commit 84603e8: [CritFix] Dkim: Fix simple canonicalisation if multiple signatures are presented
Vsevolod Stakhov
vsevolod at highsecure.ru
Fri Oct 23 11:21:07 UTC 2020
Author: Vsevolod Stakhov
Date: 2020-10-23 12:18:57 +0100
URL: https://github.com/rspamd/rspamd/commit/84603e8f3197652b18d5bc4ca20f5580ce33d6af (HEAD -> master)
[CritFix] Dkim: Fix simple canonicalisation if multiple signatures are presented
---
src/libserver/dkim.c | 20 ++++++++++++++++----
1 file changed, 16 insertions(+), 4 deletions(-)
diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 27db77c26..a8db8fe56 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -849,6 +849,8 @@ rspamd_create_dkim_context (const gchar *sig,
ctx->common.sig_hash = rspamd_cryptobox_fast_hash (sig, end - sig,
rspamd_hash_seed ());
+ msg_debug_dkim ("create dkim context sig = %L", ctx->common.sig_hash);
+
while (p <= end) {
switch (state) {
case DKIM_STATE_TAG:
@@ -2416,19 +2418,29 @@ rspamd_dkim_canonize_header (struct rspamd_dkim_common_ctx *ctx,
if (rh) {
/* We need to find our own signature */
if (!dkim_domain) {
+ msg_err_dkim ("cannot verify dkim as we have no dkim domain!");
return FALSE;
}
+ gboolean found = FALSE;
+
DL_FOREACH (rh, cur) {
- guint64 th = rspamd_cryptobox_fast_hash (rh->decoded,
- strlen (rh->decoded), rspamd_hash_seed ());
+ guint64 th = rspamd_cryptobox_fast_hash (cur->decoded,
+ strlen (cur->decoded), rspamd_hash_seed ());
if (th == ctx->sig_hash) {
- rspamd_dkim_signature_update (ctx, rh->raw_value,
- rh->raw_len);
+ rspamd_dkim_signature_update (ctx, cur->raw_value,
+ cur->raw_len);
+ found = TRUE;
break;
}
}
+ if (!found) {
+ msg_err_dkim ("BUGON: cannot verify dkim as we have lost our signature"
+ " during simple canonicalisation, expected hash=%L",
+ ctx->sig_hash);
+ return FALSE;
+ }
}
else {
return FALSE;
More information about the Commits
mailing list