simple test. . ??? 250 QUIT -- 2.30.2