X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/9fa4d5b45f70b36a46c0d04381a5e05cb39ae3e9..f5bf7636988febc332349f2a1deb2a4329ff3243:/src/src/dkim.c diff --git a/src/src/dkim.c b/src/src/dkim.c index dd999ff5b..5c9d2279e 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -37,29 +37,28 @@ static const uschar * dkim_collect_error = NULL; -/*XXX the caller only uses the first record if we return multiple. +/* Look up the DKIM record in DNS for the given hostname. +Will use the first found if there are multiple. +The return string is tainted, having come from off-site. */ uschar * -dkim_exim_query_dns_txt(uschar * name) +dkim_exim_query_dns_txt(const uschar * name) { -/*XXX need to always alloc the dnsa, from tainted mem. -Then, we hope, the answers will be tainted */ - -dns_answer dnsa; +dns_answer * dnsa = store_get_dns_answer(); dns_scan dnss; rmark reset_point = store_mark(); gstring * g = NULL; lookup_dnssec_authenticated = NULL; -if (dns_lookup(&dnsa, name, T_TXT, NULL) != DNS_SUCCEED) +if (dns_lookup(dnsa, name, T_TXT, NULL) != DNS_SUCCEED) return NULL; /*XXX better error detail? logging? */ /* Search for TXT record */ -for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS); +for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS); rr; - rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT)) + rr = dns_next_rr(dnsa, &dnss, RESET_NEXT)) if (rr->type == T_TXT) { int rr_offset = 0; @@ -96,6 +95,8 @@ return NULL; /*XXX better error detail? logging? */ void dkim_exim_init(void) { +if (f.dkim_init_done) return; +f.dkim_init_done = TRUE; pdkim_init(); } @@ -104,6 +105,8 @@ pdkim_init(); void dkim_exim_verify_init(BOOL dot_stuffing) { +dkim_exim_init(); + /* There is a store-reset between header & body reception so cannot use the main pool. Any allocs done by Exim memory-handling must use the perm pool. */ @@ -570,6 +573,8 @@ void dkim_exim_sign_init(void) { int old_pool = store_pool; + +dkim_exim_init(); store_pool = POOL_MAIN; pdkim_init_context(&dkim_sign_ctx, FALSE, &dkim_exim_query_dns_txt); store_pool = old_pool;