X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=src%2Fsrc%2Fverify.c;h=84c582cfa340dcee53ba731ee9b4c7f5c3ed50ef;hb=a643c7712f2684e7ec1ac77183a0bfbd59bfd5ca;hp=a1276068b0ab3de5279474db34a3006d36c01585;hpb=bd231acd0f24e4c27c6d6885f48c24360700ec7f;p=user%2Fhenk%2Fcode%2Fexim.git

diff --git a/src/src/verify.c b/src/src/verify.c
index a1276068b..84c582cfa 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1001,6 +1001,26 @@ no_conn:
 	  string_sprintf("response to \"%s\" was: %s",
 			  big_buffer, string_printing(sx.buffer));
 
+	/* RFC 5321 section 4.2: the text portion of the response may have only
+	HT, SP, Printable US-ASCII.  Deal with awkward chars by cutting the
+	received message off before passing it onward.  Newlines are ok; they
+	just become a multiline response (but wrapped in the error code we
+	produce). */
+
+	for (uschar * s = sx.buffer;
+	     *s && s < sx.buffer + sizeof(sx.buffer);
+	     s++)
+	  {
+	  uschar c = *s;
+	  if (c != '\t' && c != '\n' && (c < ' ' || c > '~'))
+	    {
+	    if (s - sx.buffer < sizeof(sx.buffer) - 12)
+	      memcpy(s, "(truncated)", 12);
+	    else
+	      *s = '\0';
+	    break;
+	    }
+	  }
 	addr->user_message = options & vopt_is_recipient
 	  ? string_sprintf("Callout verification failed:\n%s", sx.buffer)
 	  : string_sprintf("Called:   %s\nSent:     %s\nResponse: %s",
@@ -2349,7 +2369,7 @@ for (header_line * h = header_list; h; h = h->next)
     if ((*s < 33) || (*s > 126))
       {
       *msgptr = string_sprintf("Invalid character in header \"%.*s\" found",
-			     colon - h->text, h->text);
+			     (int)(colon - h->text), h->text);
       return FAIL;
       }
   }
@@ -3351,7 +3371,7 @@ one_check_dnsbl(uschar *domain, uschar *domain_txt, uschar *keydomain,
   uschar *prepend, uschar *iplist, BOOL bitmask, int match_type,
   int defer_return)
 {
-dns_answer dnsa;
+dns_answer * dnsa = store_get_dns_answer();
 dns_scan dnss;
 tree_node *t;
 dnsbl_cache_block *cb;
@@ -3404,7 +3424,7 @@ else
   /* Do the DNS lookup . */
 
   HDEBUG(D_dnsbl) debug_printf("new DNS lookup for %s\n", query);
-  cb->rc = dns_basic_lookup(&dnsa, query, T_A);
+  cb->rc = dns_basic_lookup(dnsa, query, T_A);
   cb->text_set = FALSE;
   cb->text = NULL;
   cb->rhs = NULL;
@@ -3424,11 +3444,11 @@ else
   if (cb->rc == DNS_SUCCEED)
     {
     dns_address ** addrp = &(cb->rhs);
-    for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr;
-         rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+    for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+         rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
       if (rr->type == T_A)
         {
-        dns_address *da = dns_address_from_rr(&dnsa, rr);
+        dns_address *da = dns_address_from_rr(dnsa, rr);
         if (da)
           {
           *addrp = da;
@@ -3576,9 +3596,9 @@ if (cb->rc == DNS_SUCCEED)
   if (!cb->text_set)
     {
     cb->text_set = TRUE;
-    if (dns_basic_lookup(&dnsa, query, T_TXT) == DNS_SUCCEED)
-      for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); rr;
-           rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+    if (dns_basic_lookup(dnsa, query, T_TXT) == DNS_SUCCEED)
+      for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr;
+           rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
         if (rr->type == T_TXT)
 	  {
 	  int len = (rr->data)[0];