From 186a60182a658af6800ca048a3edaa19d380f494 Mon Sep 17 00:00:00 2001
From: Nathaniel <me@nathanielbennett.com>
Date: Fri, 12 Nov 2021 07:39:30 -0700
Subject: [PATCH] Added integer overflow check for SPF macro segment count.

---
 hmailserver/source/Server/SMTP/SPF/RMSPF.cpp | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/hmailserver/source/Server/SMTP/SPF/RMSPF.cpp b/hmailserver/source/Server/SMTP/SPF/RMSPF.cpp
index 6b91c5091..9a7474463 100644
--- a/hmailserver/source/Server/SMTP/SPF/RMSPF.cpp
+++ b/hmailserver/source/Server/SMTP/SPF/RMSPF.cpp
@@ -13,6 +13,7 @@
 #undef UNICODE
 
 #include <windns.h>
+#include <limits.h>
 #include <string.h>
 #include <stdlib.h>
 #include <time.h>
@@ -2371,7 +2372,9 @@ char** bufp, spfbool fordomain)
          // get max number of parts
          num = 0;
          while (ISDIGIT(*cp))
-         {
+            if (num > (INT_MAX - (*cp - '0')) / 10)
+                return SPF_PermError;
+
             num = num * 10 + *cp - '0';
             if (++cp >= s1)
                return SPF_PermError;