# HG changeset patch
# User Carl Byington <carl@five-ten-sg.com>
# Date 1506982195 25200
# Node ID 6f2db3d19a34a408eb572eb33c9ad6c56711067b
# Parent  9911e362b5dccf3406ae62c1db8cbb6bf7ba0ea9
allow 4000 byte spf txt records

diff -r 9911e362b5dc -r 6f2db3d19a34 ChangeLog
--- a/ChangeLog	Fri Aug 18 09:59:22 2017 -0700
+++ b/ChangeLog	Mon Oct 02 15:09:55 2017 -0700
@@ -1,3 +1,6 @@
+6.61 2017-10-02
+    allow 4000 byte spf txt records.
+
 6.60 2017-08-18
     hosts-ignore.conf can be used to ignore nameserver names
 
diff -r 9911e362b5dc -r 6f2db3d19a34 NEWS
--- a/NEWS	Fri Aug 18 09:59:22 2017 -0700
+++ b/NEWS	Mon Oct 02 15:09:55 2017 -0700
@@ -1,3 +1,4 @@
+6.61 2017-10-02 allow 4000 byte spf txt records
 6.60 2017-08-18 hosts-ignore.conf can be used to ignore nameserver names
 6.59 2017-07-26 use both envelope from and header from for spf checks when envelope from is a subdomain of the header from domain.
 6.58 2017-05-19 spf code now handles %{d} and %{h} macros, use envelope from value for spf if it is a subdomain of the header from domain.
diff -r 9911e362b5dc -r 6f2db3d19a34 configure.in
--- a/configure.in	Fri Aug 18 09:59:22 2017 -0700
+++ b/configure.in	Mon Oct 02 15:09:55 2017 -0700
@@ -1,6 +1,6 @@
 
 AC_PREREQ(2.59)
-AC_INIT(dnsbl,6.60,carl@five-ten-sg.com)
+AC_INIT(dnsbl,6.61,carl@five-ten-sg.com)
 AC_CONFIG_SRCDIR([config.h.in])
 AC_CONFIG_HEADER([config.h])
 AC_CONFIG_MACRO_DIR([m4])
diff -r 9911e362b5dc -r 6f2db3d19a34 dnsbl.spec.in
--- a/dnsbl.spec.in	Fri Aug 18 09:59:22 2017 -0700
+++ b/dnsbl.spec.in	Mon Oct 02 15:09:55 2017 -0700
@@ -155,6 +155,9 @@
 
 
 %changelog
+* Mon Oct 02 2017 Carl Byington <carl@five-ten-sg.com> - 6.61-1
+- allow 4000 byte spf txt records
+
 * Fri Aug 18 2017 Carl Byington <carl@five-ten-sg.com> - 6.60-1
 - hosts-ignore.conf can be used to ignore nameserver names
   ns1.google.com ended up on the sbl
diff -r 9911e362b5dc -r 6f2db3d19a34 src/context.cpp
--- a/src/context.cpp	Fri Aug 18 09:59:22 2017 -0700
+++ b/src/context.cpp	Mon Oct 02 15:09:55 2017 -0700
@@ -1171,9 +1171,9 @@
 
 bool CONTEXT::resolve_one_spf(const char *from, uint32_t ip, mlfiPriv *priv, int level)
 {
-    char buf[maxlen];
+    char buf[maxdnslength];
     log(priv->queueid, "looking for %s txt record", from);
-    dns_interface(*priv, from, ns_t_txt, false, NULL, buf, maxlen);
+    dns_interface(*priv, from, ns_t_txt, false, NULL, buf, maxdnslength);
     if (*buf) {
         log(priv->queueid, "found txt record %s", buf);
         // expand some macros here - a very restricted subset of all possible spf macros
@@ -1231,8 +1231,8 @@
                 }
                 else if (strncmp(p, "exists:", 7) == 0) {
                     p += 7;
-                    char buf[maxlen];
-                    dns_interface(*priv, p, ns_t_a, false, NULL, buf, maxlen);
+                    char buf[maxdnslength];
+                    dns_interface(*priv, p, ns_t_a, false, NULL, buf, maxdnslength);
                     uint32_t *a = (uint32_t *)buf;
                     if (a[0]) {
                         log(priv->queueid, "match exists:%s", p);
@@ -1241,13 +1241,13 @@
                 }
                 else if (strncmp(p, "mx", 2) == 0) {
                     const char *name = (p[2] == ':') ? p+2 : from;
-                    char buf[maxlen];
-                    dns_interface(*priv, name, ns_t_mx, false, NULL, buf, maxlen);
+                    char buf[maxdnslength];
+                    dns_interface(*priv, name, ns_t_mx, false, NULL, buf, maxdnslength);
                     char *b = buf;
                     while (*b) {
                         log(priv->queueid, "found mx %s", b);
-                        char buf[maxlen];
-                        dns_interface(*priv, b, ns_t_a, false, NULL, buf, maxlen);
+                        char buf[maxdnslength];
+                        dns_interface(*priv, b, ns_t_a, false, NULL, buf, maxdnslength);
                         uint32_t *a = (uint32_t *)buf;
                         size_t c = a[0];
                         for (size_t i=1; i<=c; i++) {
@@ -1266,8 +1266,8 @@
                 }
                 else if (p[0] == 'a') {
                     const char *name = (p[1] == ':') ? p+2 : from;
-                    char buf[maxlen];
-                    dns_interface(*priv, name, ns_t_a, false, NULL, buf, maxlen);
+                    char buf[maxdnslength];
+                    dns_interface(*priv, name, ns_t_a, false, NULL, buf, maxdnslength);
                     uint32_t *a = (uint32_t *)buf;
                     size_t c = a[0];
                     for (size_t i=1; i<=c; i++) {
diff -r 9911e362b5dc -r 6f2db3d19a34 src/context.h
--- a/src/context.h	Fri Aug 18 09:59:22 2017 -0700
+++ b/src/context.h	Mon Oct 02 15:09:55 2017 -0700
@@ -9,6 +9,12 @@
 #ifndef context_include
 #define context_include
 
+#ifdef NS_PACKETSZ
+    #define maxdnslength (NS_PACKETSZ*8)
+#else
+    #define maxdnslength 1000
+#endif
+
 enum status {oksofar,       // not rejected yet
              white,         // whitelisted
              black,         // blacklisted
diff -r 9911e362b5dc -r 6f2db3d19a34 src/dnsbl.cpp
--- a/src/dnsbl.cpp	Fri Aug 18 09:59:22 2017 -0700
+++ b/src/dnsbl.cpp	Mon Oct 02 15:09:55 2017 -0700
@@ -151,7 +151,7 @@
 struct glommer {
     size_t  length;
     #ifdef NS_PACKETSZ
-        u_char answer[NS_PACKETSZ*8];   // with a resolver, we return resolver answers
+        u_char answer[maxdnslength];    // with a resolver, we return resolver answers
     #else
         uint32_t answer;                // without a resolver, we return a single ipv4 address in network byte order, 0 == no answer
     #endif