X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fdkim.c;h=dd999ff5b6a95a15f1b0ed47908629a1b47ba6dc;hb=9fa4d5b45f70b36a46c0d04381a5e05cb39ae3e9;hp=a0becd45be9d64ab1a6b51c81e919a27c75d0229;hpb=d7978c0f8af20ff4c3f770589b1bb81568aecff3;p=user%2Fhenk%2Fcode%2Fexim.git diff --git a/src/src/dkim.c b/src/src/dkim.c index a0becd45b..dd999ff5b 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -43,8 +43,12 @@ static const uschar * dkim_collect_error = NULL; uschar * dkim_exim_query_dns_txt(uschar * name) { +/*XXX need to always alloc the dnsa, from tainted mem. +Then, we hope, the answers will be tainted */ + dns_answer dnsa; dns_scan dnss; +rmark reset_point = store_mark(); gstring * g = NULL; lookup_dnssec_authenticated = NULL; @@ -76,7 +80,7 @@ for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); /* check if this looks like a DKIM record */ if (Ustrncmp(g->s, "v=", 2) != 0 || strncasecmp(CS g->s, "v=dkim", 6) == 0) { - gstring_reset_unused(g); + gstring_release_unused(g); return string_from_gstring(g); } @@ -84,7 +88,7 @@ for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); } bad: -if (g) store_reset(g); +store_reset(reset_point); return NULL; /*XXX better error detail? logging? */ } @@ -620,6 +624,7 @@ if (dkim_domain) /* Only sign once for each domain, no matter how often it appears in the expanded list. */ + dkim_signing_domain = string_copylc(dkim_signing_domain); if (match_isinlist(dkim_signing_domain, CUSS &seen_doms, 0, NULL, NULL, MCL_STRING, TRUE, NULL) == OK) continue; @@ -779,14 +784,15 @@ CLEANUP: pk_bad: log_write(0, LOG_MAIN|LOG_PANIC, - "DKIM: signing failed: %.100s", pdkim_errstr(pdkim_rc)); + "DKIM: signing failed: %.100s", pdkim_errstr(pdkim_rc)); bad: sigbuf = NULL; goto CLEANUP; expand_bad: - log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand %s: %s", - errwhen, expand_string_message); + *errstr = string_sprintf("failed to expand %s: %s", + errwhen, expand_string_message); + log_write(0, LOG_MAIN | LOG_PANIC, "%s", *errstr); goto bad; }