SPAMD/malware: Log service identity with errors. Bug 1740

[exim.git] / src / src / dns.c

diff --git a/src/src/dns.c b/src/src/dns.c
index 4f84bfc4566ebae7053445d9888317c6b83328e9..9859e83658839600f42df07a7595575194a8f136 100644 (file)
--- a/src/src/dns.c
+++ b/src/src/dns.c
@@ -40,7 +40,6 @@ fakens_search(const uschar *domain, int type, uschar *answerptr, int size)
 {
 int len = Ustrlen(domain);
 int asize = size;                  /* Locally modified */
-uschar *endname;
 uschar name[256];
 uschar utilname[256];
 uschar *aptr = answerptr;          /* Locally modified */
@@ -51,7 +50,6 @@ struct stat statbuf;
 if (domain[len - 1] == '.') len--;
 Ustrncpy(name, domain, len);
 name[len] = 0;
-endname = name + len;
 
 /* Look for the fakens utility, and if it exists, call it. */
 
@@ -86,7 +84,7 @@ if (stat(CS utilname, &statbuf) >= 0)
     asize -= rc;      /* may need to be passed on to res_search(). */
     }
 
-  /* If we ran out of output buffer before exhasting the return,
+  /* If we ran out of output buffer before exhausting the return,
   carry on reading and counting it. */
 
   if (asize == 0)
@@ -390,7 +388,8 @@ from the following bytes. */
 
 dnss->aptr += namelen;
 GETSHORT(dnss->srr.type, dnss->aptr); /* Record type */
-dnss->aptr += 6;                      /* Don't want class or TTL */
+dnss->aptr += 2;                      /* Don't want class */
+GETLONG(dnss->srr.ttl, dnss->aptr);   /* TTL */
 GETSHORT(dnss->srr.size, dnss->aptr); /* Size of data portion */
 dnss->srr.data = dnss->aptr;          /* The record's data follows */
 dnss->aptr += dnss->srr.size;         /* Advance to next RR */
@@ -402,11 +401,16 @@ return &(dnss->srr);
 }
 
 
-/* Extract the AUTHORITY info from the answer. If the
-answer isn't authoritive (AA) we do not extract anything.
-We've to search for SOA or NS records, since there may be
-other records (e.g. NSEC3) too.
-*/
+/* Extract the AUTHORITY information from the answer. If the
+answer isn't authoritive (AA not set), we do not extract anything.
+
+The AUTHORITIVE section contains NS records if
+the name in question was found, it contains a SOA record
+otherwise. (This is just from experience and some tests, is there
+some spec?)
+
+We've cycle through the AUTHORITY section, since it may contain
+other records (e.g. NSEC3) too.  */
 
 static const uschar *
 dns_extract_auth_name(const dns_answer * dnsa) /* FIXME: const dns_answer */
@@ -419,7 +423,7 @@ if (!h->nscount || !h->aa) return NULL;
 for (rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_AUTHORITY);
      rr;
      rr = dns_next_rr((dns_answer*) dnsa, &dnss, RESET_NEXT))
-  if (rr->type == T_SOA || rr->type == T_NS) return rr->name;
+  if (rr->type == (h->ancount ? T_NS : T_SOA)) return rr->name;
 return NULL;
 }
 
@@ -460,10 +464,11 @@ if (h->ad) return TRUE;
 
 if (  !h->aa
    || !dns_trust_aa
-   || !*(trusted = expand_string(dns_trust_aa))
+   || !(trusted = expand_string(dns_trust_aa))
+   || !*trusted
    || !(auth_name = dns_extract_auth_name(dnsa))
    || OK != match_isinlist(auth_name, &trusted, 0, NULL, NULL,
-                           MCL_DOMAIN, TRUE, NULL) 
+                           MCL_DOMAIN, TRUE, NULL)
    )
   return FALSE;
 
@@ -1107,8 +1112,7 @@ return DNS_FAIL;
 *          Get address(es) from DNS record       *
 *************************************************/
 
-/* The record type is either T_A for an IPv4 address or T_AAAA (or T_A6 when
-supported) for an IPv6 address.
+/* The record type is either T_A for an IPv4 address or T_AAAA for an IPv6 address.
 
 Argument:
   dnsa       the DNS answer block
@@ -1140,8 +1144,11 @@ else
   {
   if (rr->data + 16 <= dnsa_lim)
     {
+    struct in6_addr in6;
+    int i;
+    for (i = 0; i < 16; i++) in6.__in6_u.__u6_addr8[i] = rr->data[i];
     yield = store_get(sizeof(dns_address) + 50);
-    inet_ntop(AF_INET6, US rr->data, CS yield->address, 50);
+    inet_ntop(AF_INET6, &in6, CS yield->address, 50);
     yield->next = NULL;
     }
   }