commit 845b8c0: [Minor] Dkim_signing: correct is_skip_sign logic

[Peter Wu]

Author: Peter Wu
Date: 2020-01-16 01:11:49 +0000
URL: https://github.com/rspamd/rspamd/commit/845b8c00dc03d2a98f5514eda15f0e8909cd96b7 (refs/pull/3214/head)

[Minor] Dkim_signing: correct is_skip_sign logic
If any of "sign_networks", "auth_only", or "sign_local" are disabled,
then it should not automatically proceed with signing if the enabled
conditions all fail. For example, if only the auth_only setting is
enabled, and is_authed is false, then signing should be skipped.

An earlier check luckily prevents this correctness issue from being
exploitable ("ignoring unauthenticated mail"), but fix the logic anyway.

---
 lualib/lua_dkim_tools.lua | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 90bff13d5..42b595670 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -211,9 +211,9 @@ local function prepare_dkim_signing(N, task, settings)
   end
 
   local function is_skip_sign()
-    return (settings.sign_networks and not is_sign_networks) and
-        (settings.auth_only and not is_authed) and
-        (settings.sign_local and not is_local)
+    return not (settings.sign_networks and is_sign_networks) and
+        not (settings.auth_only and is_authed) and
+        not (settings.sign_local and is_local)
   end
 
   if hdom then