From 6f47da8d2d526953e8e6403f448d1598c9140df1 Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 17 Oct 2019 14:09:18 +0100 Subject: [PATCH] ARC: harden versus badly-formatted AMS line --- src/src/arc.c | 26 ++++++++++++++++++++------ src/src/pdkim/pdkim.c | 2 ++ 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/src/src/arc.c b/src/src/arc.c index 773b34c28..b7fcb116a 100644 --- a/src/src/arc.c +++ b/src/src/arc.c @@ -544,7 +544,8 @@ hctx hhash_ctx; const uschar * s; int len; -if (!exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod)) +if ( hashtype == -1 + || !exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod)) { DEBUG(D_acl) debug_printf("ARC: hash setup error, possibly nonhandled hashtype\n"); @@ -639,7 +640,7 @@ return p; static pdkim_bodyhash * arc_ams_setup_vfy_bodyhash(arc_line * ams) { -int canon_head, canon_body; +int canon_head = -1, canon_body = -1; long bodylen; if (!ams->c.data) ams->c.data = US"simple"; /* RFC 6376 (DKIM) default */ @@ -745,6 +746,11 @@ if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx))) } hashtype = pdkim_hashname_to_hashtype(ams->a_hash.data, ams->a_hash.len); +if (hashtype == -1) + { + DEBUG(D_acl) debug_printf("ARC i=%d AMS verify bad a_hash\n", as->instance); + return as->ams_verify_done = arc_state_reason = US"AMS sig nonverify"; + } if ((errstr = exim_dkim_verify(&vctx, pdkim_hashes[hashtype].exim_hashmethod, &hhash, &sighash))) @@ -871,7 +877,8 @@ if ( as->instance == 1 && !arc_cv_match(hdr_as, US"none") hashtype = pdkim_hashname_to_hashtype(hdr_as->a_hash.data, hdr_as->a_hash.len); -if (!exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod)) +if ( hashtype == -1 + || !exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod)) { DEBUG(D_acl) debug_printf("ARC: hash setup error, possibly nonhandled hashtype\n"); @@ -966,8 +973,6 @@ if ((errstr = exim_dkim_verify_init(&p->key, KEYFMT_DER, &vctx))) return US"fail"; } -hashtype = pdkim_hashname_to_hashtype(hdr_as->a_hash.data, hdr_as->a_hash.len); - if ((errstr = exim_dkim_verify(&vctx, pdkim_hashes[hashtype].exim_hashmethod, &hhash_computed, &sighash))) @@ -1738,7 +1743,13 @@ memset(&al, 0, sizeof(arc_line)); if ((errstr = arc_parse_line(&al, &h, ARC_HDRLEN_AMS, FALSE))) { DEBUG(D_acl) if (errstr) debug_printf("ARC: %s\n", errstr); - return US"line parsing error"; + goto badline; + } + +if (!al.a_hash.data) + { + DEBUG(D_acl) debug_printf("ARC: no a_hash from '%.*s'\n", h.slen, h.text); + goto badline; } /* defaults */ @@ -1757,6 +1768,9 @@ if (!(b = arc_ams_setup_vfy_bodyhash(&al))) should have been created here. */ return NULL; + +badline: + return US"line parsing error"; } diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 9fa38b3e7..7fcfbc76a 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -2029,6 +2029,8 @@ pdkim_set_bodyhash(pdkim_ctx * ctx, int hashtype, int canon_method, { pdkim_bodyhash * b; +if (hashtype == -1 || canon_method == -1) return NULL; + for (b = ctx->bodyhash; b; b = b->next) if ( hashtype == b->hashtype && canon_method == b->canon_method -- 2.25.1