DKIM: fix verify under TLS & chunking, with pipelined next command

author: Jeremy Harris <jgh146exb@wizmail.org> 2021-08-10 21:32:18 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2021-08-11 00:07:45 +0100
commit: b367453a08bff7123dfe0b841de290e17372ad7c (patch)
tree: 23f4be640e63689f182dede77fa4a6368e455280 /src
parent: 15a44d749b2f4097d43c2d887b6c5bca2d0d8b4a (diff)
7 files changed, 22 insertions, 11 deletions
diff --git a/src/src/dkim.c b/src/src/dkim.c
index 63b0ba62c..5b7f17b2d 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -128,13 +128,16 @@ dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing);
 dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0;
 dkim_collect_error = NULL;
 
-/* Start feed up with any cached data */
-receive_get_cache();
+/* Start feed up with any cached data, but limited to message data */
+receive_get_cache(chunking_state == CHUNKING_LAST
+		  ? chunking_data_left : GETC_BUFFER_UNLIMITED);
 
 store_pool = dkim_verify_oldpool;
 }
 
 
+/* Submit a chunk of data for verification input.
+Only use the data when the feed is activated. */
 void
 dkim_exim_verify_feed(uschar * data, int len)
 {
diff --git a/src/src/functions.h b/src/src/functions.h
index 0744697f9..f57379e2b 100644
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -67,7 +67,7 @@ extern uschar *tls_field_from_dn(uschar *, const uschar *);
 extern void    tls_free_cert(void **);
 extern int     tls_getc(unsigned);
 extern uschar *tls_getbuf(unsigned *);
-extern void    tls_get_cache(void);
+extern void    tls_get_cache(unsigned);
 extern BOOL    tls_import_cert(const uschar *, void **);
 extern BOOL    tls_is_name_for_cert(const uschar *, void *);
 # ifdef USE_OPENSSL
@@ -493,7 +493,7 @@ extern BOOL    smtp_get_interface(uschar *, int, address_item *,
 extern BOOL    smtp_get_port(uschar *, address_item *, int *, uschar *);
 extern int     smtp_getc(unsigned);
 extern uschar *smtp_getbuf(unsigned *);
-extern void    smtp_get_cache(void);
+extern void    smtp_get_cache(unsigned);
 extern int     smtp_handle_acl_fail(int, int, uschar *, uschar *);
 extern void    smtp_log_no_mail(void);
 extern void    smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL);
diff --git a/src/src/globals.c b/src/src/globals.c
index c3e8a16cf..5d9f7f8c6 100644
--- a/src/src/globals.c
+++ b/src/src/globals.c
@@ -176,7 +176,7 @@ uschar * (*lwr_receive_getbuf)(unsigned *) = NULL;
 int (*lwr_receive_ungetc)(int) = stdin_ungetc;
 int (*receive_getc)(unsigned)  = stdin_getc;
 uschar * (*receive_getbuf)(unsigned *)  = NULL;
-void (*receive_get_cache)(void)= NULL;
+void (*receive_get_cache)(unsigned)    = NULL;
 int (*receive_ungetc)(int)     = stdin_ungetc;
 int (*receive_feof)(void)      = stdin_feof;
 int (*receive_ferror)(void)    = stdin_ferror;
diff --git a/src/src/globals.h b/src/src/globals.h
index d5d93148f..b610ac0a9 100644
--- a/src/src/globals.h
+++ b/src/src/globals.h
@@ -164,7 +164,7 @@ extern uschar * (*lwr_receive_getbuf)(unsigned *);
 extern int (*lwr_receive_ungetc)(int);
 extern int (*receive_getc)(unsigned);
 extern uschar * (*receive_getbuf)(unsigned *);
-extern void (*receive_get_cache)(void);
+extern void (*receive_get_cache)(unsigned);
 extern int (*receive_ungetc)(int);
 extern int (*receive_feof)(void);
 extern int (*receive_ferror)(void);
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index ee248c517..ffda0ec81 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -581,12 +581,12 @@ return buf;
 }
 
 void
-smtp_get_cache(void)
+smtp_get_cache(unsigned lim)
 {
 #ifndef DISABLE_DKIM
 int n = smtp_inend - smtp_inptr;
-if (chunking_state == CHUNKING_LAST && chunking_data_left < n)
-  n = chunking_data_left;
+if (n > lim)
+  n = lim;
 if (n > 0)
   dkim_exim_verify_feed(smtp_inptr, n);
 #endif
@@ -661,7 +661,9 @@ for(;;)
   if (chunking_state == CHUNKING_LAST)
     {
 #ifndef DISABLE_DKIM
+    dkim_collect_input = dkim_save;
     dkim_exim_verify_feed(NULL, 0);	/* notify EOD */
+    dkim_collect_input = 0;
 #endif
     return EOD;
     }
diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c
index 7d434f6af..796581b0e 100644
--- a/src/src/tls-gnu.c
+++ b/src/src/tls-gnu.c
@@ -3877,12 +3877,15 @@ return buf;
 }
 
 
+/* Get up to the given number of bytes from any cached data, and feed to dkim. */
 void
-tls_get_cache(void)
+tls_get_cache(unsigned lim)
 {
 #ifndef DISABLE_DKIM
 exim_gnutls_state_st * state = &state_server;
 int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm;
+if (n > lim)
+  n = lim;
 if (n > 0)
   dkim_exim_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n);
 #endif
diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c
index 89f11ce37..298d8d4e1 100644
--- a/src/src/tls-openssl.c
+++ b/src/src/tls-openssl.c
@@ -4146,10 +4146,13 @@ return buf;
 
 
 void
-tls_get_cache(void)
+tls_get_cache(unsigned lim)
 {
 #ifndef DISABLE_DKIM
 int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm;
+debug_printf("tls_get_cache\n");
+if (n > lim)
+  n = lim;
 if (n > 0)
   dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n);
 #endif
author	Jeremy Harris <jgh146exb@wizmail.org>	2021-08-10 21:32:18 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2021-08-11 00:07:45 +0100
commit	b367453a08bff7123dfe0b841de290e17372ad7c (patch)
tree	23f4be640e63689f182dede77fa4a6368e455280 /src
parent	15a44d749b2f4097d43c2d887b6c5bca2d0d8b4a (diff)