bb687e1b39
Workaround: "You are not vulnerable if <...> you put this at the start of an ACL plumbed into acl_smtp_connect or acl_smtp_rcpt: warn control = dkim_disable_verify" This is backported from the diff between exim 4.80 and 4.80.1 (not updating fully to 4.80.1 yet as this small diff is safer to commit) same diff rpointel@
15 lines
657 B
Plaintext
15 lines
657 B
Plaintext
$OpenBSD: patch-src_pdkim_pdkim_h,v 1.1 2012/10/26 08:50:01 sthen Exp $
|
|
--- src/pdkim/pdkim.h.orig Mon Oct 10 06:18:13 2011
|
|
+++ src/pdkim/pdkim.h Fri Oct 26 09:39:14 2012
|
|
@@ -27,8 +27,8 @@
|
|
|
|
/* -------------------------------------------------------------------------- */
|
|
/* Length of the preallocated buffer for the "answer" from the dns/txt
|
|
- callback function. */
|
|
-#define PDKIM_DNS_TXT_MAX_RECLEN 4096
|
|
+ callback function. This should match the maximum RDLENGTH from DNS. */
|
|
+#define PDKIM_DNS_TXT_MAX_RECLEN (1 << 16)
|
|
|
|
/* -------------------------------------------------------------------------- */
|
|
/* Function success / error codes */
|