commit aba1538: [Fix] Fix DKIM keys with spaces still allowing errors on invalid base64

Vsevolod Stakhov vsevolod at rspamd.com
Fri Apr 15 21:14:08 UTC 2022


Author: Vsevolod Stakhov
Date: 2022-04-15 22:08:23 +0100
URL: https://github.com/rspamd/rspamd/commit/aba153823664a19ce8203ff3a3a758b75c0dedb6 (HEAD -> master)

[Fix] Fix DKIM keys with spaces still allowing errors on invalid base64
Issue: #4149

---
 src/libserver/dkim.c | 28 +++++++++++++++++++---------
 1 file changed, 19 insertions(+), 9 deletions(-)

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index f37fc1005..4bf96b1b6 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -151,6 +151,7 @@ struct rspamd_dkim_context_s {
 
 struct rspamd_dkim_key_s {
 	guint8 *keydata;
+	guint8 *raw_key;
 	gsize keylen;
 	gsize decoded_len;
 	gchar key_id[RSPAMD_DKIM_KEY_ID_LEN];
@@ -1332,11 +1333,26 @@ rspamd_dkim_make_key (const gchar *keydata,
 	key = g_malloc0 (sizeof (rspamd_dkim_key_t));
 	REF_INIT_RETAIN (key, rspamd_dkim_key_free);
 	key->keydata = g_malloc0 (keylen + 1);
+	key->raw_key = g_malloc (keylen);
 	key->decoded_len = keylen;
-	key->keylen = keylen;
 	key->type = type;
 
-	if (!rspamd_cryptobox_base64_decode (keydata, keylen, key->keydata,
+	/* Copy key skipping all spaces and newlines */
+	const char *h = keydata;
+	guint8 *t = key->raw_key;
+
+	while (h - keydata < keylen) {
+		if (!g_ascii_isspace(*h)) {
+			*t++ = *h++;
+		}
+		else {
+			h++;
+		}
+	}
+
+	key->keylen = t - key->raw_key;
+
+	if (!rspamd_cryptobox_base64_decode (key->raw_key, key->keylen, key->keydata,
 			&key->decoded_len)) {
 		REF_RELEASE (key);
 		g_set_error (err,
@@ -1470,6 +1486,7 @@ rspamd_dkim_key_free (rspamd_dkim_key_t *key)
 		BIO_free (key->key_bio);
 	}
 
+	g_free (key->raw_key);
 	g_free (key->keydata);
 	g_free (key);
 }
@@ -1578,13 +1595,6 @@ rspamd_dkim_parse_key (const gchar *txt, gsize *keylen, GError **err)
 				tag = '\0';
 				p++;
 			}
-			else if (g_ascii_isspace (*p)) {
-				klen = p - c;
-				key = c;
-				state = skip_spaces;
-				next_state = read_tag;
-				tag = '\0';
-			}
 			else {
 				p ++;
 			}


More information about the Commits mailing list