X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/df3def249f555f5e6cbfa1bf3fb1a20db4f48fcd..490f424e8cc098f0330d140d1db8c92c8723866c:/src/src/dkim.c

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 36b103e8f..4e20f14f2 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge, 1995 - 2015 */
+/* Copyright (c) University of Cambridge, 1995 - 2016 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Code for DKIM support. Other DKIM relevant code is in
@@ -14,6 +14,7 @@
 
 #include "pdkim/pdkim.h"
 
+int dkim_verify_oldpool;
 pdkim_ctx *dkim_verify_ctx = NULL;
 pdkim_signature *dkim_signatures = NULL;
 pdkim_signature *dkim_cur_sig = NULL;
@@ -59,9 +60,24 @@ return PDKIM_FAIL;
 }
 
 
+void
+dkim_exim_init(void)
+{
+pdkim_init();
+}
+
+
+
 void
 dkim_exim_verify_init(void)
 {
+/* There is a store-reset between header & body reception
+so cannot use the main pool. Any allocs done by Exim
+memory-handling must use the perm pool. */
+
+dkim_verify_oldpool = store_pool;
+store_pool = POOL_PERM;
+
 /* Free previous context if there is one */
 
 if (dkim_verify_ctx)
@@ -71,15 +87,19 @@ if (dkim_verify_ctx)
 
 dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt);
 dkim_collect_input = !!dkim_verify_ctx;
+
+store_pool = dkim_verify_oldpool;
 }
 
 
 void
 dkim_exim_verify_feed(uschar * data, int len)
 {
+store_pool = POOL_PERM;
 if (  dkim_collect_input
    && pdkim_feed(dkim_verify_ctx, (char *)data, len) != PDKIM_OK)
   dkim_collect_input = FALSE;
+store_pool = dkim_verify_oldpool;
 }
 
 
@@ -91,6 +111,8 @@ int dkim_signers_size = 0;
 int dkim_signers_ptr = 0;
 dkim_signers = NULL;
 
+store_pool = POOL_PERM;
+
 /* Delete eventual previous signature chain */
 
 dkim_signatures = NULL;
@@ -105,7 +127,7 @@ if (!dkim_collect_input)
 	     "DKIM: Error while running this message through validation,"
 	     " disabling signature verification.");
   dkim_disable_verify = TRUE;
-  return;
+  goto out;
   }
 
 dkim_collect_input = FALSE;
@@ -113,7 +135,7 @@ dkim_collect_input = FALSE;
 /* Finish DKIM operation and fetch link to signatures chain */
 
 if (pdkim_feed_finish(dkim_verify_ctx, &dkim_signatures) != PDKIM_OK)
-  return;
+  goto out;
 
 for (sig = dkim_signatures; sig; sig = sig->next)
   {
@@ -129,7 +151,7 @@ for (sig = dkim_signatures; sig; sig = sig->next)
 	      sig->canon_headers == PDKIM_CANON_SIMPLE ?  "simple" : "relaxed",
 	      sig->canon_body == PDKIM_CANON_SIMPLE ?  "simple" : "relaxed",
 	      sig->algo == PDKIM_ALGO_RSA_SHA256 ?  "rsa-sha256" : "rsa-sha1",
-	      sig->sigdata_len * 8
+	      sig->sigdata.len * 8
 	      ),
 
 	sig->identity ? string_sprintf("i=%s ", sig->identity) : US"",
@@ -221,6 +243,9 @@ if (dkim_signers)
   if (Ustrlen(dkim_signers) > 0)
   dkim_signers[Ustrlen(dkim_signers) - 1] = '\0';
   }
+
+out:
+store_pool = dkim_verify_oldpool;
 }
 
 
@@ -255,7 +280,7 @@ for (sig = dkim_signatures; sig; sig = sig->next)
 
     dkim_signing_domain = US sig->domain;
     dkim_signing_selector = US sig->selector;
-    dkim_key_length = sig->sigdata_len * 8;
+    dkim_key_length = sig->sigdata.len * 8;
     return;
     }
 }
@@ -340,7 +365,7 @@ switch (what)
 
   case DKIM_HEADERNAMES:
     return dkim_cur_sig->headernames
-      ?  US dkim_cur_sig->headernames : dkim_exim_expand_defaults(what);
+      ? dkim_cur_sig->headernames : dkim_exim_expand_defaults(what);
 
   case DKIM_IDENTITY:
     return dkim_cur_sig->identity