From 67794d2b830fc580f87b0635718d95e32b467be1 Mon Sep 17 00:00:00 2001 From: Wolfgang Breyha Date: Tue, 7 Jan 2020 13:03:18 +0000 Subject: [PATCH 1/1] SPF: fix result for case of only non-spf TXT RRs. Bug 2499 --- src/src/spf.c | 7 ++++++- test/scripts/4600-SPF/4601 | 17 ++++++++--------- test/stdout/4601 | 11 ++++++----- 3 files changed, 20 insertions(+), 15 deletions(-) diff --git a/src/src/spf.c b/src/src/spf.c index 7671551bc..9b053ccf9 100644 --- a/src/src/spf.c +++ b/src/src/spf.c @@ -152,7 +152,12 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; srr.rr[found++] = (void *) s; } -srr.num_rr = found; +/* Did we filter out all TXT RRs? Return NO_DATA instead of SUCCESS with +empty ANSWER section. */ + +if (!(srr.num_rr = found)) + srr.herrno = NO_DATA; + /* spfrr->rr must have been malloc()d for this */ SPF_dns_rr_dup(&spfrr, &srr); return spfrr; diff --git a/test/scripts/4600-SPF/4601 b/test/scripts/4600-SPF/4601 index 96f06a6d1..5e6602ab0 100644 --- a/test/scripts/4600-SPF/4601 +++ b/test/scripts/4600-SPF/4601 @@ -25,14 +25,13 @@ quit # killdaemon # -# SERVFAIL -> temperror -# A multiple spf-RR return should get permerror -# - and not crash with non-spf txt records -# v=spf1 is casr-insensitive +# +# exim -be -none ${lookup {fred@v6.test.ex} spf {HOSTIPV4}} -temperror ${lookup {fred@test.again.dns} spf {HOSTIPV4}} -permerror ${lookup {fred@double.example.com} spf {8.8.8.8}} -permerror ${lookup {fred@doubleplus.example.com} spf {8.8.8.8}} -pass ${lookup {fred@uppercase.example.com} spf {HOSTIPV4}} +eDNS_NOMATCH none ${lookup {fred@v6.test.ex} spf {HOSTIPV4}} +eDNS_AGAIN temperror ${lookup {fred@test.again.dns} spf {HOSTIPV4}} +multiple rr permerror ${lookup {fred@double.example.com} spf {8.8.8.8}} +multi + non-spf permerror ${lookup {fred@doubleplus.example.com} spf {8.8.8.8}} +uppercase in v= pass ${lookup {fred@uppercase.example.com} spf {HOSTIPV4}} +only non-spf txt none ${lookup {fred@test.ex} spf {HOSTIPV4}} **** diff --git a/test/stdout/4601 b/test/stdout/4601 index cbb4cf502..38eefab33 100644 --- a/test/stdout/4601 +++ b/test/stdout/4601 @@ -26,9 +26,10 @@ Connecting to 127.0.0.1 port 1224 ... connected <<< 250 Accepted >>> quit End of script -> none none -> temperror temperror -> permerror permerror -> permerror permerror -> pass pass +> eDNS_NOMATCH none none +> eDNS_AGAIN temperror temperror +> multiple rr permerror permerror +> multi + non-spf permerror permerror +> uppercase in v= pass pass +> only non-spf txt none none > -- 2.30.2