trusteddomainproject
Memory leak in opendmarc.c
Hi guys,
There is a memory leak at https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/opendmarc.c#L2958-L2974
This is easily fixed with a free() as shown in the attached patch. opendmarc-free-arcdomain-patch.txt
I found this while I was reading OpenDMARC source trying to understand why ARC override was not working with the policy always failing with "ARC pass, policy fail > continuing DMARC eval" even though I had configured OpenDMARC with the "DomainWhitelistFile" option and the community_sealer_whitelist file.
Turns out I didn't configure OpenARC's "FinalReceiver" option (the default is "no"). If set, this option causes OpenARC to pass chain signatory information downstream for local policy evaluation in the event of an authentication failure, adding the "arc.chain" field to the locally generated Authentication-Results header that then OpenDMARC needs to override a failing DMARC check. As described at https://github.com/trusteddomainproject/OpenDMARC/blob/master/opendmarc/README#L198-L214 the conditions OpenDMARC needs to override a failed DMARC are: "arc=pass", "arc.chain" is present (local TrustedAuthservID Authentication-Results) and all listed domains (sealers) in the chain are whitelisted (with "DomainWhitelist" or "DomainWhitelistFile" OpenDMARC's options). The point is that the "arc.chain" field in OpenARC's Authentication-Results header will only be there if OpenARC is configured with "FinalReceiver = yes". Now I get "ARC pass, policy pass > overriding DMARC fail" as expected. I leave this info here just to help others with the same question.
Thx.
