]>
Commit | Line | Data |
---|---|---|
8ba7f611 AM |
1 | commit 6a11a9e618a72b8d96aecb2ad9aa300b98f8d991 |
2 | Author: Jeremy Harris <jgh146exb@wizmail.org> | |
3 | Date: Sun Nov 29 01:12:38 2015 +0000 | |
4 | ||
5 | DKIM: relaxed body canonicalisation should ignore whitespace at EOL | |
6 | and empty lines at EOM. Bug 1721 | |
7 | ||
8 | diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c | |
9 | index cd79521..de774a2 100644 | |
10 | --- a/src/src/pdkim/pdkim.c | |
11 | +++ b/src/src/pdkim/pdkim.c | |
12 | @@ -596,7 +596,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) { | |
13 | pdkim_strtrim(cur_val); | |
14 | #ifdef PDKIM_DEBUG | |
15 | if (ctx->debug_stream) | |
16 | - fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str); | |
17 | + fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str); | |
18 | #endif | |
19 | switch (cur_tag->str[0]) { | |
20 | case 'b': | |
21 | @@ -674,7 +674,7 @@ pdkim_signature *pdkim_parse_sig_header(pdkim_ctx *ctx, char *raw_hdr) { | |
22 | default: | |
23 | #ifdef PDKIM_DEBUG | |
24 | if (ctx->debug_stream) | |
25 | - fprintf(ctx->debug_stream, "Unknown tag encountered\n"); | |
26 | + fprintf(ctx->debug_stream, " Unknown tag encountered\n"); | |
27 | #endif | |
28 | break; | |
29 | } | |
30 | @@ -799,7 +799,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) { | |
31 | pdkim_strtrim(cur_val); | |
32 | #ifdef PDKIM_DEBUG | |
33 | if (ctx->debug_stream) | |
34 | - fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str); | |
35 | + fprintf(ctx->debug_stream, " %s=%s\n", cur_tag->str, cur_val->str); | |
36 | #endif | |
37 | switch (cur_tag->str[0]) { | |
38 | case 'v': | |
39 | @@ -833,7 +833,7 @@ pdkim_pubkey *pdkim_parse_pubkey_record(pdkim_ctx *ctx, char *raw_record) { | |
40 | default: | |
41 | #ifdef PDKIM_DEBUG | |
42 | if (ctx->debug_stream) | |
43 | - fprintf(ctx->debug_stream, "Unknown tag encountered\n"); | |
44 | + fprintf(ctx->debug_stream, " Unknown tag encountered\n"); | |
45 | #endif | |
46 | break; | |
47 | } | |
48 | @@ -925,7 +925,7 @@ int pdkim_update_bodyhash(pdkim_ctx *ctx, const char *data, int len) { | |
49 | sig->signed_body_bytes += canon_len; | |
50 | #ifdef PDKIM_DEBUG | |
51 | if (ctx->debug_stream!=NULL) | |
52 | - pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,0); | |
53 | + pdkim_quoteprint(ctx->debug_stream,canon_data,canon_len,1); | |
54 | #endif | |
55 | } | |
56 | ||
57 | @@ -1037,6 +1037,23 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) { | |
58 | goto BAIL; | |
59 | } | |
60 | ||
61 | + if ( ctx->sig | |
62 | + && ctx->sig->canon_body == PDKIM_CANON_RELAXED) { | |
63 | + /* Lines with just spaces need to be buffered too */ | |
64 | + char *check = p; | |
65 | + while(memcmp(check,"\r\n",2) != 0) { | |
66 | + char c = *check; | |
67 | + | |
68 | + if (c != '\t' && c != ' ') | |
69 | + goto PROCESS; | |
70 | + check++; | |
71 | + } | |
72 | + | |
73 | + ctx->num_buffered_crlf++; | |
74 | + goto BAIL; | |
75 | + } | |
76 | + | |
77 | + PROCESS: | |
78 | /* At this point, we have a non-empty line, so release the buffered ones. */ | |
79 | while (ctx->num_buffered_crlf) { | |
80 | pdkim_update_bodyhash(ctx,"\r\n",2); | |
81 | @@ -1699,7 +1716,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu | |
82 | if (ctx->debug_stream) { | |
83 | fprintf(ctx->debug_stream, | |
84 | "PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"); | |
85 | - fprintf(ctx->debug_stream,"Raw record: "); | |
86 | + fprintf(ctx->debug_stream," Raw record: "); | |
87 | pdkim_quoteprint(ctx->debug_stream, dns_txt_reply, strlen(dns_txt_reply), 1); | |
88 | } | |
89 | #endif | |
90 | @@ -1710,7 +1727,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu | |
91 | sig->verify_ext_status = PDKIM_VERIFY_INVALID_PUBKEY_PARSING; | |
92 | #ifdef PDKIM_DEBUG | |
93 | if (ctx->debug_stream) { | |
94 | - fprintf(ctx->debug_stream,"Error while parsing public key record\n"); | |
95 | + fprintf(ctx->debug_stream," Error while parsing public key record\n"); | |
96 | fprintf(ctx->debug_stream, | |
97 | "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); | |
98 | } | |
99 | ||
100 | commit 9042106b5116fcc621e1c720460a42896011c1cd | |
101 | Author: Jeremy Harris <jgh146exb@wizmail.org> | |
102 | Date: Sun Nov 29 01:36:06 2015 +0000 | |
103 | ||
104 | DKIM: fix relaxed body verify for a newline-only body. Bug 963 | |
105 | ||
106 | diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c | |
107 | index 99948ff..94328f7 100644 | |
108 | --- a/src/src/pdkim/pdkim.c | |
109 | +++ b/src/src/pdkim/pdkim.c | |
110 | @@ -987,11 +987,11 @@ int pdkim_finish_bodyhash(pdkim_ctx *ctx) { | |
111 | else { | |
112 | #ifdef PDKIM_DEBUG | |
113 | if (ctx->debug_stream) { | |
114 | - fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n", | |
115 | - sig->domain); | |
116 | fprintf(ctx->debug_stream, "PDKIM [%s] bh signature: ", sig->domain); | |
117 | pdkim_hexprint(ctx->debug_stream, sig->bodyhash, | |
118 | (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32,1); | |
119 | + fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n", | |
120 | + sig->domain); | |
121 | } | |
122 | #endif | |
123 | sig->verify_status = PDKIM_VERIFY_FAIL; | |
124 | @@ -1022,6 +1022,12 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) { | |
125 | if (ctx->input_mode == PDKIM_INPUT_SMTP) { | |
126 | /* Terminate on EOD marker */ | |
127 | if (memcmp(p,".\r\n",3) == 0) { | |
128 | + /* In simple body mode, if any empty lines were buffered, | |
129 | + replace with one. rfc 4871 3.4.3 */ | |
130 | + if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE | |
131 | + && ctx->num_buffered_crlf > 0) | |
132 | + pdkim_update_bodyhash(ctx,"\r\n",2); | |
133 | + | |
134 | ctx->seen_eod = 1; | |
135 | goto BAIL; | |
136 | } | |
137 | ||
036c5f09 AM |
138 | --- a/src/src/pdkim/pdkim.c~ 2015-12-02 19:18:54.000000000 +0100 |
139 | +++ a/src/src/pdkim/pdkim.c 2015-12-02 19:22:09.149625694 +0100 | |
140 | @@ -1096,6 +1096,7 @@ | |
141 | int pdkim_bodyline_complete(pdkim_ctx *ctx) { | |
142 | char *p = ctx->linebuf; | |
143 | int n = ctx->linebuf_offset; | |
144 | + pdkim_signature *sig = ctx->sig; /*XXX assumes only one sig */ | |
145 | ||
146 | /* Ignore extra data if we've seen the end-of-data marker */ | |
147 | if (ctx->seen_eod) goto BAIL; | |
148 | @@ -1108,7 +1109,8 @@ | |
149 | if (memcmp(p,".\r\n",3) == 0) { | |
150 | /* In simple body mode, if any empty lines were buffered, | |
151 | replace with one. rfc 4871 3.4.3 */ | |
152 | - if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE | |
153 | + if ( sig && sig->canon_body == PDKIM_CANON_SIMPLE | |
154 | + && sig->signed_body_bytes == 0 | |
155 | && ctx->num_buffered_crlf > 0) | |
156 | pdkim_update_bodyhash(ctx,"\r\n",2); | |
157 | ||
158 | @@ -1128,8 +1130,8 @@ | |
159 | goto BAIL; | |
160 | } | |
161 | ||
162 | - if ( ctx->sig | |
163 | - && ctx->sig->canon_body == PDKIM_CANON_RELAXED) { | |
164 | + if ( sig | |
165 | + && sig->canon_body == PDKIM_CANON_RELAXED) { | |
166 | /* Lines with just spaces need to be buffered too */ | |
167 | char *check = p; | |
168 | while(memcmp(check,"\r\n",2) != 0) { |