X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fdkim.c;h=dd999ff5b6a95a15f1b0ed47908629a1b47ba6dc;hb=9fa4d5b45f70b36a46c0d04381a5e05cb39ae3e9;hp=715774c7e8228cd32c3cbb69ee0ad2a72660698e;hpb=e59797e3bda39abf611063fc0ba38fcb4e6596e4;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 715774c7e..dd999ff5b 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -43,8 +43,12 @@ static const uschar * dkim_collect_error = NULL;
 uschar *
 dkim_exim_query_dns_txt(uschar * name)
 {
+/*XXX need to always alloc the dnsa, from tainted mem.
+Then, we hope, the answers will be tainted */
+
 dns_answer dnsa;
 dns_scan dnss;
+rmark reset_point = store_mark();
 gstring * g = NULL;
 
 lookup_dnssec_authenticated = NULL;
@@ -84,7 +88,7 @@ for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
     }
 
 bad:
-if (g) store_reset(g);
+store_reset(reset_point);
 return NULL;	/*XXX better error detail?  logging? */
 }
 
@@ -780,14 +784,15 @@ CLEANUP:
 
 pk_bad:
   log_write(0, LOG_MAIN|LOG_PANIC,
-	       	"DKIM: signing failed: %.100s", pdkim_errstr(pdkim_rc));
+		"DKIM: signing failed: %.100s", pdkim_errstr(pdkim_rc));
 bad:
   sigbuf = NULL;
   goto CLEANUP;
 
 expand_bad:
-  log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand %s: %s",
-	      errwhen, expand_string_message);
+  *errstr = string_sprintf("failed to expand %s: %s",
+              errwhen, expand_string_message);
+  log_write(0, LOG_MAIN | LOG_PANIC, "%s", *errstr);
   goto bad;
 }