File cve-2020-12272.patch of Package opendkim

Description: LIBOPENDKIM: Confirm that the value of "d=" is properly formed.
Author: Murray S. Kucherawy <msk@trusteddomain.org>
Origin: upstream, https://github.com/trusteddomainproject/OpenDKIM/commit/14d54524e0a97d3fe9b80441907d7e356c9ded04

--- a/libopendkim/dkim.c
+++ b/libopendkim/dkim.c
@@ -775,6 +775,25 @@
 			return DKIM_STAT_SYNTAX;
 		}
 
+		/* confirm the "d=" domain name is well formed */
+		value = dkim_param_get(set, (u_char *) "d");
+		for (p = value; *p != '\0'; p++)
+		{
+			if (!(isalpha(*p) ||
+			      isdigit(*p) ||
+			      *p == '-' ||
+			      *p == '_' ||
+			      *p == '.'))
+			{
+				dkim_error(dkim, "malformed \"d=\" tag value");
+				if (syntax)
+					dkim_set_free(dkim, set);
+				else
+					set->set_bad = TRUE;
+				return DKIM_STAT_SYNTAX;
+			}
+		}
+
 #ifdef _FFR_CONDITIONAL
 		/* confirm we have the right signature version */
 		if (set->set_minv > 1)

Places

File cve-2020-12272.patch of Package opendkim

Places