At 22:06 28-08-2007, Jim Fenton wrote: >It looks like dkim_get_key_dns() needs to explicitly handle the case >where it receives two answers, and the first is a CNAME. It's >apparently tripping over a couple of bytes at the end of the CNAME >response (not sure why they're there) but what really needs to happen is >to see that it's a CNAME and go on to the next answer.
get_key_dns() gets the key. It only processes the first answer whereas a query for your key in DNS returns two answers (ancount = 2). >It looks like the check for a TXT reply (dkim-keys.c line 294) is >actually checking the type in the query that's echoed back in the >response. There needs to be an additional check when you get to the >actual response (around line 336), and go onto the next response if you >got a CNAME back. That type check only verifies the "question" and not the "answer". An addition test is required after line 336: if (type == T_CNAME && class == C_IN) It is better to test for T_TXT too in the "answer" or else we would be calling dkim_process_set() to process an invalid payload. Regards, -sm ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ dkim-milter-discuss mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/dkim-milter-discuss
