Package: release.debian.org
Severity: normal
User: release.debian....@packages.debian.org
Usertags: unblock

Please unblock package opendkim

Upstream is in the process of preparing a new feature release that is
clearly unsuitable for the freeze, but it also contains quite a few
bug fixes that are either important from a correct performance (and
potentially security) perspective or very low risk and highly likely to
be useful to sysadmins making use of the package.

I've gone through and evaluated which changes I think would be good
to get into Jessie (see attached upstream diff).  Depending on upstream's
reaction to this, this would either be version 2.9.3 or patches to our
existing 2.9.2.  Before I approach upstream and push for another bug fix
release that they don't currently plan, I'd like feedback on what, if any
of the attached would be suitable for Jessie.

unblock opendkim/2.9.3-1
diff --git a/HowToRelease b/HowToRelease
index d687a61..3beeb75 100644
--- a/HowToRelease
+++ b/HowToRelease
@@ -50,5 +50,5 @@ Release procedures for OpenDKIM
 9) Mark any bug fixes or feature requests, etc. as closed if this release
    contained them.
 
-10) Update our entry on FreshMeat (http://www.freshmeat.net).
+10) Update our entry on FreeCode (http://freecode.com).
 
diff --git a/RELEASE_NOTES b/RELEASE_NOTES
index 380ad6a..9985a9b 100644
--- a/RELEASE_NOTES
+++ b/RELEASE_NOTES
@@ -3,6 +3,26 @@
 This listing shows the versions of the OpenDKIM package, the date of
 release, and a summary of the changes in that release.
 
+2.9.3		2014/??/??
+        Fix bug #177: Plug leaking "result" structures when OpenLDAP is in use.
+	Truncate configuration file lines at carriage return.
+	Replace overlapping strlcpy() with memmove() in dkim_get_key_file().
+		Reported by Daniel J. Luke.
+	Patch #32: Re-arrange the execution logic to drop privileges in
+		proper order.
+	LIBOPENDKIM: dkim_header() is now a lot more strict about the input
+		it will accept (see RFC5322 Section 2.2).
+	LIBOPENDKIM: Tighten relaxed modes to break on only DKIM-defined
+		whitespace characters.  Problem noted by Elizabeth Zwicky.
+	LIBOPENDKIM: Fix bug #208: If a signature fails to verify for either
+		reason (header hash mismatched or body hash mismatched), set
+		DKIM_SIGERROR_BADSIG so that Authentication-Results doesn't
+		report a failure with "no signature error".
+	TOOLS: Feature request #178: Add "-F" flag to opendkim-genzone so
+		records are created with the FQDN.  Patch from Andreas Schulze.
+	REPUTATION: Handle parameters safely in repute.php.  Reported by
+		Daniel Black.
+
 2.9.2		2014/04/02
 	Fix some conflicting unit tests.  Reported by Eray Aslan.
 	BUILD: Fix bug #195 part II: Compile all binaries with pthreads
diff --git a/configure.ac b/configure.ac
index 703753e..7ae311a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -14,7 +14,7 @@ AC_PREREQ(2.61)
 #
 m4_define([VERSION_RELEASE], 2)
 m4_define([VERSION_MAJOR_REV], 9)
-m4_define([VERSION_MINOR_REV], 2)
+m4_define([VERSION_MINOR_REV], 3)
 m4_define([VERSION_PATCH], 0)
 
 #
diff --git a/libopendkim/dkim-canon.c b/libopendkim/dkim-canon.c
index 125bf12..7b5e7b9 100644
--- a/libopendkim/dkim-canon.c
+++ b/libopendkim/dkim-canon.c
@@ -60,7 +60,8 @@
 #define	SP	(u_char *) " "
 
 /* macros */
-#define	DKIM_ISLWSP(x)	((x) == 011 || (x) == 013 || (x) == 014 || (x) == 040)
+#define	DKIM_ISWSP(x)	((x) == 011 || (x) == 040)
+#define	DKIM_ISLWSP(x)	((x) == 011 || (x) == 012 || (x) == 015 || (x) == 040)
 
 /* prototypes */
 extern void dkim_error __P((DKIM *, const char *, ...));
@@ -353,7 +354,7 @@ dkim_canon_header_string(struct dkim_dstring *dstr, dkim_canon_t canon,
 			if (isascii(*p))
 			{
 				/* discard spaces */
-				if (isspace(*p))
+				if (DKIM_ISWSP(*p))
 					continue;
 
 				/* convert to lowercase */
@@ -387,7 +388,7 @@ dkim_canon_header_string(struct dkim_dstring *dstr, dkim_canon_t canon,
 		}
 
 		/* skip all spaces before first word */
-		while (*p != '\0' && isascii(*p) && isspace(*p))
+		while (*p != '\0' && DKIM_ISWSP(*p))
 			p++;
 
 		space = FALSE;				/* just saw a space */
@@ -1052,8 +1053,7 @@ dkim_canon_selecthdrs(DKIM *dkim, u_char *hdrlist, struct dkim_header **ptrs,
 
 		len = MIN(DKIM_MAXHEADER, strlen((char *) hdrs[c]));
 		while (len > 0 &&
-		       isascii(hdrs[c][len - 1]) &&
-		       isspace(hdrs[c][len - 1]))
+		       DKIM_ISWSP(hdrs[c][len - 1]))
 			len--;
 
 		for (hdr = dkim->dkim_hhead; hdr != NULL; hdr = hdr->hdr_next)
@@ -1769,7 +1769,7 @@ dkim_canon_bodychunk(DKIM *dkim, u_char *buf, size_t buflen)
 				switch (cur->canon_bodystate)
 				{
 				  case 0:
-					if (DKIM_ISLWSP(*p))
+					if (DKIM_ISWSP(*p))
 					{
 						cur->canon_bodystate = 1;
 					}
@@ -1787,7 +1787,7 @@ dkim_canon_bodychunk(DKIM *dkim, u_char *buf, size_t buflen)
 					break;
 
 				  case 1:
-					if (DKIM_ISLWSP(*p))
+					if (DKIM_ISWSP(*p))
 					{
 						break;
 					}
@@ -1836,7 +1836,7 @@ dkim_canon_bodychunk(DKIM *dkim, u_char *buf, size_t buflen)
 							}
 							else
 							{
-								if (DKIM_ISLWSP(*p))
+								if (DKIM_ISWSP(*p))
 								{
 									cur->canon_bodystate = 1;
 								}
@@ -1855,7 +1855,7 @@ dkim_canon_bodychunk(DKIM *dkim, u_char *buf, size_t buflen)
 						dkim_dstring_cat1(cur->canon_buf,
 						                  *p);
 					}
-					else if (DKIM_ISLWSP(*p))
+					else if (DKIM_ISWSP(*p))
 					{
 						dkim_canon_flushblanks(cur);
 						dkim_canon_buffer(cur,
@@ -1874,7 +1874,7 @@ dkim_canon_bodychunk(DKIM *dkim, u_char *buf, size_t buflen)
 					break;
 
 				  case 3:
-					if (DKIM_ISLWSP(*p))
+					if (DKIM_ISWSP(*p))
 					{
 						dkim_canon_flushblanks(cur);
 						dkim_canon_buffer(cur,
diff --git a/libopendkim/dkim-keys.c b/libopendkim/dkim-keys.c
index 85f377f..d4a39ea 100644
--- a/libopendkim/dkim-keys.c
+++ b/libopendkim/dkim-keys.c
@@ -2,7 +2,7 @@
 **  Copyright (c) 2005-2009 Sendmail, Inc. and its suppliers.
 **    All rights reserved.
 **
-**  Copyright (c) 2009-2013, The Trusted Domain Project.  All rights reserved.
+**  Copyright (c) 2009-2014, The Trusted Domain Project.  All rights reserved.
 */
 
 /* system includes */
@@ -494,7 +494,7 @@ dkim_get_key_file(DKIM *dkim, DKIM_SIGINFO *sig, u_char *buf, size_t buflen)
 
 		if (strcasecmp((char *) name, (char *) buf) == 0 && p2 != NULL)
 		{
-			strlcpy((char *) buf, (char *) p2, buflen);
+			memmove(buf, p2, strlen(p2) + 1);
 			fclose(f);
 			return DKIM_STAT_OK;
 		}
diff --git a/libopendkim/dkim.c b/libopendkim/dkim.c
index 4dd9a95..0499434 100644
--- a/libopendkim/dkim.c
+++ b/libopendkim/dkim.c
@@ -5982,9 +5982,14 @@ dkim_sig_process(DKIM *dkim, DKIM_SIGINFO *sig)
 		dkim_base64_encode(digest, diglen, b64buf, sizeof b64buf);
 
 		if (strcmp((char *) bhash, (char *) b64buf) == 0)
+		{
 			sig->sig_bh = DKIM_SIGBH_MATCH;
+		}
 		else
+		{
+			sig->sig_error = DKIM_SIGERROR_BADSIG;
 			sig->sig_bh = DKIM_SIGBH_MISMATCH;
+		}
 	}
 
 	/*
@@ -6458,6 +6463,7 @@ dkim_header(DKIM *dkim, u_char *hdr, size_t len)
 	u_char *colon;
 	u_char *semicolon;
 	u_char *end = NULL;
+	size_t c;
 	struct dkim_header *h;
 
 	assert(dkim != NULL);
@@ -6473,15 +6479,43 @@ dkim_header(DKIM *dkim, u_char *hdr, size_t len)
 		return DKIM_STAT_INVALID;
 	dkim->dkim_state = DKIM_STATE_HEADER;
 
-	colon = memchr(hdr, ':', len);
-	if (colon != NULL)
+	/* enforce RFC 5322, Section 2.2 */
+	colon = NULL;
+	for (c = 0; c < len; c++)
 	{
-		end = colon;
+		if (colon == NULL)
+		{
+			/*
+			**  Field names are printable ASCII; also tolerate
+			**  plain whitespace.
+			*/
+
+			if (hdr[c] < 32 || hdr[c] > 126)
+				return DKIM_STAT_SYNTAX;
 
-		while (end > hdr && isascii(*(end - 1)) && isspace(*(end - 1)))
-			end--;
+			/* the colon is special */
+			if (hdr[c] == ':')
+				colon = &hdr[c];
+		}
+		else
+		{
+			/* field bodies are printable ASCII, SP, HT, CR, LF */
+			if (!(hdr[c] != 9 ||  /* HT */
+			      hdr[c] != 10 || /* LF */
+			      hdr[c] != 13 || /* CR */
+			      (hdr[c] >= 32 && hdr[c] <= 126) /* SP, print */ ))
+				return DKIM_STAT_SYNTAX;
+		}
 	}
 
+	if (colon == NULL)
+		return DKIM_STAT_SYNTAX;
+
+	end = colon;
+
+	while (end > hdr && isascii(*(end - 1)) && isspace(*(end - 1)))
+		end--;
+
 	/* don't allow a field name containing a semicolon */
 	semicolon = memchr(hdr, ';', len);
 	if (semicolon != NULL && colon != NULL && semicolon < colon)
diff --git a/libopendkim/docs/dkim_dns_set_query_cancel.html b/libopendkim/docs/dkim_dns_set_query_cancel.html
index be78a3d..638b215 100644
--- a/libopendkim/docs/dkim_dns_set_query_cancel.html
+++ b/libopendkim/docs/dkim_dns_set_query_cancel.html
@@ -80,7 +80,8 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 <th valign="top" align=left>NOTES</th> 
 <td>
 <ul>
-<li>None.
+<li>Asynchronous key lookups can also be accomplished using
+<a href="dkim_set_key_lookup.html"><tt>dkim_set_key_lookup()</tt></a>.
 </ul>
 </td>
 </tr>
@@ -91,7 +92,7 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 Copyright (c) 2007 Sendmail, Inc. and its suppliers.
 All rights reserved.
 <br>
-Copyright (c) 2011, The Trusted Domain Project.  All rights reserved.
+Copyright (c) 2011, 2014, The Trusted Domain Project.  All rights reserved.
 
 <br>
 By using this file, you agree to the terms and conditions set
diff --git a/libopendkim/docs/dkim_dns_set_query_service.html b/libopendkim/docs/dkim_dns_set_query_service.html
index 62a63e8..18640c4 100644
--- a/libopendkim/docs/dkim_dns_set_query_service.html
+++ b/libopendkim/docs/dkim_dns_set_query_service.html
@@ -66,7 +66,8 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 <th valign="top" align=left>NOTES</th> 
 <td>
 <ul>
-<li>None.
+<li>Asynchronous key lookups can also be accomplished using
+<a href="dkim_set_key_lookup.html"><tt>dkim_set_key_lookup()</tt></a>.
 </ul>
 </td>
 </tr>
@@ -77,7 +78,7 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 Copyright (c) 2007 Sendmail, Inc. and its suppliers.
 All rights reserved.
 <br>
-Copyright (c) 2011, The Trusted Domain Project.  All rights reserved.
+Copyright (c) 2011, 2014, The Trusted Domain Project.  All rights reserved.
 
 <br>
 By using this file, you agree to the terms and conditions set
diff --git a/libopendkim/docs/dkim_dns_set_query_start.html b/libopendkim/docs/dkim_dns_set_query_start.html
index 40b1155..ec0b0e2 100644
--- a/libopendkim/docs/dkim_dns_set_query_start.html
+++ b/libopendkim/docs/dkim_dns_set_query_start.html
@@ -89,7 +89,8 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 <th valign="top" align=left>NOTES</th> 
 <td>
 <ul>
-<li>None.
+<li>Asynchronous key lookups can also be accomplished using
+<a href="dkim_set_key_lookup.html"><tt>dkim_set_key_lookup()</tt></a>.
 </ul>
 </td>
 </tr>
@@ -100,7 +101,7 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 Copyright (c) 2007 Sendmail, Inc. and its suppliers.
 All rights reserved.
 <br>
-Copyright (c) 2011, The Trusted Domain Project.  All rights reserved.
+Copyright (c) 2011, 2014, The Trusted Domain Project.  All rights reserved.
 
 <br>
 By using this file, you agree to the terms and conditions set
diff --git a/libopendkim/docs/dkim_dns_set_query_waitreply.html b/libopendkim/docs/dkim_dns_set_query_waitreply.html
index 1f924e2..2ae1f9e 100644
--- a/libopendkim/docs/dkim_dns_set_query_waitreply.html
+++ b/libopendkim/docs/dkim_dns_set_query_waitreply.html
@@ -92,7 +92,8 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 <th valign="top" align=left>NOTES</th> 
 <td>
 <ul>
-<li>None.
+<li>Asynchronous key lookups can also be accomplished using
+<a href="dkim_set_key_lookup.html"><tt>dkim_set_key_lookup()</tt></a>.
 </ul>
 </td>
 </tr>
@@ -103,7 +104,7 @@ during <a href="dkim_eoh.html"><tt>dkim_eoh()</tt></a> when verifying.  </td>
 Copyright (c) 2007 Sendmail, Inc. and its suppliers.
 All rights reserved.
 <br>
-Copyright (c) 2011, The Trusted Domain Project.  All rights reserved.
+Copyright (c) 2011, 2014, The Trusted Domain Project.  All rights reserved.
 
 <br>
 By using this file, you agree to the terms and conditions set
diff --git a/libopendkim/docs/index.html b/libopendkim/docs/index.html
index 735b04f..132c45c 100644
--- a/libopendkim/docs/index.html
+++ b/libopendkim/docs/index.html
@@ -200,7 +200,7 @@ package, that uses <tt>libopendkim</tt> to implement this facility. <p>
  <tr>
   <td> <a href="dkim_set_key_lookup.html"> <tt>dkim_set_key_lookup()</tt> </a> </td>
   <td> Provide a function to perform key lookups, replacing the internal
-       implementation. </td>
+       implementation.  Includes support for asynchronous operation. </td>
  </tr>
 
  <tr>
diff --git a/opendkim/config.c b/opendkim/config.c
index af65637..b685f65 100644
--- a/opendkim/config.c
+++ b/opendkim/config.c
@@ -2,8 +2,7 @@
 **  Copyright (c) 2006-2009 Sendmail, Inc. and its suppliers.
 **	All rights reserved.
 **
-**  Copyright (c) 2009-2013, The Trusted Domain Project.  All rights reserved.
-**
+**  Copyright (c) 2009-2014, The Trusted Domain Project.  All rights reserved.
 */
 
 #include "build-config.h"
@@ -233,10 +232,10 @@ config_load_level(char *file, struct configdef *def,
 		myline++;
 		str = NULL;
 
-		/* read a line; truncate at newline or "#" */
+		/* read a line; truncate at carriage return, newline, or "#" */
 		for (p = buf; *p != '\0'; p++)
 		{
-			if (*p == '#')
+			if (*p == '#' || *p == 0x0D)
 			{
 				*p = '\0';
 				break;
diff --git a/opendkim/opendkim-db.c b/opendkim/opendkim-db.c
index aa3fa77..6996588 100644
--- a/opendkim/opendkim-db.c
+++ b/opendkim/opendkim-db.c
@@ -4951,6 +4951,7 @@ dkimf_db_get(DKIMF_DB db, void *buf, size_t buflen,
 # endif /* USE_DB */
 #endif /* _FFR_LDAP_CACHING */
 			pthread_mutex_unlock(&ldap->ldap_lock);
+			ldap_msgfree(result);
 			return 0;
 		}
 
diff --git a/opendkim/opendkim-genzone.8.in b/opendkim/opendkim-genzone.8.in
index f5dba18..61e3619 100644
--- a/opendkim/opendkim-genzone.8.in
+++ b/opendkim/opendkim-genzone.8.in
@@ -8,6 +8,7 @@
 [\-d domain]
 [\-D]
 [\-E secs]
+[\-F]
 [\-N ns[,...]]
 [\-o file]
 [\-r secs]
@@ -70,6 +71,9 @@ below), use
 .I secs
 as the default record expiration time.  The default is 604800.
 .TP
+.I \-F
+Adds a "._domainkey" suffix and the domainname to selector names in the zone file.
+.TP
 .I \-N nslist
 Specifies a comma-separated list of nameservers, which will be output in
 NS records before the TXT records.  The first nameserver in this list will
diff --git a/opendkim/opendkim-genzone.c b/opendkim/opendkim-genzone.c
index 52087c7..d820a78 100644
--- a/opendkim/opendkim-genzone.c
+++ b/opendkim/opendkim-genzone.c
@@ -52,7 +52,7 @@
 
 /* definitions */
 #define	BUFRSZ		1024
-#define	CMDLINEOPTS	"C:d:DE:o:N:r:R:St:T:uvx:"
+#define	CMDLINEOPTS	"C:d:DE:Fo:N:r:R:St:T:uvx:"
 #define	DEFCONFFILE	CONFIG_BASE "/opendkim.conf"
 #define	DEFEXPIRE	604800
 #define	DEFREFRESH	10800
@@ -194,6 +194,7 @@ usage(void)
 	                "\t-d domain   \twrite keys for named domain only\n"
 	                "\t-D          \tinclude '._domainkey' suffix\n"
 	                "\t-E secs     \tuse specified expiration time in SOA\n"
+	                "\t-F          \tinclude '._domainkey' suffix and domainname\n"
 	                "\t-o file     \toutput file\n"
 	                "\t-N ns[,...] \tlist NS records\n"
 	                "\t-r secs     \tuse specified refresh time in SOA\n"
@@ -225,6 +226,7 @@ main(int argc, char **argv)
 	_Bool seenlf;
 	_Bool nsupdate = FALSE;
 	_Bool suffix = FALSE;
+	_Bool fqdnsuffix = FALSE;
 	_Bool writesoa = FALSE;
 	int c;
 	int status;
@@ -298,6 +300,11 @@ main(int argc, char **argv)
 			}
 			break;
 
+		  case 'F':
+			suffix = TRUE;
+			fqdnsuffix = TRUE;
+			break;
+
 		  case 'N':
 			nameservers = strdup(optarg);
 			break;
@@ -834,8 +841,11 @@ main(int argc, char **argv)
 			fprintf(out, "zone %s\n", domain);
 
 			snprintf(tmpbuf, sizeof tmpbuf,
-			         "update add %s%s %d TXT \"",
+			         "update add %s%s%s%s%s %d TXT \"",
 			         selector, suffix ? DKIMZONE : "",
+			         fqdnsuffix ? "." : "",
+			         fqdnsuffix ? domain : "",
+			         fqdnsuffix ? "." : "",
 			         ttl == -1 ? defttl : ttl);
 		}
 		else
@@ -843,14 +853,21 @@ main(int argc, char **argv)
 			if (ttl == -1)
 			{
 				snprintf(tmpbuf, sizeof tmpbuf,
-				         "%s%s\tIN\tTXT\t( \"v=DKIM1; k=rsa; p=",
-				         selector, suffix ? DKIMZONE : "");
+				         "%s%s%s%s%s\tIN\tTXT\t( \"v=DKIM1; k=rsa; p=",
+				         selector, suffix ? DKIMZONE : "",
+				         fqdnsuffix ? "." : "",
+				         fqdnsuffix ? domain : "",
+				         fqdnsuffix ? "." : "");
 			}
 			else
 			{
 				snprintf(tmpbuf, sizeof tmpbuf,
-				         "%s%s\t%d\tIN\tTXT\t( \"v=DKIM1; k=rsa; p=",
-				         selector, suffix ? DKIMZONE : "", ttl);
+				         "%s%s%s%s%s\t%d\tIN\tTXT\t( \"v=DKIM1; k=rsa; p=",
+				         selector, suffix ? DKIMZONE : "",
+				         fqdnsuffix ? "." : "",
+				         fqdnsuffix ? domain : "",
+				         fqdnsuffix ? "." : "",
+				         ttl);
 			}
 		}
 
diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c
index 1b7b6c2..3eca157 100644
--- a/opendkim/opendkim.c
+++ b/opendkim/opendkim.c
@@ -12267,7 +12267,7 @@ mlfi_eoh(SMFICTX *ctx)
 	*/
 
 	dfc->mctx_jobid = (u_char *) dkimf_getsymval(ctx, "i");
-	if (dfc->mctx_jobid == NULL)
+	if (dfc->mctx_jobid == NULL || dfc->mctx_jobid[0] == '\0')
 		dfc->mctx_jobid = (u_char *) JOBIDUNKNOWN;
 
 	/* find the Sender: or From: header */
@@ -13976,7 +13976,7 @@ mlfi_eom(SMFICTX *ctx)
 	if (strcmp((char *) dfc->mctx_jobid, JOBIDUNKNOWN) == 0)
 	{
 		dfc->mctx_jobid = (u_char *) dkimf_getsymval(ctx, "i");
-		if (dfc->mctx_jobid == NULL)
+		if (dfc->mctx_jobid == NULL || dfc->mctx_jobid[0] == '\0')
 		{
 			if (no_i_whine && conf->conf_dolog)
 			{
@@ -17502,6 +17502,8 @@ main(int argc, char **argv)
 		else
 			gid = gr->gr_gid;
 
+		(void) endpwent();
+
 #ifdef _FFR_REPUTATION
 		/* chown things that need chowning */
 		if (curconf->conf_rep != NULL)
@@ -17558,56 +17560,6 @@ main(int argc, char **argv)
 		}
 	}
 
-	/* now enact the user change */
-	if (become != NULL)
-	{
-		/* make all the process changes */
-		if (getuid() != pw->pw_uid)
-		{
-			if (initgroups(pw->pw_name, gid) != 0)
-			{
-				if (curconf->conf_dolog)
-				{
-					syslog(LOG_ERR, "initgroups(): %s",
-					       strerror(errno));
-				}
-
-				fprintf(stderr, "%s: initgroups(): %s\n",
-				        progname, strerror(errno));
-
-				return EX_NOPERM;
-			}
-			else if (setgid(gid) != 0)
-			{
-				if (curconf->conf_dolog)
-				{
-					syslog(LOG_ERR, "setgid(): %s",
-					       strerror(errno));
-				}
-
-				fprintf(stderr, "%s: setgid(): %s\n", progname,
-				        strerror(errno));
-
-				return EX_NOPERM;
-			}
-			else if (setuid(pw->pw_uid) != 0)
-			{
-				if (curconf->conf_dolog)
-				{
-					syslog(LOG_ERR, "setuid(): %s",
-					       strerror(errno));
-				}
-
-				fprintf(stderr, "%s: setuid(): %s\n", progname,
-				        strerror(errno));
-
-				return EX_NOPERM;
-			}
-		}
-
-		(void) endpwent();
-	}
-
 	if (curconf->conf_enablecores)
 	{
 		_Bool enabled = FALSE;
@@ -17646,14 +17598,6 @@ main(int argc, char **argv)
 
 	die = FALSE;
 
-	/* initialize DKIM library */
-	if (!dkimf_config_setlib(curconf, &p))
-	{
-		fprintf(stderr, "%s: can't configure DKIM library: %s\n",
-		        progname, p);
-		return EX_SOFTWARE;
-	}
-
 	if (autorestart)
 	{
 		_Bool quitloop = FALSE;
@@ -17737,6 +17681,36 @@ main(int argc, char **argv)
 			}
 		}
 
+		/* now enact the user change */
+		if (become != NULL)
+		{
+			/* make all the process changes */
+			if (getuid() != pw->pw_uid)
+			{
+				if (initgroups(pw->pw_name, gid) != 0)
+				{
+					if (curconf->conf_dolog)
+						syslog(LOG_ERR, "initgroups(): %s", strerror(errno));
+					fprintf(stderr, "%s: initgroups(): %s", progname, strerror(errno));
+					return EX_NOPERM;
+				}
+				else if (setgid(gid) != 0)
+				{
+					if (curconf->conf_dolog)
+						syslog(LOG_ERR, "setgid(): %s", strerror(errno));
+					fprintf(stderr, "%s: setgid(): %s", progname, strerror(errno));
+					return EX_NOPERM;
+				}
+				else if (setuid(pw->pw_uid) != 0)
+				{
+					if (curconf->conf_dolog)
+						syslog(LOG_ERR, "setuid(): %s", strerror(errno));
+					fprintf(stderr, "%s: setuid(): %s", progname, strerror(errno));
+					return EX_NOPERM;
+				}
+			}
+		}
+
 		if (maxrestartrate_n > 0)
 			dkimf_restart_check(maxrestartrate_n, 0);
 
@@ -17885,6 +17859,127 @@ main(int argc, char **argv)
 		}
 	}
 
+	if (!autorestart && dofork)
+	{
+		pid_t pid;
+
+		pid = fork();
+		switch (pid)
+		{
+		  case -1:
+			if (curconf->conf_dolog)
+			{
+				int saveerrno;
+
+				saveerrno = errno;
+
+				syslog(LOG_ERR, "fork(): %s", strerror(errno));
+
+				errno = saveerrno;
+			}
+
+			fprintf(stderr, "%s: fork(): %s\n", progname,
+			        strerror(errno));
+
+			dkimf_zapkey(curconf);
+
+			return EX_OSERR;
+
+		  case 0:
+			dkimf_stdio();
+			break;
+
+		  default:
+			dkimf_zapkey(curconf);
+			return EX_OK;
+		}
+	}
+
+	/* write out the pid */
+	if (!autorestart && pidfile != NULL)
+	{
+		f = fopen(pidfile, "w");
+		if (f != NULL)
+		{
+			fprintf(f, "%ld\n", (long) getpid());
+			(void) fclose(f);
+		}
+		else
+		{
+			if (curconf->conf_dolog)
+			{
+				syslog(LOG_ERR, "can't write pid to %s: %s",
+				       pidfile, strerror(errno));
+			}
+		}
+	}
+
+	/*
+	**  Block SIGUSR1 for use of our reload thread, and SIGHUP, SIGINT
+	**  and SIGTERM for use of libmilter's signal handling thread.
+	*/
+
+	sigemptyset(&sigset);
+	sigaddset(&sigset, SIGUSR1);
+	sigaddset(&sigset, SIGHUP);
+	sigaddset(&sigset, SIGTERM);
+	sigaddset(&sigset, SIGINT);
+	status = pthread_sigmask(SIG_BLOCK, &sigset, NULL);
+	if (status != 0)
+	{
+		if (curconf->conf_dolog)
+		{
+			syslog(LOG_ERR, "pthread_sigprocmask(): %s",
+			       strerror(status));
+		}
+
+		fprintf(stderr, "%s: pthread_sigprocmask(): %s\n", progname,
+		        strerror(status));
+
+		dkimf_zapkey(curconf);
+
+		return EX_OSERR;
+	}
+
+	/* now enact the user change */
+	if (!autorestart && become != NULL)
+	{
+		/* make all the process changes */
+		if (getuid() != pw->pw_uid)
+		{
+			if (initgroups(pw->pw_name, gid) != 0)
+			{
+				if (curconf->conf_dolog)
+					syslog(LOG_ERR, "initgroups(): %s", strerror(errno));
+				fprintf(stderr, "%s: initgroups(): %s", progname, strerror(errno));
+				return EX_NOPERM;
+			}
+			else if (setgid(gid) != 0)
+			{
+				if (curconf->conf_dolog)
+					syslog(LOG_ERR, "setgid(): %s", strerror(errno));
+				fprintf(stderr, "%s: setgid(): %s", progname, strerror(errno));
+				return EX_NOPERM;
+			}
+			else if (setuid(pw->pw_uid) != 0)
+			{
+				if (curconf->conf_dolog)
+					syslog(LOG_ERR, "setuid(): %s", strerror(errno));
+				fprintf(stderr, "%s: setuid(): %s", progname, strerror(errno));
+				return EX_NOPERM;
+			}
+		}
+	}
+
+	/* initialize DKIM library */
+	if (!dkimf_config_setlib(curconf, &p))
+	{
+		if (curconf->conf_dolog)
+			syslog(LOG_ERR, "can't configure DKIM library: %s", p);
+			fprintf(stderr, "%s: can't configure DKIM library: %s", progname, p);
+		return EX_SOFTWARE;
+	}
+
 	if (filemask != -1)
 		(void) umask((mode_t) filemask);
 
@@ -17975,88 +18070,6 @@ main(int argc, char **argv)
 #endif /* HAVE_SMFI_OPENSOCKET */
 	}
 
-	if (!autorestart && dofork)
-	{
-		pid_t pid;
-
-		pid = fork();
-		switch (pid)
-		{
-		  case -1:
-			if (curconf->conf_dolog)
-			{
-				int saveerrno;
-
-				saveerrno = errno;
-
-				syslog(LOG_ERR, "fork(): %s", strerror(errno));
-
-				errno = saveerrno;
-			}
-
-			fprintf(stderr, "%s: fork(): %s\n", progname,
-			        strerror(errno));
-
-			dkimf_zapkey(curconf);
-
-			return EX_OSERR;
-
-		  case 0:
-			dkimf_stdio();
-			break;
-
-		  default:
-			dkimf_zapkey(curconf);
-			return EX_OK;
-		}
-	}
-
-	/* write out the pid */
-	if (!autorestart && pidfile != NULL)
-	{
-		f = fopen(pidfile, "w");
-		if (f != NULL)
-		{
-			fprintf(f, "%ld\n", (long) getpid());
-			(void) fclose(f);
-		}
-		else
-		{
-			if (curconf->conf_dolog)
-			{
-				syslog(LOG_ERR, "can't write pid to %s: %s",
-				       pidfile, strerror(errno));
-			}
-		}
-	}
-
-	/*
-	**  Block SIGUSR1 for use of our reload thread, and SIGHUP, SIGINT
-	**  and SIGTERM for use of libmilter's signal handling thread.
-	*/
-
-	sigemptyset(&sigset);
-	sigaddset(&sigset, SIGUSR1);
-	sigaddset(&sigset, SIGHUP);
-	sigaddset(&sigset, SIGTERM);
-	sigaddset(&sigset, SIGINT);
-	status = pthread_sigmask(SIG_BLOCK, &sigset, NULL);
-	if (status != 0)
-	{
-		if (curconf->conf_dolog)
-		{
-			syslog(LOG_ERR, "pthread_sigprocmask(): %s",
-			       strerror(status));
-		}
-
-		fprintf(stderr, "%s: pthread_sigprocmask(): %s\n", progname,
-		        strerror(status));
-
-		dkimf_zapkey(curconf);
-
-		return EX_OSERR;
-	}
-
 	/* initialize libcrypto mutexes */
 	if (!curconf->conf_disablecryptoinit)
 	{
diff --git a/reputation/repute.php b/reputation/repute.php
index 63c4fee..b812a14 100644
--- a/reputation/repute.php
+++ b/reputation/repute.php
@@ -24,7 +24,7 @@ if (!isset($_GET["application"]) ||
 $application = $_GET["application"];
 $assertion = $_GET["assertion"];
 $service = $_GET["service"];
-$subject = $_GET["subject"];
+$subject = mysql_real_escape_string($_GET["subject"]);
 
 if (strtolower($application) != "email-id")
 	die("Unrecognized application");
@@ -32,7 +32,7 @@ if (strtolower($assertion) != "spam")
 	die("Unrecognized assertion");
 
 if (isset($_GET["reporter"]))
-	$reporter = $_GET["reporter"];
+	$reporter = mysql_real_escape_string($_GET["reporter"]);
 else
 	$reporter = 0;
 

Reply via email to