Gitweb:
https://git.exim.org/exim.git/commitdiff/362e4161e252f96a7b529d52f650ddc88d1cc9f7
Commit: 362e4161e252f96a7b529d52f650ddc88d1cc9f7
Parent: fc2ba7b9fae5992dd76f721f283714a6d2ea137d
Author: Jeremy Harris <jgh146exb@???>
AuthorDate: Sat Aug 10 17:56:30 2019 +0100
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Sat Aug 10 17:56:30 2019 +0100
DKIM: use tainted mem for dns lookup
---
src/src/dkim.c | 15 +++++++--------
1 file changed, 7 insertions(+), 8 deletions(-)
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 8bb2efb..5883596 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -37,29 +37,28 @@ static const uschar * dkim_collect_error = NULL;
-/*XXX the caller only uses the first record if we return multiple.
+/* Look up the DKIM record in DNS for the given hostname.
+Will use the first found if there are multiple.
+The return string is tainted, having come from off-site.
*/
uschar *
dkim_exim_query_dns_txt(const uschar * name)
{
-/*XXX need to always alloc the dnsa, from tainted mem.
-Then, we hope, the answers will be tainted */
-
-dns_answer dnsa;
+dns_answer * dnsa = store_get(sizeof(dns_answer), TRUE); /* use tainted mem */
dns_scan dnss;
rmark reset_point = store_mark();
gstring * g = NULL;
lookup_dnssec_authenticated = NULL;
-if (dns_lookup(&dnsa, name, T_TXT, NULL) != DNS_SUCCEED)
+if (dns_lookup(dnsa, name, T_TXT, NULL) != DNS_SUCCEED)
return NULL; /*XXX better error detail? logging? */
/* Search for TXT record */
-for (dns_record * rr = dns_next_rr(&dnsa, &dnss, RESET_ANSWERS);
+for (dns_record * rr = dns_next_rr(dnsa, &dnss, RESET_ANSWERS);
rr;
- rr = dns_next_rr(&dnsa, &dnss, RESET_NEXT))
+ rr = dns_next_rr(dnsa, &dnss, RESET_NEXT))
if (rr->type == T_TXT)
{
int rr_offset = 0;
