SPF: fix handling mix of spf and other txt records. Bug 2499

3 files changed, 25 insertions, 14 deletions

diff --git a/src/src/spf.c b/src/src/spf.c
index 3ca289656..7192ef462 100644
--- a/src/src/spf.c
+++ b/src/src/spf.c
@@ -37,7 +37,7 @@ SPF_dns_rr_t  * spf_nxdomain = NULL;
 
 static SPF_dns_rr_t *
 SPF_dns_exim_lookup(SPF_dns_server_t *spf_dns_server,
-const char *domain, ns_type rr_type, int should_cache)
+  const char *domain, ns_type rr_type, int should_cache)
 {
 dns_answer * dnsa = store_get_dns_answer();
 dns_scan dnss;
@@ -56,22 +56,30 @@ SPF_dns_rr_t srr = {
   .hook = NULL,				/* misc information */
   .source = spf_dns_server
 };
+int dns_rc;
 
 DEBUG(D_receive) debug_printf("SPF_dns_exim_lookup '%s'\n", domain);
 
-if (dns_lookup(dnsa, US domain, rr_type, NULL) == DNS_NOMATCH)
+switch (dns_rc = dns_lookup(dnsa, US domain, rr_type, NULL))
   {
-  SPF_dns_rr_dup(&spfrr, spf_nxdomain);
-  return spfrr;
-}
+  case DNS_SUCCEED:	srr.herrno = NETDB_SUCCESS;	break;
+  case DNS_AGAIN:	srr.herrno = TRY_AGAIN;		break;
+  case DNS_NOMATCH:	srr.herrno = HOST_NOT_FOUND;	break;
+  case DNS_FAIL:
+  default:		srr.herrno = NO_RECOVERY;	break;
+  } 
 
 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
      rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
   if (rr->type == rr_type) found++;
 
-srr.num_rr = found;
+if (found == 0)
+  {
+  SPF_dns_rr_dup(&spfrr, &srr);
+  return spfrr;
+  }
+
 srr.rr = store_malloc(sizeof(SPF_dns_rr_data_t) * found);
-srr.herrno = h_errno,
 
 found = 0;
 for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
@@ -84,7 +92,7 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
     switch(rr_type)
       {
       case T_MX:
-	s += 2;			/* skip the MX precedence field */
+	s += 2;	/* skip the MX precedence field */
       case T_PTR:
 	{
 	uschar * buf = store_malloc(256);
@@ -130,6 +138,7 @@ for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
     srr.rr[found++] = (void *) s;
     }
 
+srr.num_rr = found;
 /* spfrr->rr must have been malloc()d for this */
 SPF_dns_rr_dup(&spfrr, &srr);
 return spfrr;
diff --git a/test/scripts/4600-SPF/4601 b/test/scripts/4600-SPF/4601
index 72ef10d3f..77258a8e8 100644
--- a/test/scripts/4600-SPF/4601
+++ b/test/scripts/4600-SPF/4601
@@ -30,8 +30,8 @@ killdaemon
 # - and not crash with non-spf txt records
 # v=spf1 is casr-insensitive
 exim -be
-${lookup {fred@test.again.dns} spf {HOSTIPV4}}
-${lookup {fred@double.example.com} spf {8.8.8.8}}
-${lookup {fred@doubleplus.example.com} spf {8.8.8.8}}
-${lookup {fred@uppercase.example.com} spf {HOSTIPV4}}
+temperror ${lookup {fred@test.again.dns} spf {HOSTIPV4}}
+permerror ${lookup {fred@double.example.com} spf {8.8.8.8}}
+permerror ${lookup {fred@doubleplus.example.com} spf {8.8.8.8}}
+pass      ${lookup {fred@uppercase.example.com} spf {HOSTIPV4}}
 ****
diff --git a/test/stdout/4601 b/test/stdout/4601
index 9f69eb29c..de4df33ae 100644
--- a/test/stdout/4601
+++ b/test/stdout/4601
@@ -26,6 +26,8 @@ Connecting to 127.0.0.1 port 1224 ... connected
 <<< 250 Accepted
 >>> quit
 End of script
-> permerror
-> pass
+> temperror temperror
+> permerror permerror
+> permerror permerror
+> pass      pass
 >