uschar *
dkim_exim_query_dns_txt(uschar * name)
{
+/*XXX need to always alloc the dnsa, from tainted mem.
+Then, we hope, the answers will be tainted */
+
dns_answer dnsa;
dns_scan dnss;
+rmark reset_point = store_mark();
gstring * g = NULL;
lookup_dnssec_authenticated = NULL;
/* check if this looks like a DKIM record */
if (Ustrncmp(g->s, "v=", 2) != 0 || strncasecmp(CS g->s, "v=dkim", 6) == 0)
{
- gstring_reset_unused(g);
+ gstring_release_unused(g);
return string_from_gstring(g);
}
}
bad:
-if (g) store_reset(g);
+store_reset(reset_point);
return NULL; /*XXX better error detail? logging? */
}
/* Only sign once for each domain, no matter how often it
appears in the expanded list. */
+ dkim_signing_domain = string_copylc(dkim_signing_domain);
if (match_isinlist(dkim_signing_domain, CUSS &seen_doms,
0, NULL, NULL, MCL_STRING, TRUE, NULL) == OK)
continue;
pk_bad:
log_write(0, LOG_MAIN|LOG_PANIC,
- "DKIM: signing failed: %.100s", pdkim_errstr(pdkim_rc));
+ "DKIM: signing failed: %.100s", pdkim_errstr(pdkim_rc));
bad:
sigbuf = NULL;
goto CLEANUP;
expand_bad:
- log_write(0, LOG_MAIN | LOG_PANIC, "failed to expand %s: %s",
- errwhen, expand_string_message);
+ *errstr = string_sprintf("failed to expand %s: %s",
+ errwhen, expand_string_message);
+ log_write(0, LOG_MAIN | LOG_PANIC, "%s", *errstr);
goto bad;
}