From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Sat, 30 Sep 2023 12:18:51 +0100
Subject: [PATCH] Fix integer underflow

---
 src/libspf2/spf_compile.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
index b08ffe2..d401028 100644
--- a/src/libspf2/spf_compile.c
+++ b/src/libspf2/spf_compile.c
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
 			/* Magic numbers for x/Nc in gdb. */					\
 			data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe;	\
 			dst = SPF_data_str( data );								\
-			ds_avail = _avail - sizeof(SPF_data_t);					\
+			if ((_avail) < sizeof(SPF_data_t))						\
+				return SPF_response_add_error_ptr(spf_response,		\
+									SPF_E_BIG_STRING, NULL, src,	\
+								"Out of memory for string literal");\
+			ds_avail = (_avail) - sizeof(SPF_data_t);				\
 			ds_len = 0;												\
 		} while(0)
 
From faa9e02887e20d37e112c4ce7df34366e4f2fa2f Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Mon, 2 Oct 2023 19:34:38 +0100
Subject: [PATCH] Used a fixed size buffer for DNS responses instead of
 doubling memory use

---
 src/libspf2/spf_dns_resolv.c | 21 +++------------------
 1 file changed, 3 insertions(+), 18 deletions(-)

diff --git a/src/libspf2/spf_dns_resolv.c b/src/libspf2/spf_dns_resolv.c
index 9dacafe..ec687b8 100644
--- a/src/libspf2/spf_dns_resolv.c
+++ b/src/libspf2/spf_dns_resolv.c
@@ -268,7 +268,7 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
 	}
 #endif
 
-	responselen = 2048;
+	responselen = 65536;
 	responsebuf = (u_char *)malloc(responselen);
 	if (! responsebuf)
 		return NULL;	/* NULL always means OOM from DNS lookup. */
@@ -319,23 +319,8 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
 							domain, rr_type, 0, SPF_h_errno);
 		}
 		else if (dns_len > responselen) {
-			void	*tmp;
-			/* We managed a lookup but our buffer was too small. */
-			responselen = dns_len + (dns_len >> 1);
-#if 0
-			/* Sanity-trap - we should never hit this. */
-			if (responselen > 1048576) {	/* One megabyte. */
-				free(responsebuf);
-				return SPF_dns_rr_new_init(spf_dns_server,
-								domain, rr_type, 0, SPF_h_errno);
-			}
-#endif
-			tmp = realloc(responsebuf, responselen);
-			if (!tmp) {
-				free(responsebuf);
-				return NULL;
-			}
-			responsebuf = tmp;
+			free(responsebuf);
+			return NULL;
 		}
 		else {
 			/* We managed a lookup, and our buffer was large enough. */
From 1bd4c108b63927cd1229760e30936160d050d997 Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Mon, 2 Oct 2023 19:37:00 +0100
Subject: [PATCH] Allocate memory for string when the buffer is NULL

These can't ever be NULL but scan-build complains about them.
---
 src/libspf2/spf_dns_cache.c | 2 +-
 src/libspf2/spf_get_exp.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/libspf2/spf_dns_cache.c b/src/libspf2/spf_dns_cache.c
index 16c9819..50d2660 100644
--- a/src/libspf2/spf_dns_cache.c
+++ b/src/libspf2/spf_dns_cache.c
@@ -327,7 +327,7 @@ SPF_dns_cache_rr_fixup(SPF_dns_cache_config_t *spfhook,
 		char	*new_domain;
 		size_t	 new_len = strlen(domain) + 1;
 
-		if (cached_rr->domain_buf_len < new_len) {
+		if (cached_rr->domain == NULL || cached_rr->domain_buf_len < new_len) {
 			new_domain = realloc(cached_rr->domain, new_len);
 			if (new_domain == NULL)
 				return SPF_E_NO_MEMORY;
diff --git a/src/libspf2/spf_get_exp.c b/src/libspf2/spf_get_exp.c
index f4b5055..4a663e4 100644
--- a/src/libspf2/spf_get_exp.c
+++ b/src/libspf2/spf_get_exp.c
@@ -62,7 +62,7 @@ SPF_server_get_default_explanation(SPF_server_t *spf_server,
 	}
 	else {
 		size_t	len = sizeof(SPF_LAME_EXP) + 1;
-		if (*buflenp < len) {
+		if (*bufp == NULL || *buflenp < len) {
 			char	*tmp = realloc(*bufp, len);
 			if (tmp == NULL)
 				return SPF_E_NO_MEMORY;
From 36c3af1dcfeb6c987dac00161f2ed57c6a42ed03 Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Sat, 30 Sep 2023 11:40:47 +0100
Subject: [PATCH] Use correct integer size for format string

---
 src/libspf2/spf_compile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
index b08ffe2..ba3d804 100644
--- a/src/libspf2/spf_compile.c
+++ b/src/libspf2/spf_compile.c
@@ -604,7 +604,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
 
 		default:
 			if (spf_server->debug > 3)
-				SPF_debugf("Adding illegal %%-follower '%c' at %d",
+				SPF_debugf("Adding illegal %%-follower '%c' at %zu",
 				src[idx], idx);
 			/* SPF spec says to treat it as a literal, not
 			 * SPF_E_INVALID_ESC */