X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/bc4bc4c581f45f7afae0e06e5279026dae7e519a..6f5d1ca3b1563d0ed580a43ba711b3534b19234e:/src/src/dkim.c

diff --git a/src/src/dkim.c b/src/src/dkim.c
index e25ff8c85..171fcccdb 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -1,5 +1,3 @@
-/* $Cambridge: exim/src/src/dkim.c,v 1.15 2010/06/12 13:54:38 jetmore Exp $ */
-
 /*************************************************
 *     Exim - an Internet mail transport agent    *
 *************************************************/
@@ -25,6 +23,7 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
   dns_scan   dnss;
   dns_record *rr;
 
+  lookup_dnssec_authenticated = NULL;
   if (dns_lookup(&dnsa, (uschar *)name, T_TXT, NULL) != DNS_SUCCEED) return PDKIM_FAIL;
 
   /* Search for TXT record */
@@ -44,6 +43,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
                "%.*s", (int)len, (char *)((rr->data)+rr_offset));
       rr_offset+=len;
       answer_offset+=len;
+      if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
+        return PDKIM_FAIL;
+      }
     }
   }
   else return PDKIM_FAIL;
@@ -108,7 +110,7 @@ void dkim_exim_verify_finish(void) {
     /* Log a line for each signature */
     uschar *logmsg = string_append(NULL, &size, &ptr, 5,
 
-      string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ",
+      string_sprintf( "d=%s s=%s c=%s/%s a=%s ",
                       sig->domain,
                       sig->selector,
                       (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
@@ -176,7 +178,7 @@ void dkim_exim_verify_finish(void) {
     }
 
     logmsg[ptr] = '\0';
-    log_write(0, LOG_MAIN, (char *)logmsg);
+    log_write(0, LOG_MAIN, "DKIM: %s", logmsg);
 
     /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */
     dkim_signers = string_append(dkim_signers,
@@ -503,7 +505,12 @@ uschar *dkim_exim_sign(int dkim_fd,
         rc = NULL;
         goto CLEANUP;
       }
-      (void)read(privkey_fd,big_buffer,(big_buffer_size-2));
+      if (read(privkey_fd,big_buffer,(big_buffer_size-2)) < 0) {
+        log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
+	  dkim_private_key_expanded);
+        rc = NULL;
+        goto CLEANUP;
+      }
       (void)close(privkey_fd);
       dkim_private_key_expanded = big_buffer;
     }