diff options
author | Sunil Nimmagadda <sunil@cvs.openbsd.org> | 2018-04-09 11:09:41 +0000 |
---|---|---|
committer | Sunil Nimmagadda <sunil@cvs.openbsd.org> | 2018-04-09 11:09:41 +0000 |
commit | 8b765a6f71edb5150965be4c38f0e7d27fc38251 (patch) | |
tree | 4f402cff34b3119afc190be8fc7f950ff5dd8f43 /usr.sbin/smtpd | |
parent | 08cdf8ea23120d5bc52dc3ca561fb8f8c9b5e4b5 (diff) |
Check for legitimate IPv4, IPv6 addrs before printing.
Ryan Kavanagh reported on github that certain domains have misconfigured
SPF records. https://github.com/OpenSMTPD/OpenSMTPD/issues/844
Ok millert@ gilles@
Diffstat (limited to 'usr.sbin/smtpd')
-rw-r--r-- | usr.sbin/smtpd/spfwalk.c | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/usr.sbin/smtpd/spfwalk.c b/usr.sbin/smtpd/spfwalk.c index 83a675959b5..a9c21ef8974 100644 --- a/usr.sbin/smtpd/spfwalk.c +++ b/usr.sbin/smtpd/spfwalk.c @@ -138,6 +138,7 @@ dispatch_record(struct asr_result *ar, void *arg) void dispatch_txt(struct dns_rr *rr) { + struct in6_addr ina; char buf[4096]; char buf2[512]; char *in = buf; @@ -168,22 +169,26 @@ dispatch_txt(struct dns_rr *rr) continue; if (strncasecmp("ip4:", *ap, 4) == 0) { - if (ip_v4 == 1 || ip_both == 1) + if ((ip_v4 == 1 || ip_both == 1) && + inet_pton(AF_INET, *(ap) + 4, &ina) == 1) printf("%s\n", *(ap) + 4); continue; } if (strncasecmp("ip6:", *ap, 4) == 0) { - if (ip_v6 == 1 || ip_both == 1) + if ((ip_v6 == 1 || ip_both == 1) && + inet_pton(AF_INET6, *(ap) + 4, &ina) == 1) printf("%s\n", *(ap) + 4); continue; } if (strncasecmp("+ip4:", *ap, 5) == 0) { - if (ip_v4 == 1 || ip_both == 1) + if ((ip_v4 == 1 || ip_both == 1) && + inet_pton(AF_INET, *(ap) + 5, &ina) == 1) printf("%s\n", *(ap) + 5); continue; } if (strncasecmp("+ip6:", *ap, 5) == 0) { - if (ip_v6 == 1 || ip_both == 1) + if ((ip_v6 == 1 || ip_both == 1) && + inet_pton(AF_INET6, *(ap) + 5, &ina) == 1) printf("%s\n", *(ap) + 5); continue; } |