[milters] Archive

Lists Index Date Thread Search

Article: 698
From: Anthony Howe
Date: 2005-08-16 04:51:45 -0400
Subject: Re: Memory Error in spf.c libsnert-1.50

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Jan Holmberg wrote:
> Hi all,
> 
> Found some memory bugg in spf.c in function spfCheck(spfContext *ctx, 
> const char *domain).
> Double release when jumping via goto error5,  just before Dnsget calls.
> Move all VectorDestroy(entries); before Dnsget calls.
Thank you for the bug report. Here is the patch based on the suggested fix.

	cd com/snert/src/lib
	patch <spf.patch
	make build
	cd ../milter-spiff
	make clean install

-- 
Anthony C Howe                                 +33 6 11 89 73 78
http://www.snert.com/       ICQ:
7116561         AIM: Sir Wumpus

Sendmail Anti-Spam Solutions           http://www.snertsoft.com/
                                             We Serve Your Server


-- Attached file included as plaintext by Ecartis --
-- File: spf.patch

--- mail/spf.c.orig	2005-08-16 10:35:20.515625000 +0200
+++ mail/spf.c	2005-08-16 10:35:45.046875000 +0200
@@ -410,7 +410,6 @@
 		}
 
 		else if (TextInsensitiveCompareN(term , "a", 1) == 0) {
-			VectorDestroy(entries);
 			if ((target = spfMacro(ctx, domain, term+1)) == NULL) {
 				qualifier = SPF_PERM_ERROR;
 				err = spfErrorSyntax;
@@ -423,6 +422,7 @@
 				goto error5;
 			}
 
+			VectorDestroy(entries);
 			if ((entries = DnsGet(dns, DNS_TYPE_A, 1, target)) == NULL) {
 				if ((entries = DnsGet(dns, DNS_TYPE_AAAA, 1, target)) == NULL) {
 					if (DnsGetReturnCode(dns) == DNS_RCODE_UNDEFINED)
@@ -438,7 +438,6 @@
 		}
 
 		else if (TextInsensitiveCompareN(term , "mx", 2) == 0) {
-			VectorDestroy(entries);
 			if ((target = spfMacro(ctx, domain, term+2)) == NULL) {
 				qualifier = SPF_PERM_ERROR;
 				err = spfErrorSyntax;
@@ -451,6 +450,7 @@
 				goto error5;
 			}
 
+			VectorDestroy(entries);
 			if ((entries = DnsGet(dns, DNS_TYPE_MX, 1, target)) == NULL) {
 				if (DnsGetReturnCode(dns) == DNS_RCODE_UNDEFINED)
 					continue;
@@ -464,7 +464,6 @@
 		}
 
 		else if (TextInsensitiveCompareN(term , "ptr", 3) == 0) {
-			VectorDestroy(entries);
 			if ((target = spfMacro(ctx, domain, term+3)) == NULL) {
 				qualifier = SPF_PERM_ERROR;
 				err = spfErrorSyntax;
@@ -477,6 +476,7 @@
 				goto error5;
 			}
 
+			VectorDestroy(entries);
 			if ((entries = DnsGet(dns, DNS_TYPE_PTR, 1, ctx->ip)) == NULL) {
 				if (DnsGetReturnCode(dns) == DNS_RCODE_UNDEFINED)
 					continue;
@@ -550,7 +550,6 @@
 		}
 
 		else if (TextInsensitiveCompareN(term , "exists:", 7) == 0) {
-			VectorDestroy(entries);
 			if ((target = spfMacro(ctx, domain, term+7)) == NULL) {
 				qualifier = SPF_PERM_ERROR;
 				err = spfErrorSyntax;
@@ -563,6 +562,7 @@
 				goto error5;
 			}
 
+			VectorDestroy(entries);
 			if ((entries = DnsGet(dns, DNS_TYPE_A, 1, target)) == NULL) {
 				if (DnsGetReturnCode(dns) == DNS_RCODE_UNDEFINED)
 					continue;


Lists Index Date Thread Search