X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/cebf4027931177cc70106a84e19705f2085a09f5..a85c067ba6c6940512cf57ec213277a370d87e70:/src/src/dnsbl.c

diff --git a/src/src/dnsbl.c b/src/src/dnsbl.c
index 5c6a76d94..af80f6be1 100644
--- a/src/src/dnsbl.c
+++ b/src/src/dnsbl.c
@@ -2,9 +2,10 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
 /* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
 /* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-only */
 
 /* Functions concerned with dnsbls */
 
@@ -74,7 +75,7 @@ tree_node *t;
 dnsbl_cache_block *cb;
 int old_pool = store_pool;
 uschar * query;
-int qlen;
+int qlen, yield;
 
 /* Construct the specific query domainname */
 
@@ -83,7 +84,8 @@ if ((qlen = Ustrlen(query)) >= 256)
   {
   log_write(0, LOG_MAIN|LOG_PANIC, "dnslist query is too long "
     "(ignored): %s...", query);
-  return FAIL;
+  yield = FAIL;
+  goto out;
   }
 
 /* Look for this query in the cache. */
@@ -114,9 +116,9 @@ else
 
   else
     {	/* Set up a tree entry to cache the lookup */
-    t = store_get(sizeof(tree_node) + qlen + 1 + 1, is_tainted(query));
+    t = store_get(sizeof(tree_node) + qlen + 1 + 1, query);
     Ustrcpy(t->name, query);
-    t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block), FALSE);
+    t->data.ptr = cb = store_get(sizeof(dnsbl_cache_block), GET_UNTAINTED);
     (void)tree_insertnode(&dnsbl_cache, t);
     }
 
@@ -305,7 +307,8 @@ if (cb->rc == DNS_SUCCEED)
           match_type & MT_ALL ? "=" : "",
           bitmask ? '&' : '=', iplist);
         }
-      return FAIL;
+      yield = FAIL;
+      goto out;
       }
     }
 
@@ -329,7 +332,11 @@ if (cb->rc == DNS_SUCCEED)
 	    " not in 127.0/8 and discarded",
 	    keydomain, domain, da->address);
       }
-    if (!ok) return FAIL;
+    if (!ok)
+      {
+      yield = FAIL;
+      goto out;
+      }
     }
 
   /* Either there was no IP list, or the record matched, implying that the
@@ -339,8 +346,11 @@ if (cb->rc == DNS_SUCCEED)
   there is indeed an A record at the alternate domain. */
 
   if (domain_txt != domain)
-    return one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
+    {
+    yield = one_check_dnsbl(domain_txt, domain_txt, keydomain, prepend, NULL,
       FALSE, match_type, defer_return);
+    goto out;
+    }
 
   /* If there is no alternate domain, look up a TXT record in the main domain
   if it has not previously been cached. */
@@ -356,7 +366,7 @@ if (cb->rc == DNS_SUCCEED)
 	  int len = (rr->data)[0];
 	  if (len > 511) len = 127;
 	  store_pool = POOL_PERM;
-	  cb->text = string_sprintf("%.*s", len, CUS (rr->data+1));
+	  cb->text = string_copyn_taint(CUS (rr->data+1), len, GET_TAINTED);
 	  store_pool = old_pool;
 	  break;
 	  }
@@ -364,7 +374,8 @@ if (cb->rc == DNS_SUCCEED)
 
   dnslist_value = addlist;
   dnslist_text = cb->text;
-  return OK;
+  yield = OK;
+  goto out;
   }
 
 /* There was a problem with the DNS lookup */
@@ -376,7 +387,8 @@ if (cb->rc != DNS_NOMATCH && cb->rc != DNS_NODATA)
     defer_return == OK ?   US"assumed in list" :
     defer_return == FAIL ? US"assumed not in list" :
                             US"returned DEFER");
-  return defer_return;
+  yield = defer_return;
+  goto out;
   }
 
 /* No entry was found in the DNS; continue for next domain */
@@ -388,7 +400,12 @@ HDEBUG(D_dnsbl)
      keydomain, domain);
   }
 
-return FAIL;
+yield = FAIL;
+
+out:
+
+store_free_dns_answer(dnsa);
+return yield;
 }