From 6245d29609b3b95f38f25f9f30a374c9037dec58 Mon Sep 17 00:00:00 2001
From: FUTATSUKI Yasuhito <futatuki@yf.bsdclub.org>
Date: Mon, 7 Oct 2024 18:39:41 +0900
Subject: [PATCH 1/2] Fix issue 229: fix db handling on verification of
 SigningTable in dkimf_config_load

- check error on calling dkimf_db_walk()
- fix request parameter for "signer" field in SigningTable
---
 opendkim/opendkim.c | 28 +++++++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c
index 803f37b0..5bb80b79 100644
--- a/opendkim/opendkim.c
+++ b/opendkim/opendkim.c
@@ -8333,20 +8333,23 @@ dkimf_config_load(struct config *data, struct dkimf_config *conf,
 			char selector[BUFRSZ + 1];
 			char keydata[BUFRSZ + 1];
 			char signer[BUFRSZ + 1];
+			int db_stat;
 
-			dbd[0].dbdata_flags = 0;
-			
 			memset(keyname, '\0', sizeof keyname);
+			/*
+			** As we don't care signer values here,
+			** we don't need to clear it.
+			*/
 
 			dbd[0].dbdata_buffer = keyname;
 			dbd[0].dbdata_buflen = sizeof keyname - 1;
 			dbd[0].dbdata_flags = 0;
 			dbd[1].dbdata_buffer = signer;
 			dbd[1].dbdata_buflen = sizeof signer - 1;
-			dbd[1].dbdata_flags = 0;
+			dbd[1].dbdata_flags = DKIMF_DB_DATA_OPTIONAL;
 
-			while (dkimf_db_walk(conf->conf_signtabledb, first,
-			                     NULL, NULL, dbd, 2) == 0)
+			while ((db_stat = dkimf_db_walk(conf->conf_signtabledb,
+			                                first, NULL, NULL, dbd, 2)) == 0)
 			{
 				first = FALSE;
 				found = FALSE;
@@ -8359,6 +8362,11 @@ dkimf_config_load(struct config *data, struct dkimf_config *conf,
 				dbd[2].dbdata_buffer = keydata;
 				dbd[2].dbdata_buflen = sizeof keydata - 1;
 				dbd[2].dbdata_flags = DKIMF_DB_DATA_BINARY;
+				/*
+				** As we don't care for values of the entry
+				** in KeyTable here, we don't need to clear
+				** buffers for them.
+				*/
 
 				if (dkimf_db_get(conf->conf_keytabledb,	
 				                 keyname, strlen(keyname),
@@ -8379,6 +8387,16 @@ dkimf_config_load(struct config *data, struct dkimf_config *conf,
 				dbd[0].dbdata_buffer = keyname;
 				dbd[0].dbdata_buflen = sizeof keyname - 1;
 				dbd[0].dbdata_flags = 0;
+				dbd[1].dbdata_buffer = signer;
+				dbd[1].dbdata_buflen = sizeof signer - 1;
+				dbd[1].dbdata_flags = DKIMF_DB_DATA_OPTIONAL;
+			}
+			if (db_stat == -1)
+			{
+				snprintf(err, errlen,
+				         "error on retrieving an entry from \"%s\"",
+				         conf->conf_signtable);
+				return -1;
 			}
 		}
 	}

From 632e838e16d46bb461cfb5f8d36a33eba4e7fc49 Mon Sep 17 00:00:00 2001
From: FUTATSUKI Yasuhito <futatuki@yf.bsdclub.org>
Date: Mon, 23 Dec 2024 19:19:26 +0900
Subject: [PATCH 2/2] opendkim/tests/t-sign-rs-tables-bad.conf: change type of
 signing table

SigningTable is now checked for each entries so that their corresponding
key entry exists in valid form as well as its existence in KeyTable
on loading config file on start up, if the type of SigningTable dataset
supports dkimf_db_walk.

However we need to use bad format entry in KeyTable, to perform the
test, so we use 'refile' dataset type for SigningTable to avoid
the check.
---
 opendkim/tests/t-sign-rs-tables-bad.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/opendkim/tests/t-sign-rs-tables-bad.conf b/opendkim/tests/t-sign-rs-tables-bad.conf
index 0178920e..99f2a939 100644
--- a/opendkim/tests/t-sign-rs-tables-bad.conf
+++ b/opendkim/tests/t-sign-rs-tables-bad.conf
@@ -5,4 +5,4 @@ Background		No
 Canonicalization	relaxed/simple
 RequireSafeKeys		No
 KeyTable		file:t-sign-rs-tables-bad.keys
-SigningTable		file:t-sign-rs-tables.sign
+SigningTable		refile:t-sign-rs-tables.sign