X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/2592e6c0eda522da0f6a33f4d32e33598288eb6e..584e96c65f12aca9414450b656504af6e3f7a399:/src/src/dkim.c diff --git a/src/src/dkim.c b/src/src/dkim.c index 349947ab1..a09ec7eca 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -2,7 +2,7 @@ * Exim - an Internet mail transport agent * *************************************************/ -/* Copyright (c) University of Cambridge, 1995 - 2015 */ +/* Copyright (c) University of Cambridge, 1995 - 2016 */ /* See the file NOTICE for conditions of use and distribution. */ /* Code for DKIM support. Other DKIM relevant code is in @@ -14,6 +14,7 @@ #include "pdkim/pdkim.h" +int dkim_verify_oldpool; pdkim_ctx *dkim_verify_ctx = NULL; pdkim_signature *dkim_signatures = NULL; pdkim_signature *dkim_cur_sig = NULL; @@ -66,9 +67,17 @@ pdkim_init(); } + void dkim_exim_verify_init(void) { +/* There is a store-reset between header & body reception +so cannot use the main pool. Any allocs done by Exim +memory-handling must use the perm pool. */ + +dkim_verify_oldpool = store_pool; +store_pool = POOL_PERM; + /* Free previous context if there is one */ if (dkim_verify_ctx) @@ -78,15 +87,22 @@ if (dkim_verify_ctx) dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt); dkim_collect_input = !!dkim_verify_ctx; + +/* Start feed up with any cached data */ +receive_get_cache(); + +store_pool = dkim_verify_oldpool; } void dkim_exim_verify_feed(uschar * data, int len) { +store_pool = POOL_PERM; if ( dkim_collect_input && pdkim_feed(dkim_verify_ctx, (char *)data, len) != PDKIM_OK) dkim_collect_input = FALSE; +store_pool = dkim_verify_oldpool; } @@ -98,6 +114,8 @@ int dkim_signers_size = 0; int dkim_signers_ptr = 0; dkim_signers = NULL; +store_pool = POOL_PERM; + /* Delete eventual previous signature chain */ dkim_signatures = NULL; @@ -112,7 +130,7 @@ if (!dkim_collect_input) "DKIM: Error while running this message through validation," " disabling signature verification."); dkim_disable_verify = TRUE; - return; + goto out; } dkim_collect_input = FALSE; @@ -120,7 +138,7 @@ dkim_collect_input = FALSE; /* Finish DKIM operation and fetch link to signatures chain */ if (pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures) != PDKIM_OK) - return; + goto out; for (sig = dkim_signatures; sig; sig = sig->next) { @@ -133,10 +151,12 @@ for (sig = dkim_signatures; sig; sig = sig->next) string_sprintf("d=%s s=%s c=%s/%s a=%s b=%d ", sig->domain, sig->selector, - sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", - sig->algo == PDKIM_ALGO_RSA_SHA256 ? "rsa-sha256" : "rsa-sha1", - sig->sigdata.len * 8 + sig->canon_headers == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + sig->canon_body == PDKIM_CANON_SIMPLE ? "simple" : "relaxed", + sig->algo == PDKIM_ALGO_RSA_SHA256 + ? "rsa-sha256" + : sig->algo == PDKIM_ALGO_RSA_SHA1 ? "rsa-sha1" : "err", + (int)sig->sigdata.len > -1 ? sig->sigdata.len * 8 : 0 ), sig->identity ? string_sprintf("i=%s ", sig->identity) : US"", @@ -171,6 +191,16 @@ for (sig = dkim_signatures; sig; sig = sig->next) "syntax error in public key record]"); break; + case PDKIM_VERIFY_INVALID_SIGNATURE_ERROR: + logmsg = string_append(logmsg, &size, &ptr, 1, + "signature tag missing or invalid]"); + break; + + case PDKIM_VERIFY_INVALID_DKIM_VERSION: + logmsg = string_append(logmsg, &size, &ptr, 1, + "unsupported DKIM version]"); + break; + default: logmsg = string_append(logmsg, &size, &ptr, 1, "unspecified problem]"); @@ -228,6 +258,9 @@ if (dkim_signers) if (Ustrlen(dkim_signers) > 0) dkim_signers[Ustrlen(dkim_signers) - 1] = '\0'; } + +out: +store_pool = dkim_verify_oldpool; }