SECURITY: DKIM DNS buffer overflow protection

[exim.git] / src / src / pdkim / pdkim.h

diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index 57606ab93b96d8e5cf6359c8636154d70c2f1260..1d364a3c9dd9ad16495615f339484ea0097845ae 100644 (file)
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -1,7 +1,7 @@
 /*
  *  PDKIM - a RFC4871 (DKIM) implementation
  *
- *  Copyright (C) 2009  Tom Kistner <tom@duncanthrax.net>
+ *  Copyright (C) 2009 - 2012  Tom Kistner <tom@duncanthrax.net>
  *
  *  http://duncanthrax.net/pdkim/
  *
@@ -27,8 +27,8 @@
 
 /* -------------------------------------------------------------------------- */
 /* Length of the preallocated buffer for the "answer" from the dns/txt
-   callback function. */
-#define PDKIM_DNS_TXT_MAX_RECLEN    4096
+   callback function. This should match the maximum RDLENGTH from DNS. */
+#define PDKIM_DNS_TXT_MAX_RECLEN    (1 << 16)
 
 /* -------------------------------------------------------------------------- */
 /* Function success / error codes */
@@ -237,10 +237,6 @@ typedef struct pdkim_signature {
   /* Signing specific ------------------------------------------------- */
   char *rsa_privkey;     /* Private RSA key                             */
   char *sign_headers;    /* To-be-signed header names                   */
-  /* Verification specific -------------------------------------------- */
-  char *hnames_check;    /* Tick-off header list that we use to keep
-                            track of header names that we have already
-                            added to the signature candidates.          */
   char *rawsig_no_b_val; /* Original signature header w/o b= tag value. */
 } pdkim_signature;
 
@@ -274,6 +270,7 @@ typedef struct pdkim_ctx {
   int        past_headers;
   int        num_buffered_crlf;
   int        num_headers;
+  pdkim_stringlist *headers; /* Raw headers for verification         */
 
 #ifdef PDKIM_DEBUG
   /* A FILE pointer. When not NULL, debug output will be generated