Merge 4.80.1 security fix in.

Merge commit '4263f395efd136dece52d765dfcff3c96f17506e' Amendment to ChangeLog to handle changes.
author: Phil Pennock <pdp@exim.org> 2012-10-26 20:30:27 -0400
committer: Phil Pennock <pdp@exim.org> 2012-10-26 20:30:27 -0400
commit: 6d7c6175eda3aaa316d1960a89170a285510ad40 (patch)
tree: deb34f9bc7dea2eca3d87ade4ab0eb3518b96e03 /src
parent: a453e37fa4f71167b49e96e7a33c843aea45d390 (diff)
parent: 4263f395efd136dece52d765dfcff3c96f17506e (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 87e91dea2..05b5fec56 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -42,6 +42,9 @@ int dkim_exim_query_dns_txt(char *name, char *answer) {
                "%.*s", (int)len, (char *)((rr->data)+rr_offset));
       rr_offset+=len;
       answer_offset+=len;
+      if (answer_offset >= PDKIM_DNS_TXT_MAX_RECLEN) {
+        return PDKIM_FAIL;
+      }
     }
   }
   else return PDKIM_FAIL;
diff --git a/src/src/pdkim/pdkim.h b/src/src/pdkim/pdkim.h
index 764cc83be..1d364a3c9 100644
--- a/src/src/pdkim/pdkim.h
+++ b/src/src/pdkim/pdkim.h
@@ -27,8 +27,8 @@
 
 /* -------------------------------------------------------------------------- */
 /* Length of the preallocated buffer for the "answer" from the dns/txt
-   callback function. */
-#define PDKIM_DNS_TXT_MAX_RECLEN    4096
+   callback function. This should match the maximum RDLENGTH from DNS. */
+#define PDKIM_DNS_TXT_MAX_RECLEN    (1 << 16)
 
 /* -------------------------------------------------------------------------- */
 /* Function success / error codes */
author	Phil Pennock <pdp@exim.org>	2012-10-26 20:30:27 -0400
committer	Phil Pennock <pdp@exim.org>	2012-10-26 20:30:27 -0400
commit	6d7c6175eda3aaa316d1960a89170a285510ad40 (patch)
tree	deb34f9bc7dea2eca3d87ade4ab0eb3518b96e03 /src
parent	a453e37fa4f71167b49e96e7a33c843aea45d390 (diff)
parent	4263f395efd136dece52d765dfcff3c96f17506e (diff)