Package: libspf2-2 Version: 1.2.10-7.1~deb11u1 Severity: normal Tags: patch upstream X-Debbugs-Cc: moritz_cku_schnei...@web.de
There is a bug in the expansion of macros in SPF resource records. If there is no delimiter present in the string that is used for the macro expansion the expanded string is truncated by one character. This might cause a failed SPF result, or much worse it can cause a SPF success , where it should in reality be a failed result. The bug is not only in the (up to date) Debian version, but also in the upstream version. Hence I've already created a upstream issue, which you can follow here: https://github.com/shevek/libspf2/issues/42 Unfortunately the libspf2 upstream repository seems not so good maintained anymore. So it would be a good idea to include this at least in the Debian build. I've build a local backport and already made a quilt patch for this bug, which I've also attached to this issue. Kind regards Moritz -- System Information: Debian Release: 11.7 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-0.deb11.7-amd64 (SMP w/12 CPU threads; PREEMPT) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages libspf2-2 depends on: ii libc6 2.31-13+deb11u6 libspf2-2 recommends no packages. libspf2-2 suggests no packages. -- no debconf information
src/libspf2/spf_expand.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) Only remove a delimiter in macro expansion if a delimiter was found Some macros are truncated by on character if expanded on input strings without a delimiter. This commit will fix that. --- a/src/libspf2/spf_expand.c +++ b/src/libspf2/spf_expand.c @@ -354,7 +354,13 @@ break; p_write--; } - p_write++; /* Move to just after the '.' */ + /* Move to just after the '.', but only if we have found at least + * one '.' in the string. For a string without any delimiter + * inside there is no '.' to remove, otherwise we would remove a + * character from the payload */ + if (num_found != 0) { + p_write++; + } /* This moves the '\0' as well. */ len = p_read_end - p_write; memmove(munged_var, p_write, len + 1);