Skip to content

Commit

Permalink
Prevent infinite loop in includes
Browse files Browse the repository at this point in the history
  • Loading branch information
JohnDuprey committed Apr 12, 2023
1 parent d8dcafa commit 2743abb
Showing 1 changed file with 21 additions and 17 deletions.
38 changes: 21 additions & 17 deletions DNSHealth/Public/Records/Read-SPFRecord.ps1
Original file line number Diff line number Diff line change
Expand Up @@ -212,25 +212,29 @@ function Read-SpfRecord {

# Include mechanism
elseif ($Term -match '^(?<Qualifier>[+-~?])?include:(?<Value>.+)$') {
$LookupCount++
Write-Verbose '-----INCLUDE-----'
Write-Verbose "Looking up include $($Matches.Value)"
$IncludeLookup = Read-SpfRecord -Domain $Matches.Value -Level 'Include'

if ([string]::IsNullOrEmpty($IncludeLookup.Record) -and $Level -eq 'Parent') {
Write-Verbose '-----END INCLUDE (SPF MISSING)-----'
$ValidationFails.Add("Include lookup for $($Matches.Value) does not contain a SPF record, this will result in a failure.") | Out-Null
if ($Matches.Value -ne $Domain) {
$LookupCount++
Write-Verbose '-----INCLUDE-----'
Write-Verbose "Looking up include $($Matches.Value)"
$IncludeLookup = Read-SpfRecord -Domain $Matches.Value -Level 'Include'

if ([string]::IsNullOrEmpty($IncludeLookup.Record) -and $Level -eq 'Parent') {
Write-Verbose '-----END INCLUDE (SPF MISSING)-----'
$ValidationFails.Add("Include lookup for $($Matches.Value) does not contain a SPF record, this will result in a failure.") | Out-Null
$Status = 'permerror'
} else {
Write-Verbose '-----END INCLUDE (SPF FOUND)-----'
$RecordList.Add($IncludeLookup) | Out-Null
$ValidationFails.AddRange([string[]]$IncludeLookup.ValidationFails) | Out-Null
$ValidationWarns.AddRange([string[]]$IncludeLookup.ValidationWarns) | Out-Null
$ValidationPasses.AddRange([string[]]$IncludeLookup.ValidationPasses) | Out-Null
$IPAddresses.AddRange([string[]]$IncludeLookup.IPAddresses) | Out-Null
}
} else {
Write-Verbose "-----END INCLUDE (INFINITE LOOP -> $Domain SHOULD NOT INCLUDE ITSELF)-----"
$ValidationFails.Add("Include lookup for $($Matches.Value) should not exist. It will cause an infinite loop.") | Out-Null
$Status = 'permerror'
}

else {
Write-Verbose '-----END INCLUDE (SPF FOUND)-----'
$RecordList.Add($IncludeLookup) | Out-Null
$ValidationFails.AddRange([string[]]$IncludeLookup.ValidationFails) | Out-Null
$ValidationWarns.AddRange([string[]]$IncludeLookup.ValidationWarns) | Out-Null
$ValidationPasses.AddRange([string[]]$IncludeLookup.ValidationPasses) | Out-Null
$IPAddresses.AddRange([string[]]$IncludeLookup.IPAddresses) | Out-Null
}
}

# Exists mechanism
Expand Down

0 comments on commit 2743abb

Please sign in to comment.