Merge pull request trusteddomainproject#219 from futatuki/db_walk_avo…

…id_abort This saves incorrect usage of DKIMF_DB_TYPE_MEMCACHE from assertion failure addressing to unknown DB type error, and avoid execute verification of signing table on loading configurations. (See the issue trusteddomainproject#218) trusteddomainproject#218 trusteddomainproject#219
futatuki · Oct 4, 2024 · c26dabb · c26dabb
2 parents d95b8e4 + 7c39a62
commit c26dabb
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 6 deletions.
diff --git a/opendkim/opendkim-db.c b/opendkim/opendkim-db.c
@@ -5805,6 +5805,34 @@ dkimf_db_strerror(DKIMF_DB db, char *err, size_t errlen)
 	/* NOTREACHED */
 }
 
+/*
+**  DKIMF_DB_CAN_WALK -- check if the db supports dkimf_db_walk operation
+**
+**  Parameters:
+**  	db -- database
+**
+**  Return value:
+**  	TRUE  -- suppots
+**  	FALSE -- does not support
+*/
+
+_Bool
+dkimf_db_can_walk(DKIMF_DB db)
+{
+	assert(db != NULL);
+
+	switch (db->db_type)
+	{
+	  case DKIMF_DB_TYPE_REFILE:
+	  case DKIMF_DB_TYPE_SOCKET:
+	  case DKIMF_DB_TYPE_LUA:
+	  case DKIMF_DB_TYPE_MEMCACHE:
+	  case DKIMF_DB_TYPE_UNKNOWN:
+		return FALSE;
+	}
+	return TRUE;
+}
+
 /*
 **  DKIMF_DB_WALK -- walk a database
 **
@@ -5832,13 +5860,16 @@ dkimf_db_walk(DKIMF_DB db, _Bool first, void *key, size_t *keylen,
 	    (key == NULL && keylen != NULL))
 		return -1;
 
-	if (db->db_type == DKIMF_DB_TYPE_REFILE ||
-	    db->db_type == DKIMF_DB_TYPE_SOCKET ||
-	    db->db_type == DKIMF_DB_TYPE_LUA)
-		return -1;
-
 	switch (db->db_type)
 	{
+	  case DKIMF_DB_TYPE_REFILE:
+	  case DKIMF_DB_TYPE_SOCKET:
+	  case DKIMF_DB_TYPE_LUA:
+	  case DKIMF_DB_TYPE_MEMCACHE:
+	  {
+		/* This operation does not support these type of dbs. */
+		return -1;
+	  }
 	  case DKIMF_DB_TYPE_CSL:
 	  case DKIMF_DB_TYPE_FILE:
 	  {

diff --git a/opendkim/opendkim-db.h b/opendkim/opendkim-db.h
@@ -94,6 +94,7 @@ extern int dkimf_db_rewalk __P((DKIMF_DB, char *, DKIMF_DBDATA, unsigned int,
 extern void dkimf_db_set_ldap_param __P((int, char *));
 extern int dkimf_db_strerror __P((DKIMF_DB, char *, size_t));
 extern int dkimf_db_type __P((DKIMF_DB));
+extern _Bool dkimf_db_can_walk __P((DKIMF_DB));
 extern int dkimf_db_walk __P((DKIMF_DB, _Bool, void *, size_t *,
                               DKIMF_DBDATA, unsigned int));
 

diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c
@@ -8339,7 +8339,9 @@ dkimf_config_load(struct config *data, struct dkimf_config *conf,
 		**  missing KeyTable entries.
 		*/
 
-		if (conf->conf_signtabledb != NULL && conf->conf_checksigningtable != FALSE)
+		if (conf->conf_checksigningtable &&
+		    conf->conf_signtabledb != NULL &&
+		    dkimf_db_can_walk(conf->conf_signtabledb))
 		{
 			_Bool first = TRUE;
 			_Bool found;