git » spf » commit 67a432a

Anchor subpatterns of aField/mxField/ptrField correctly

author fox.cpp
2020-07-24 15:03:54 UTC
committer Alberto Bertogli
2020-07-24 18:16:06 UTC
parent 1a21c1a2c6900c6e119922daabc2071532bd33c0
Anchor subpatterns of aField/mxField/ptrField correctly

Only first pattern was anchored. This created mismatches if "a:", "mx:",
"ptr:" are contained within rule.
"a:" is possible in IPv6 addresses, exp= use (or any rule that permits
arbitrary strings) may lead to such mismatch as well.

Amended-by: Alberto Bertogli <albertito@blitiri.com.ar>
  Added tests.
spf.go +3 -3
testdata/blitirispf-tests.yml +46 -2 
diff --git a/spf.go b/spf.go
index b8f74ed..b26a60c 100644
--- a/spf.go
+++ b/spf.go
@@ -151,9 +151,9 @@ type resolution struct {
 	ipNames []string
 }
 
-var aField = regexp.MustCompile(`^a$|a:|a/`)
-var mxField = regexp.MustCompile(`^mx$|mx:|mx/`)
-var ptrField = regexp.MustCompile(`^ptr$|ptr:`)
+var aField = regexp.MustCompile(`^(a$|a:|a/)`)
+var mxField = regexp.MustCompile(`^(mx$|mx:|mx/)`)
+var ptrField = regexp.MustCompile(`^(ptr$|ptr:)`)
 
 func (r *resolution) Check(domain string) (Result, error) {
 	r.count++
diff --git a/testdata/blitirispf-tests.yml b/testdata/blitirispf-tests.yml
index 200db62..46241e4 100644
--- a/testdata/blitirispf-tests.yml
+++ b/testdata/blitirispf-tests.yml
@@ -36,5 +36,49 @@ tests:
 zonedata:
   example.net:
     - SPF:  v=spf1 -all
-
-
+---
+description: Regexp edge cases for "a", "mx" and "ptr"
+tests:
+  ipv6-with-a:
+    description: |
+      Send from an ip6 address that has "a:" inside. If we incorrectly parse
+      the "ip6" as "a", this results in a permerror since the host doesn't
+      match.
+    mailfrom: "foobar@a1.net"
+    host: a::a
+    result: pass
+  bad-a-mask:
+    description: |
+      If we incorrectly parse the "ip6" as "a", this results in a permerror
+      due to an invalid mask.
+    mailfrom: "foobar@a2.net"
+    host: 2001:db8:ff0:100::2
+    result: softfail
+  exp-contains-mx:
+    description: exp= contains mx:, which should be ignored.
+    mailfrom: "foobar@expmx.net"
+    host: 1.2.3.4
+    result: softfail
+  exp-contains-ptr:
+    description: |
+      exp= contains ptr:, which should be ignored.
+      Note this test case involves unusual/invalid domains.
+    mailfrom: "foobar@expptr.net"
+    host: 1.2.3.4
+    result: softfail
+zonedata:
+  a1.net:
+    - SPF: v=spf1 ip6:a::a ~all
+  a2.net:
+    - SPF: v=spf1 ip6:1a0a:cccc::/29 ~all
+  expmx.net:
+    - SPF: v=spf1 exp=mx:mymx.com ~all
+    - MX: [10, mymx.com]
+  mymx.com:
+    - A: 1.2.3.4
+  expptr.net:
+    - SPF: v=spf1 exp=ptr:lalala.com ~all
+  4.3.2.1.in-addr.arpa:
+    - PTR: ptr:lalala.com.
+  ptr:lalala.com:
+    - A: 1.2.3.4