Avoid re-expansion in ${sort } CVE-2019-13917 OVE-20190718-0006

[exim.git] / src / src / dane.c

diff --git a/src/src/dane.c b/src/src/dane.c
index 20dfe5b180a28fc9ac1e3908110d20dfd955b48d..541e9cb02b91141a25f265b231847da63d225d85 100644 (file)
--- a/src/src/dane.c
+++ b/src/src/dane.c
@@ -24,7 +24,7 @@ reference itself to stop picky compilers complaining that it is unused, and put
 in a dummy argument to stop even pickier compilers complaining about infinite
 loops. */
 
-#ifndef EXPERIMENTAL_DANE
+#ifndef SUPPORT_DANE
 static void dummy(int x) { dummy(x-1); }
 #else
 
@@ -33,13 +33,16 @@ static void dummy(int x) { dummy(x-1); }
 #  error DANE support requires that TLS support must be enabled. Abort build.
 # endif
 
-# ifdef USE_GNUTLS
-#  include "dane-gnu.c"
-# else
+/* DNSSEC support is also required */
+# ifndef RES_USE_DNSSEC
+#  error DANE support requires that the DNS resolver library supports DNSSEC
+# endif
+
+# ifndef USE_GNUTLS
 #  include "dane-openssl.c"
 # endif
 
 
-#endif  /* EXPERIMENTAL_DANE */
+#endif  /* SUPPORT_DANE */
 
 /* End of dane.c */