From 6966743c01064128f35a2d91c17767b6f35c3708 Mon Sep 17 00:00:00 2001
From: thegushi <github@gushi.org>
Date: Thu, 18 Mar 2021 13:22:55 -0700
Subject: [PATCH] don't crash on semicolon in opendmarc-arcares.  Patch from
 dilyanpalauzov

---
 conf_refcnt                   | 212 ++++++++++++++++++++++++++++++++++
 opendmarc/opendmarc-arcares.c |   2 +
 2 files changed, 214 insertions(+)
 create mode 100644 conf_refcnt

diff --git a/conf_refcnt b/conf_refcnt
new file mode 100644
index 0000000..555ad55
--- /dev/null
+++ b/conf_refcnt
@@ -0,0 +1,212 @@
+m4/ac_pthread.m4:#        http://www.gnu.org/software/autoconf-archive/ax_pthread.html
+opendmarc/opendmarc.c:				conf->conf_authservid = strdup(myhostname);
+opendmarc/opendmarc.c:				conf->conf_authservid = strdup(str);
+opendmarc/opendmarc.c:			dmarcf_mkarray(str, ",", &conf->conf_trustedauthservids);
+opendmarc/opendmarc.c:			dmarcf_mkarray(str, ",", &conf->conf_ignoredomains);
+opendmarc/opendmarc.c:		                  &conf->conf_authservidwithjobid,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_authservidwithjobid);
+opendmarc/opendmarc.c:		                  &conf->conf_copyfailsto,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_copyfailsto);
+opendmarc/opendmarc.c:		if (conf->conf_dnstimeout == DEFTIMEOUT)
+opendmarc/opendmarc.c:			                  &conf->conf_dnstimeout,
+opendmarc/opendmarc.c:			                  sizeof conf->conf_dnstimeout);
+opendmarc/opendmarc.c:		                  &conf->conf_enablecores,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_enablecores);
+opendmarc/opendmarc.c:		                  &conf->conf_spfignoreresults,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_spfignoreresults);
+opendmarc/opendmarc.c:		                  &conf->conf_spfselfvalidate,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_spfselfvalidate);
+opendmarc/opendmarc.c:		                  &conf->conf_rejectfail,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_rejectfail);
+opendmarc/opendmarc.c:		                  &conf->conf_reqhdrs,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_reqhdrs);
+opendmarc/opendmarc.c:		                  &conf->conf_afrf,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_afrf);
+opendmarc/opendmarc.c:		                  &conf->conf_reject_multi_from,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_reject_multi_from);
+opendmarc/opendmarc.c:		                  &conf->conf_afrfnone,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_afrfnone);
+opendmarc/opendmarc.c:		                  &conf->conf_afrfas,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_afrfas);
+opendmarc/opendmarc.c:		                  &conf->conf_afrfbcc,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_afrfbcc);
+opendmarc/opendmarc.c:		                  &conf->conf_recordall,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_recordall);
+opendmarc/opendmarc.c:				  &conf->conf_holdquarantinedmessages,
+opendmarc/opendmarc.c:				  sizeof conf->conf_holdquarantinedmessages);
+opendmarc/opendmarc.c:		                  &conf->conf_ignoreauthclients,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_ignoreauthclients);
+opendmarc/opendmarc.c:		                  &conf->conf_reportcmd,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_reportcmd);
+opendmarc/opendmarc.c:		                  &conf->conf_pslist,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_pslist);
+opendmarc/opendmarc.c:		if (!conf->conf_dolog)
+opendmarc/opendmarc.c:			(void) config_get(data, "Syslog", &conf->conf_dolog,
+opendmarc/opendmarc.c:			                  sizeof conf->conf_dolog);
+opendmarc/opendmarc.c:		if (!conf->conf_addswhdr)
+opendmarc/opendmarc.c:			                  &conf->conf_addswhdr,
+opendmarc/opendmarc.c:			                  sizeof conf->conf_addswhdr);
+opendmarc/opendmarc.c:		                  &conf->conf_historyfile,
+opendmarc/opendmarc.c:		                  sizeof conf->conf_historyfile);
+opendmarc/opendmarc.c:	if (conf->conf_trustedauthservids == NULL &&
+opendmarc/opendmarc.c:	    conf->conf_authservid != NULL)
+opendmarc/opendmarc.c:		dmarcf_mkarray(conf->conf_authservid, ",",
+opendmarc/opendmarc.c:		               &conf->conf_trustedauthservids);
+opendmarc/opendmarc.c:	if (conf->conf_dolog)
+opendmarc/opendmarc.c:	conf->conf_domainwhitelisthashcount = 0;
+opendmarc/opendmarc.c:		if (!dmarcf_addlist_csv(whitelist, ",", &conf->conf_domainwhitelist))
+opendmarc/opendmarc.c:		                     &conf->conf_domainwhitelist))
+opendmarc/opendmarc.c:	for (cur = conf->conf_domainwhitelist;
+opendmarc/opendmarc.c:			conf->conf_domainwhitelisthashcount++;
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_refcnt == 0)
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:	curconf->conf_refcnt++;
+opendmarc/opendmarc.c:	if (conf->conf_copyfailsto != NULL)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		conf->conf_refcnt--;
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:		curconf->conf_refcnt++;
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:		if (!conf->conf_spfselfvalidate)
+opendmarc/opendmarc.c:	if (conf->conf_ignoreauthclients &&
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:			if (no_i_whine && conf->conf_dolog)
+opendmarc/opendmarc.c:	authservid = conf->conf_authservid;
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:	if (conf->conf_reqhdrs && reqhdrs_error != NULL)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:			if (conf->conf_reject_multi_from)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_reqhdrs)
+opendmarc/opendmarc.c:	if (conf->conf_ignoredomains != NULL &&
+opendmarc/opendmarc.c:	    dmarcf_match(domain, conf->conf_ignoredomains, TRUE))
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:		    (conf->conf_trustedauthservids == NULL ||
+opendmarc/opendmarc.c:		     !dmarcf_match(ar.ares_host, conf->conf_trustedauthservids,
+opendmarc/opendmarc.c:			if (!conf->conf_authservidwithjobid)
+opendmarc/opendmarc.c:				if (conf->conf_dolog)
+opendmarc/opendmarc.c:				if (conf->conf_dolog)
+opendmarc/opendmarc.c:			     (conf->conf_trustedauthservids == NULL ||
+opendmarc/opendmarc.c:			                    conf->conf_trustedauthservids,
+opendmarc/opendmarc.c:				if (conf->conf_dolog)
+opendmarc/opendmarc.c:			    && !conf->conf_spfignoreresults
+opendmarc/opendmarc.c:					if (conf->conf_dolog)
+opendmarc/opendmarc.c:					if (conf->conf_dolog)
+opendmarc/opendmarc.c:					if (conf->conf_dolog)
+opendmarc/opendmarc.c:					if (conf->conf_dolog)
+opendmarc/opendmarc.c:				    conf->conf_domainwhitelisthashcount > 0)
+opendmarc/opendmarc.c:	    && !conf->conf_spfignoreresults
+opendmarc/opendmarc.c:		if (conf->conf_spfselfvalidate)
+opendmarc/opendmarc.c:				if (conf->conf_dolog)
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:	     (conf->conf_afrfnone && policy == DMARC_POLICY_NONE)) &&
+opendmarc/opendmarc.c:	    conf->conf_afrf &&
+opendmarc/opendmarc.c:	    (conf->conf_afrfbcc != NULL || ruv != NULL))
+opendmarc/opendmarc.c:				if (conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_afrfas != NULL)
+opendmarc/opendmarc.c:			                      conf->conf_afrfas);
+opendmarc/opendmarc.c:		if (conf->conf_afrfbcc != NULL)
+opendmarc/opendmarc.c:				                   conf->conf_afrfbcc);
+opendmarc/opendmarc.c:			if (ruv != NULL && conf->conf_afrfbcc != NULL)
+opendmarc/opendmarc.c:				                   conf->conf_afrfbcc);
+opendmarc/opendmarc.c:			out = popen(conf->conf_reportcmd, "w");
+opendmarc/opendmarc.c:				if (conf->conf_dolog)
+opendmarc/opendmarc.c:				if (status != 0 && conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_rejectfail &&
+opendmarc/opendmarc.c:			if (status != MI_SUCCESS && conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_copyfailsto != NULL)
+opendmarc/opendmarc.c:			status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto);
+opendmarc/opendmarc.c:			if (status != MI_SUCCESS && conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_rejectfail && conf->conf_holdquarantinedmessages && random() % 100 < pct)
+opendmarc/opendmarc.c:			if (status != MI_SUCCESS && conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_copyfailsto != NULL)
+opendmarc/opendmarc.c:			status = dmarcf_addrcpt(ctx, conf->conf_copyfailsto);
+opendmarc/opendmarc.c:			if (status != MI_SUCCESS && conf->conf_dolog)
+opendmarc/opendmarc.c:	    conf->conf_dolog)
+opendmarc/opendmarc.c:		if (conf->conf_dolog)
+opendmarc/opendmarc.c:	if (conf->conf_dolog)
+opendmarc/opendmarc.c:		         conf->conf_authservidwithjobid ? "/" : "",
+opendmarc/opendmarc.c:		         conf->conf_authservidwithjobid ? dfc->mctx_jobid : "",
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:	if (conf->conf_historyfile != NULL &&
+opendmarc/opendmarc.c:	    (conf->conf_recordall || ostatus != DMARC_DNS_ERROR_NO_RECORD))
+opendmarc/opendmarc.c:		f = fopen(conf->conf_historyfile, "a");
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:				       conf->conf_historyfile,
+opendmarc/opendmarc.c:			       conf->conf_historyfile,
+opendmarc/opendmarc.c:		if (ferror(f) && conf->conf_dolog)
+opendmarc/opendmarc.c:			       conf->conf_historyfile,
+opendmarc/opendmarc.c:			       conf->conf_historyfile,
+opendmarc/opendmarc.c:	if (conf->conf_addswhdr)
+opendmarc/opendmarc.c:			if (conf->conf_dolog)
+opendmarc/opendmarc.c:	assert(conf->conf_refcnt == 0);
+opendmarc/opendmarc.c:	if (conf->conf_data != NULL)
+opendmarc/opendmarc.c:		config_free(conf->conf_data);
+opendmarc/opendmarc.c:	if (conf->conf_ignoredomains != NULL)
+opendmarc/opendmarc.c:		dmarcf_freearray(conf->conf_ignoredomains);
+opendmarc/opendmarc.c:	if (conf->conf_trustedauthservids != NULL)
+opendmarc/opendmarc.c:		dmarcf_freearray(conf->conf_trustedauthservids);
+opendmarc/opendmarc.c:	if (conf->conf_authservid != NULL)
+opendmarc/opendmarc.c:		free(conf->conf_authservid);
+opendmarc/opendmarc.c:	if (conf->conf_domainwhitelisthashcount > 0)
+opendmarc/opendmarc.c:		dmarcf_freelist(conf->conf_domainwhitelist);
+opendmarc/opendmarc.c:			curconf->conf_dolog = TRUE;
+opendmarc/opendmarc.c:	dolog = curconf->conf_dolog;
+opendmarc/opendmarc.c:	curconf->conf_data = cfg;
+opendmarc/opendmarc.c:		curconf->conf_dolog = FALSE;
+opendmarc/opendmarc.c:					if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:	if (curconf->conf_enablecores)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:					if (curconf->conf_dolog)
+opendmarc/opendmarc.c:							                curconf->conf_dolog);
+opendmarc/opendmarc.c:							                curconf->conf_dolog);
+opendmarc/opendmarc.c:					if (wpid != -1 && curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:				if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:			if (curconf->conf_dolog)
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:	if (curconf->conf_pslist != NULL)
+opendmarc/opendmarc.c:		strncpy(libopendmarc.tld_source_file, curconf->conf_pslist,
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:	if (curconf->conf_dolog)
+opendmarc/opendmarc.c:		     curconf->conf_trustedauthservids != NULL &&
+opendmarc/opendmarc.c:		     curconf->conf_trustedauthservids[c] != NULL;
+opendmarc/opendmarc.c:				        curconf->conf_trustedauthservids[c],
+opendmarc/opendmarc.c:				        curconf->conf_trustedauthservids[c],
+opendmarc/opendmarc.c:		if (curconf->conf_dolog)
+opendmarc/opendmarc.c:	if (curconf->conf_dolog)
diff --git a/opendmarc/opendmarc-arcares.c b/opendmarc/opendmarc-arcares.c
index aafd6b6..56f5da7 100644
--- a/opendmarc/opendmarc-arcares.c
+++ b/opendmarc/opendmarc-arcares.c
@@ -171,6 +171,8 @@ opendmarc_arcares_parse (u_char *hdr, struct arcares *aar)
 
 		leading_space_len = strspn(token, " \n\t");
 		token_ptr = token + leading_space_len;
+		if (*token_ptr == '\0')
+		        return 0;
 		tag_label = strsep(&token_ptr, "=");
 		tag_value = token_ptr;
 		tag_code = opendmarc_arcares_convert(aar_tags, tag_label);