From 1b76ad22a23e704c1d931937953d44c9b206c867 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Fri, 21 Sep 2018 12:40:53 +0100 Subject: [PATCH] DANE: ignore undersized TLSA records --- src/src/dns.c | 6 +++--- src/src/tls-gnu.c | 4 ++-- src/src/tls-openssl.c | 2 +- src/src/transports/smtp.c | 23 ++++++++++++----------- 4 files changed, 18 insertions(+), 17 deletions(-) diff --git a/src/src/dns.c b/src/src/dns.c index 1da7feb38..297b8b88d 100644 --- a/src/src/dns.c +++ b/src/src/dns.c @@ -885,7 +885,7 @@ for (i = 0; i <= dns_cname_loops; i++) uschar * data; dns_record *rr, cname_rr, type_rr; dns_scan dnss; - int datalen, rc; + int rc; /* DNS lookup failures get passed straight back. */ @@ -947,8 +947,8 @@ for (i = 0; i <= dns_cname_loops; i++) return DNS_FAIL; data = store_get(256); - if ((datalen = dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, - cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256)) < 0) + if (dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, + cname_rr.data, (DN_EXPAND_ARG4_TYPE)data, 256) < 0) return DNS_FAIL; name = data; diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index fd18a601e..1430f2f3c 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -2207,7 +2207,7 @@ dane_data_len = store_get(i * sizeof(int)); for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS), i = 0; rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) - ) if (rr->type == T_TLSA) + ) if (rr->type == T_TLSA && rr->size > 3) { const uschar * p = rr->data; uint8_t usage = p[0], sel = p[1], type = p[2]; @@ -2774,7 +2774,7 @@ while (left > 0) DEBUG(D_tls) debug_printf("outbytes=" SSIZE_T_FMT "\n", outbytes); if (outbytes < 0) { -debug_printf("%s: err from gnutls_record_send(\n", __FUNCTION__); + DEBUG(D_tls) debug_printf("%s: gnutls_record_send err\n", __FUNCTION__); record_io_error(state, outbytes, US"send", NULL); return -1; } diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 81372cfaa..c5ebc1333 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -2337,7 +2337,7 @@ if (DANESSL_init(ssl, NULL, hostnames) != 1) for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; rr = dns_next_rr(dnsa, &dnss, RESET_NEXT) - ) if (rr->type == T_TLSA) + ) if (rr->type == T_TLSA && rr->size > 3) { const uschar * p = rr->data; uint8_t usage, selector, mtype; diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c index d7e83966f..f3e09ada7 100644 --- a/src/src/transports/smtp.c +++ b/src/src/transports/smtp.c @@ -1254,19 +1254,20 @@ switch (rc) dns_scan dnss; dns_record * rr; for (rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; - rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_TLSA) - { - uint16_t payload_length = rr->size - 3; - uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data; + rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) + if (rr->type == T_TLSA && rr->size > 3) + { + uint16_t payload_length = rr->size - 3; + uschar s[MAX_TLSA_EXPANDED_SIZE], * sp = s, * p = US rr->data; - sp += sprintf(CS sp, "%d ", *p++); /* usage */ - sp += sprintf(CS sp, "%d ", *p++); /* selector */ - sp += sprintf(CS sp, "%d ", *p++); /* matchtype */ - while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4)) - sp += sprintf(CS sp, "%02x", *p++); + sp += sprintf(CS sp, "%d ", *p++); /* usage */ + sp += sprintf(CS sp, "%d ", *p++); /* selector */ + sp += sprintf(CS sp, "%d ", *p++); /* matchtype */ + while (payload_length-- > 0 && sp-s < (MAX_TLSA_EXPANDED_SIZE - 4)) + sp += sprintf(CS sp, "%02x", *p++); - debug_printf(" %s\n", s); - } + debug_printf(" %s\n", s); + } } return OK; } -- 2.30.2