summaryrefslogtreecommitdiff
path: root/usr.sbin/smtpd
diff options
context:
space:
mode:
authorSunil Nimmagadda <sunil@cvs.openbsd.org>2018-04-09 11:09:41 +0000
committerSunil Nimmagadda <sunil@cvs.openbsd.org>2018-04-09 11:09:41 +0000
commit8b765a6f71edb5150965be4c38f0e7d27fc38251 (patch)
tree4f402cff34b3119afc190be8fc7f950ff5dd8f43 /usr.sbin/smtpd
parent08cdf8ea23120d5bc52dc3ca561fb8f8c9b5e4b5 (diff)
Check for legitimate IPv4, IPv6 addrs before printing.
Ryan Kavanagh reported on github that certain domains have misconfigured SPF records. https://github.com/OpenSMTPD/OpenSMTPD/issues/844 Ok millert@ gilles@
Diffstat (limited to 'usr.sbin/smtpd')
-rw-r--r--usr.sbin/smtpd/spfwalk.c13
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c
index 83a675959b5..a9c21ef8974 100644
--- a/usr.sbin/smtpd/spfwalk.c
+++ b/usr.sbin/smtpd/spfwalk.c
@@ -138,6 +138,7 @@ dispatch_record(struct asr_result *ar, void *arg)
void
dispatch_txt(struct dns_rr *rr)
{
+ struct in6_addr ina;
char buf[4096];
char buf2[512];
char *in = buf;
@@ -168,22 +169,26 @@ dispatch_txt(struct dns_rr *rr)
continue;
if (strncasecmp("ip4:", *ap, 4) == 0) {
- if (ip_v4 == 1 || ip_both == 1)
+ if ((ip_v4 == 1 || ip_both == 1) &&
+ inet_pton(AF_INET, *(ap) + 4, &ina) == 1)
printf("%s\n", *(ap) + 4);
continue;
}
if (strncasecmp("ip6:", *ap, 4) == 0) {
- if (ip_v6 == 1 || ip_both == 1)
+ if ((ip_v6 == 1 || ip_both == 1) &&
+ inet_pton(AF_INET6, *(ap) + 4, &ina) == 1)
printf("%s\n", *(ap) + 4);
continue;
}
if (strncasecmp("+ip4:", *ap, 5) == 0) {
- if (ip_v4 == 1 || ip_both == 1)
+ if ((ip_v4 == 1 || ip_both == 1) &&
+ inet_pton(AF_INET, *(ap) + 5, &ina) == 1)
printf("%s\n", *(ap) + 5);
continue;
}
if (strncasecmp("+ip6:", *ap, 5) == 0) {
- if (ip_v6 == 1 || ip_both == 1)
+ if ((ip_v6 == 1 || ip_both == 1) &&
+ inet_pton(AF_INET6, *(ap) + 5, &ina) == 1)
printf("%s\n", *(ap) + 5);
continue;
}