The consistency check of SigningTable and KeyTable on loading config load does not work properly

[futatuki]

If SigingTable and KeyTable is specified in config file and the dataset type of SigningTable has capability of db walk operation, opendkim milter performs consistency check on loading config file, for each entry in SigningTable if the keyname specified by the entry exists in KeyTable.

However while retrieving a SigningTable entry, it does not check error status on dkimf_db_walk() .

OpenDKIM/opendkim/opendkim.c

Lines 8348 to 8349 in 835834e

	while (dkimf_db_walk(conf->conf_signtabledb, first,
	NULL, NULL, dbd, 2) == 0)

So if there exists an bogus entry that causes error in SigingTable, the check would finish without error here, and rest of records in SigningTables does not checked.

Also, although the second field in values in SigningTable should be optional, it does not treat them in the consistency check above.

OpenDKIM/opendkim/opendkim.c

Lines 8341 to 8349 in 835834e

	dbd[0].dbdata_buffer = keyname;
	dbd[0].dbdata_buflen = sizeof keyname - 1;
	dbd[0].dbdata_flags = 0;
	dbd[1].dbdata_buffer = signer;
	dbd[1].dbdata_buflen = sizeof signer - 1;
	dbd[1].dbdata_flags = 0;
	while (dkimf_db_walk(conf->conf_signtabledb, first,
	NULL, NULL, dbd, 2) == 0)

e.g. a flat file SigningTable like below would not be checked at all:

foo.example.org		default._domainkey.foo.example.org
bar@foo.example.org	bar.default._domainkey.foo.example.org:bar@foo.example.org
baz.example.com		default._domainkey.baz.example.com:@baz.example.com