From 2743abb406ecde4c36d0c356aeaec3b6df51bb0d Mon Sep 17 00:00:00 2001 From: John Duprey Date: Wed, 12 Apr 2023 15:33:46 -0400 Subject: [PATCH] Prevent infinite loop in includes --- DNSHealth/Public/Records/Read-SPFRecord.ps1 | 38 ++++++++++++--------- 1 file changed, 21 insertions(+), 17 deletions(-) diff --git a/DNSHealth/Public/Records/Read-SPFRecord.ps1 b/DNSHealth/Public/Records/Read-SPFRecord.ps1 index 17788bd..b79595f 100644 --- a/DNSHealth/Public/Records/Read-SPFRecord.ps1 +++ b/DNSHealth/Public/Records/Read-SPFRecord.ps1 @@ -212,25 +212,29 @@ function Read-SpfRecord { # Include mechanism elseif ($Term -match '^(?[+-~?])?include:(?.+)$') { - $LookupCount++ - Write-Verbose '-----INCLUDE-----' - Write-Verbose "Looking up include $($Matches.Value)" - $IncludeLookup = Read-SpfRecord -Domain $Matches.Value -Level 'Include' - - if ([string]::IsNullOrEmpty($IncludeLookup.Record) -and $Level -eq 'Parent') { - Write-Verbose '-----END INCLUDE (SPF MISSING)-----' - $ValidationFails.Add("Include lookup for $($Matches.Value) does not contain a SPF record, this will result in a failure.") | Out-Null + if ($Matches.Value -ne $Domain) { + $LookupCount++ + Write-Verbose '-----INCLUDE-----' + Write-Verbose "Looking up include $($Matches.Value)" + $IncludeLookup = Read-SpfRecord -Domain $Matches.Value -Level 'Include' + + if ([string]::IsNullOrEmpty($IncludeLookup.Record) -and $Level -eq 'Parent') { + Write-Verbose '-----END INCLUDE (SPF MISSING)-----' + $ValidationFails.Add("Include lookup for $($Matches.Value) does not contain a SPF record, this will result in a failure.") | Out-Null + $Status = 'permerror' + } else { + Write-Verbose '-----END INCLUDE (SPF FOUND)-----' + $RecordList.Add($IncludeLookup) | Out-Null + $ValidationFails.AddRange([string[]]$IncludeLookup.ValidationFails) | Out-Null + $ValidationWarns.AddRange([string[]]$IncludeLookup.ValidationWarns) | Out-Null + $ValidationPasses.AddRange([string[]]$IncludeLookup.ValidationPasses) | Out-Null + $IPAddresses.AddRange([string[]]$IncludeLookup.IPAddresses) | Out-Null + } + } else { + Write-Verbose "-----END INCLUDE (INFINITE LOOP -> $Domain SHOULD NOT INCLUDE ITSELF)-----" + $ValidationFails.Add("Include lookup for $($Matches.Value) should not exist. It will cause an infinite loop.") | Out-Null $Status = 'permerror' } - - else { - Write-Verbose '-----END INCLUDE (SPF FOUND)-----' - $RecordList.Add($IncludeLookup) | Out-Null - $ValidationFails.AddRange([string[]]$IncludeLookup.ValidationFails) | Out-Null - $ValidationWarns.AddRange([string[]]$IncludeLookup.ValidationWarns) | Out-Null - $ValidationPasses.AddRange([string[]]$IncludeLookup.ValidationPasses) | Out-Null - $IPAddresses.AddRange([string[]]$IncludeLookup.IPAddresses) | Out-Null - } } # Exists mechanism