From f63e5bf0b262ba2f7f70a17818eeb6fed46272f4 Mon Sep 17 00:00:00 2001
From: Alberto Bertogli <albertito@blitiri.com.ar>
Date: Sat, 31 Aug 2019 01:03:24 +0100
Subject: [PATCH] sts: Reject policies with max_age > 1y, as per RFC

The MTA-STS standard explicitly says the maximum max_age is 1 year.

This patch adds a check to the STS library to enforce this. Policies
with max_age > 1y will be treated as invalid.

See this email thread for some discussion on the topic:
https://mailarchive.ietf.org/arch/msg/uta/bnUjy9jxM_Va-lDXVtbB32zIkYI
---
 internal/sts/sts.go      | 6 +++++-
 internal/sts/sts_test.go | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/internal/sts/sts.go b/internal/sts/sts.go
index 7d76818..94ac925 100644
--- a/internal/sts/sts.go
+++ b/internal/sts/sts.go
@@ -125,7 +125,11 @@ func (p *Policy) Check() error {
 	if p.Version != "STSv1" {
 		return ErrUnknownVersion
 	}
-	if p.MaxAge <= 0 {
+
+	// A 0 max age is invalid (could also represent an Atoi error), and so is
+	// one greater than 31557600 (1 year), as per
+	// https://tools.ietf.org/html/rfc8461#section-3.2.
+	if p.MaxAge <= 0 || p.MaxAge > 31557600*time.Second {
 		return ErrInvalidMaxAge
 	}
 
diff --git a/internal/sts/sts_test.go b/internal/sts/sts_test.go
index f44fddf..80e24ba 100644
--- a/internal/sts/sts_test.go
+++ b/internal/sts/sts_test.go
@@ -98,6 +98,8 @@ func TestCheckPolicy(t *testing.T) {
 			MXs: []string{"mx1"}},
 		{Version: "STSv1", Mode: "none", MaxAge: 1 * time.Hour,
 			MXs: []string{"mx1"}},
+		{Version: "STSv1", Mode: "none", MaxAge: 31557600 * time.Second,
+			MXs: []string{"mx1"}},
 	}
 	for i, p := range validPs {
 		if err := p.Check(); err != nil {
@@ -111,6 +113,8 @@ func TestCheckPolicy(t *testing.T) {
 	}{
 		{Policy{Version: "STSv2"}, ErrUnknownVersion},
 		{Policy{Version: "STSv1"}, ErrInvalidMaxAge},
+		{Policy{Version: "STSv1", MaxAge: 31557601 * time.Second},
+			ErrInvalidMaxAge},
 		{Policy{Version: "STSv1", MaxAge: 1, Mode: "blah"}, ErrInvalidMode},
 		{Policy{Version: "STSv1", MaxAge: 1, Mode: "enforce"}, ErrInvalidMX},
 		{Policy{Version: "STSv1", MaxAge: 1, Mode: "enforce", MXs: []string{}},