X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fsrc%2Fdkim.c;h=3e715452554b77ab6d990e19a579e65fb137cbdc;hb=3481c572b379260a57ebfafb46eee0600780add3;hp=05b5fec56e62073f4f5d1d1640ee42d7ca782bad;hpb=6d7c6175eda3aaa316d1960a89170a285510ad40;p=exim.git

diff --git a/src/src/dkim.c b/src/src/dkim.c
index 05b5fec56..3e7154525 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge, 1995 - 2007 */
+/* Copyright (c) University of Cambridge, 1995 - 2015 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Code for DKIM support. Other DKIM relevant code is in
@@ -23,6 +23,7 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
   dns_scan   dnss;
   dns_record *rr;
 
+  lookup_dnssec_authenticated = NULL;
   if (dns_lookup(&dnsa, (uschar *)name, T_TXT, NULL) != DNS_SUCCEED) return PDKIM_FAIL;
 
   /* Search for TXT record */
@@ -382,12 +383,11 @@ uschar *dkim_exim_expand_defaults(int what) {
 }
 
 
-uschar *dkim_exim_sign(int dkim_fd,
-                       uschar *dkim_private_key,
-                       uschar *dkim_domain,
-                       uschar *dkim_selector,
-                       uschar *dkim_canon,
-                       uschar *dkim_sign_headers) {
+uschar *
+dkim_exim_sign(int dkim_fd, uschar *dkim_private_key,
+       const uschar *dkim_domain, uschar *dkim_selector,
+       uschar *dkim_canon, uschar *dkim_sign_headers)
+{
   int sep = 0;
   uschar *seen_items = NULL;
   int seen_items_size = 0;
@@ -411,7 +411,7 @@ uschar *dkim_exim_sign(int dkim_fd,
 
   store_pool = POOL_MAIN;
 
-  dkim_domain = expand_string(dkim_domain);
+  dkim_domain = expand_cstring(dkim_domain);
   if (dkim_domain == NULL) {
     /* expansion error, do not send message. */
     log_write(0, LOG_MAIN|LOG_PANIC, "failed to expand "
@@ -428,7 +428,7 @@ uschar *dkim_exim_sign(int dkim_fd,
     /* Only sign once for each domain, no matter how often it
        appears in the expanded list. */
     if (seen_items != NULL) {
-      uschar *seen_items_list = seen_items;
+      const uschar *seen_items_list = seen_items;
       if (match_isinlist(dkim_signing_domain,
                          &seen_items_list,0,NULL,NULL,MCL_STRING,TRUE,NULL) == OK)
         continue;
@@ -504,7 +504,12 @@ uschar *dkim_exim_sign(int dkim_fd,
         rc = NULL;
         goto CLEANUP;
       }
-      (void)read(privkey_fd,big_buffer,(big_buffer_size-2));
+      if (read(privkey_fd,big_buffer,(big_buffer_size-2)) < 0) {
+        log_write(0, LOG_MAIN|LOG_PANIC, "unable to read private key file: %s",
+	  dkim_private_key_expanded);
+        rc = NULL;
+        goto CLEANUP;
+      }
       (void)close(privkey_fd);
       dkim_private_key_expanded = big_buffer;
     }