if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN)
return PDKIM_FAIL; /*XXX better error detail? logging? */
}
+
+ /* check if this looks like a DKIM record */
+ if (strncasecmp(answer, "v=dkim", 6) != 0) continue;
return PDKIM_OK;
}
if (!sig) return;
-logmsg = string_catn(NULL, "DKIM: ", 6);
+logmsg = string_catn(NULL, US"DKIM: ", 6);
if (!(s = sig->domain)) s = US"<UNSET>";
logmsg = string_append(logmsg, 2, "d=", s);
if (!(s = sig->selector)) s = US"<UNSET>";
logmsg = string_append(logmsg, 2, " s=", s);
-logmsg = string_append(logmsg, 7,
+logmsg = string_append(logmsg, 7,
" c=", sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
"/", sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed",
" a=", dkim_sig_to_a_tag(sig),
switch (sig->verify_status)
{
case PDKIM_VERIFY_NONE:
- logmsg = string_cat(logmsg, " [not verified]");
+ logmsg = string_cat(logmsg, US" [not verified]");
break;
case PDKIM_VERIFY_INVALID:
- logmsg = string_cat(logmsg, " [invalid - ");
+ logmsg = string_cat(logmsg, US" [invalid - ");
switch (sig->verify_ext_status)
{
case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE:
logmsg = string_cat(logmsg,
- "public key record (currently?) unavailable]");
+ US"public key record (currently?) unavailable]");
break;
case PDKIM_VERIFY_INVALID_BUFFER_SIZE:
- logmsg = string_cat(logmsg, "overlong public key record]");
+ logmsg = string_cat(logmsg, US"overlong public key record]");
break;
case PDKIM_VERIFY_INVALID_PUBKEY_DNSRECORD:
case PDKIM_VERIFY_INVALID_PUBKEY_IMPORT:
- logmsg = string_cat(logmsg, "syntax error in public key record]");
+ logmsg = string_cat(logmsg, US"syntax error in public key record]");
break;
case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR:
- logmsg = string_cat(logmsg, "signature tag missing or invalid]");
+ logmsg = string_cat(logmsg, US"signature tag missing or invalid]");
break;
case PDKIM_VERIFY_INVALID_DKIM_VERSION:
- logmsg = string_cat(logmsg, "unsupported DKIM version]");
+ logmsg = string_cat(logmsg, US"unsupported DKIM version]");
break;
default:
- logmsg = string_cat(logmsg, "unspecified problem]");
+ logmsg = string_cat(logmsg, US"unspecified problem]");
}
break;
case PDKIM_VERIFY_FAIL:
- logmsg = string_cat(logmsg, " [verification failed - ");
+ logmsg = string_cat(logmsg, US" [verification failed - ");
switch (sig->verify_ext_status)
{
case PDKIM_VERIFY_FAIL_BODY:
logmsg = string_cat(logmsg,
- "body hash mismatch (body probably modified in transit)]");
+ US"body hash mismatch (body probably modified in transit)]");
break;
case PDKIM_VERIFY_FAIL_MESSAGE:
logmsg = string_cat(logmsg,
- "signature did not verify (headers probably modified in transit)]");
+ US"signature did not verify "
+ "(headers probably modified in transit)]");
break;
default:
- logmsg = string_cat(logmsg, "unspecified reason]");
+ logmsg = string_cat(logmsg, US"unspecified reason]");
}
break;
case PDKIM_VERIFY_PASS:
- logmsg = string_cat(logmsg, " [verification succeeded]");
+ logmsg = string_cat(logmsg, US" [verification succeeded]");
break;
}
else
logmsg = string_append(logmsg, 5,
US" [", dkim_verify_status, US" - ", dkim_verify_reason, US"]");
-log_write(0, LOG_MAIN, string_from_gstring(logmsg));
+log_write(0, LOG_MAIN, "%s", string_from_gstring(logmsg));
return;
}
dkim_verify_status = dkim_exim_expand_query(DKIM_VERIFY_STATUS);
dkim_verify_reason = dkim_exim_expand_query(DKIM_VERIFY_REASON);
-
+
if ((rc = dkim_acl_call(id, res_ptr, user_msgptr, log_msgptr)) != OK)
return rc;
}
pdkim_set_optional(sig,
CS dkim_sign_headers_expanded,
- dkim_identity_expanded,
+ CS dkim_identity_expanded,
pdkim_canon,
pdkim_canon, -1, 0, 0);
git://git.exim.org / exim.git / blobdiff