commit d842ff09fd5fa3ce9c1758b7d803bf7ee61cbdc5
from: Martijn van Duren <martijn@openbsd.org>
date: Sun Mar 27 08:21:03 2022 UTC

Add more error checking in key parsing

commit - bccb8fb35c697c583abdee892a15b971dcb79b1b
commit + d842ff09fd5fa3ce9c1758b7d803bf7ee61cbdc5
blob - 4325ae5be33d0c181464c92c90d79467bfa0f1f9
blob + ddd4586b1cd8c9c4c7594653bd758b4aef1115b3
--- main.c
+++ main.c
@@ -1197,7 +1197,8 @@ dkim_key_text_parse(struct signature *sig, const char 
 	}
 	while (key[0] != '\0') {
 		key = osmtpd_ltok_skip_fws(key, 1);
-		end = osmtpd_ltok_skip_tag_name(key, 0);
+		if ((end = osmtpd_ltok_skip_tag_name(key, 0)) == NULL)
+			return 0;
 
 		if ((size_t)(end - key) != 1)
 			tagname = '\0';
@@ -1205,9 +1206,11 @@ dkim_key_text_parse(struct signature *sig, const char 
 			tagname = key[0];
 		key = osmtpd_ltok_skip_fws(end, 1);
 		/* '=' */
-		key++;
-		key = osmtpd_ltok_skip_fws(key, 1);
-		end = osmtpd_ltok_skip_tag_value(key, 0);
+		if (key != '=')
+			return 0;
+		key = osmtpd_ltok_skip_fws(key + 1, 1);
+		if ((end = osmtpd_ltok_skip_tag_value(key, 0)) == NULL)
+			return 0;
 		switch (tagname) {
 		case 'v':
 			/* tagname in wrong position */