X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fdkim.c;h=065170444bb8494a19b5a5c88f25eb8305ab9622;hb=fc55624df0c1956b7b6b4ae35605a6b95704d022;hp=8bb2efbf059a29c56b0a8878d86c0338e7765d53;hpb=fc2ba7b9fae5992dd76f721f283714a6d2ea137d;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 8bb2efbf0..065170444 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -37,29 +37,28 @@ static const uschar * dkim_collect_error = NULL;
 
 
 
-/*XXX the caller only uses the first record if we return multiple.
+/* Look up the DKIM record in DNS for the given hostname.
+Will use the first found if there are multiple.
+The return string is tainted, having come from off-site.
 */
 
 uschar *
 dkim_exim_query_dns_txt(const uschar * name)
 {
-/*XXX need to always alloc the dnsa, from tainted mem.
-Then, we hope, the answers will be tainted */
-
-dns_answer dnsa;
+dns_answer * dnsa = store_get_dns_answer();
 dns_scan dnss;
 rmark reset_point = store_mark();
 gstring * g = NULL;
 
 lookup_dnssec_authenticated = NULL;
-if (dns_lookup(&dnsa, name, T_TXT, NULL) != DNS_SUCCEED)
+if (dns_lookup(dnsa, name, T_TXT, NULL) != DNS_SUCCEED)
   return NULL;	/*XXX better error detail?  logging? */
 
 /* Search for TXT record */
 
-for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
+for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
      rr;
-     rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+     rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
   if (rr->type == T_TXT)
     {
     int rr_offset = 0;