projects / packages / exim.git / blame
| Commit | Line | Data |
|---|---|---|
| 8ba7f611 AM |
1 | commit 6a11a9e618a72b8d96aecb2ad9aa300b98f8d991 |
| 2 | Author: Jeremy Harris <jgh146exb@wizmail.org> | |
| 3 | Date: Sun Nov 29 01:12:38 2015 +0000 | |
| 4 | ||
| 5 | DKIM: relaxed body canonicalisation should ignore whitespace at EOL | |
| 6 | and empty lines at EOM. Bug 1721 | |
| 7 | ||
| 8 | diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c | |
| 9 | index cd79521..de774a2 100644 | |
| 10 | --- a/src/src/pdkim/pdkim.c | |
| 11 | +++ b/src/src/pdkim/pdkim.c | |
| 12 | @@ -596,7 +596,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) { | |
| 13 | pdkim_strtrim(cur_val); | |
| 14 | #ifdef PDKIM_DEBUG | |
| 15 | if (ctx->debug_stream) | |
| 16 | - fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str); | |
| 17 | + fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str); | |
| 18 | #endif | |
| 19 | switch (cur_tag->str[0]) { | |
| 20 | case 'b': | |
| 21 | @@ -674,7 +674,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) { | |
| 22 | default: | |
| 23 | #ifdef PDKIM_DEBUG | |
| 24 | if (ctx->debug_stream) | |
| 25 | - fprintf(ctx->debug_stream, "Unknown tag encountered\n"); | |
| 26 | + fprintf(ctx->debug_stream, " Unknown tag encountered\n"); | |
| 27 | #endif | |
| 28 | break; | |
| 29 | } | |
| 30 | @@ -799,7 +799,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) { | |
| 31 | pdkim_strtrim(cur_val); | |
| 32 | #ifdef PDKIM_DEBUG | |
| 33 | if (ctx->debug_stream) | |
| 34 | - fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str); | |
| 35 | + fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str); | |
| 36 | #endif | |
| 37 | switch (cur_tag->str[0]) { | |
| 38 | case 'v': | |
| 39 | @@ -833,7 +833,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) { | |
| 40 | default: | |
| 41 | #ifdef PDKIM_DEBUG | |
| 42 | if (ctx->debug_stream) | |
| 43 | - fprintf(ctx->debug_stream, "Unknown tag encountered\n"); | |
| 44 | + fprintf(ctx->debug_stream, " Unknown tag encountered\n"); | |
| 45 | #endif | |
| 46 | break; | |
| 47 | } | |
| 48 | @@ -925,7 +925,7 @@ int pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len) { | |
| 49 | sig->signed_body_bytes += canon_len; | |
| 50 | #ifdef PDKIM_DEBUG | |
| 51 | if (ctx->debug_stream!=NULL) | |
| 52 | - pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,0); | |
| 53 | + pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,1); | |
| 54 | #endif | |
| 55 | } | |
| 56 | ||
| 57 | @@ -1037,6 +1037,23 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) { | |
| 58 | goto BAIL; | |
| 59 | } | |
| 60 | ||
| 61 | + if ( ctx->sig | |
| 62 | + && ctx->sig->canon_body == PDKIM_CANON_RELAXED) { | |
| 63 | + /* Lines with just spaces need to be buffered too */ | |
| 64 | + char *check = p; | |
| 65 | + while(memcmp(check,"\r\n",2) != 0) { | |
| 66 | + char c = *check; | |
| 67 | + | |
| 68 | + if (c != '\t' && c != ' ') | |
| 69 | + goto PROCESS; | |
| 70 | + check++; | |
| 71 | + } | |
| 72 | + | |
| 73 | + ctx->num_buffered_crlf++; | |
| 74 | + goto BAIL; | |
| 75 | + } | |
| 76 | + | |
| 77 | + PROCESS: | |
| 78 | /* At this point, we have a non-empty line, so release the buffered ones. */ | |
| 79 | while (ctx->num_buffered_crlf) { | |
| 80 | pdkim_update_bodyhash(ctx,"\r\n",2); | |
| 81 | @@ -1699,7 +1716,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu | |
| 82 | if (ctx->debug_stream) { | |
| 83 | fprintf(ctx->debug_stream, | |
| 84 | "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); | |
| 85 | - fprintf(ctx->debug_stream,"Raw record: "); | |
| 86 | + fprintf(ctx->debug_stream," Raw record: "); | |
| 87 | pdkim_quoteprint(ctx->debug_stream, dns_txt_reply, strlen(dns_txt_reply), 1); | |
| 88 | } | |
| 89 | #endif | |
| 90 | @@ -1710,7 +1727,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu | |
| 91 | sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_PARSING; | |
| 92 | #ifdef PDKIM_DEBUG | |
| 93 | if (ctx->debug_stream) { | |
| 94 | - fprintf(ctx->debug_stream,"Error while parsing public key record\n"); | |
| 95 | + fprintf(ctx->debug_stream," Error while parsing public key record\n"); | |
| 96 | fprintf(ctx->debug_stream, | |
| 97 | "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); | |
| 98 | } | |
| 99 | ||
| 100 | commit 9042106b5116fcc621e1c720460a42896011c1cd | |
| 101 | Author: Jeremy Harris <jgh146exb@wizmail.org> | |
| 102 | Date: Sun Nov 29 01:36:06 2015 +0000 | |
| 103 | ||
| 104 | DKIM: fix relaxed body verify for a newline-only body. Bug 963 | |
| 105 | ||
| 106 | diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c | |
| 107 | index 99948ff..94328f7 100644 | |
| 108 | --- a/src/src/pdkim/pdkim.c | |
| 109 | +++ b/src/src/pdkim/pdkim.c | |
| 110 | @@ -987,11 +987,11 @@ int pdkim_finish_bodyhash(pdkim_ctx *ctx) { | |
| 111 | else { | |
| 112 | #ifdef PDKIM_DEBUG | |
| 113 | if (ctx->debug_stream) { | |
| 114 | - fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n", | |
| 115 | - sig->domain); | |
| 116 | fprintf(ctx->debug_stream, "PDKIM [%s] bh signature: ", sig->domain); | |
| 117 | pdkim_hexprint(ctx->debug_stream, sig->bodyhash, | |
| 118 | (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32,1); | |
| 119 | + fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n", | |
| 120 | + sig->domain); | |
| 121 | } | |
| 122 | #endif | |
| 123 | sig->verify_status = PDKIM_VERIFY_FAIL; | |
| 124 | @@ -1022,6 +1022,12 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) { | |
| 125 | if (ctx->input_mode == PDKIM_INPUT_SMTP) { | |
| 126 | /* Terminate on EOD marker */ | |
| 127 | if (memcmp(p,".\r\n",3) == 0) { | |
| 128 | + /* In simple body mode, if any empty lines were buffered, | |
| 129 | + replace with one. rfc 4871 3.4.3 */ | |
| 130 | + if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE | |
| 131 | + && ctx->num_buffered_crlf > 0) | |
| 132 | + pdkim_update_bodyhash(ctx,"\r\n",2); | |
| 133 | + | |
| 134 | ctx->seen_eod = 1; | |
| 135 | goto BAIL; | |
| 136 | } | |
| 137 | ||
| 036c5f09 AM |
138 | --- a/src/src/pdkim/pdkim.c~ 2015-12-02 19:18:54.000000000 +0100 |
| 139 | +++ a/src/src/pdkim/pdkim.c 2015-12-02 19:22:09.149625694 +0100 | |
| 140 | @@ -1096,6 +1096,7 @@ | |
| 141 | int pdkim_bodyline_complete(pdkim_ctx *ctx) { | |
| 142 | char *p = ctx->linebuf; | |
| 143 | int n = ctx->linebuf_offset; | |
| 144 | + pdkim_signature *sig = ctx->sig; /*XXX assumes only one sig */ | |
| 145 | ||
| 146 | /* Ignore extra data if we've seen the end-of-data marker */ | |
| 147 | if (ctx->seen_eod) goto BAIL; | |
| 148 | @@ -1108,7 +1109,8 @@ | |
| 149 | if (memcmp(p,".\r\n",3) == 0) { | |
| 150 | /* In simple body mode, if any empty lines were buffered, | |
| 151 | replace with one. rfc 4871 3.4.3 */ | |
| 152 | - if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE | |
| 153 | + if ( sig && sig->canon_body == PDKIM_CANON_SIMPLE | |
| 154 | + && sig->signed_body_bytes == 0 | |
| 155 | && ctx->num_buffered_crlf > 0) | |
| 156 | pdkim_update_bodyhash(ctx,"\r\n",2); | |
| 157 | ||
| 158 | @@ -1128,8 +1130,8 @@ | |
| 159 | goto BAIL; | |
| 160 | } | |
| 161 | ||
| 162 | - if ( ctx->sig | |
| 163 | - && ctx->sig->canon_body == PDKIM_CANON_RELAXED) { | |
| 164 | + if ( sig | |
| 165 | + && sig->canon_body == PDKIM_CANON_RELAXED) { | |
| 166 | /* Lines with just spaces need to be buffered too */ | |
| 167 | char *check = p; | |
| 168 | while(memcmp(check,"\r\n",2) != 0) { |