summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTom Kistner <tom@duncanthrax.net>2009-11-23 08:34:05 +0000
committerTom Kistner <tom@duncanthrax.net>2009-11-23 08:34:05 +0000
commitff7ddfd72cf97da9b1bb21f5086607525bf47a4a (patch)
tree23c528cac85fd23c3da58d70b63aee8a6b74c4b1
parent177ebd9bf36a4603935ab7d0f5f3d10199fe26d0 (diff)
DKIM: fix wrong "pass" result on bodyhash mismatch
-rw-r--r--src/src/pdkim/pdkim.c51
1 files changed, 38 insertions, 13 deletions
diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
index b16960f8b..e8eba59c0 100644
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -20,7 +20,7 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.9 2009/11/19 18:52:48 nm4 Exp $ */
+/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.10 2009/11/23 08:34:05 tom Exp $ */
#include <stdlib.h>
#include <stdio.h>
@@ -105,6 +105,27 @@ pdkim_combined_canon_entry pdkim_combined_canons[] = {
};
+char *pdkim_verify_status_str(int status) {
+ switch(status) {
+ case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE";
+ case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
+ case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL";
+ case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS";
+ default: return "PDKIM_VERIFY_UNKNOWN";
+ }
+}
+char *pdkim_verify_ext_status_str(int ext_status) {
+ switch(ext_status) {
+ case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
+ case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
+ case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
+ case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
+ case PDKIM_VERIFY_INVALID_PUBKEY_PARSING: return "PDKIM_VERIFY_INVALID_PUBKEY_PARSING";
+ default: return "PDKIM_VERIFY_UNKNOWN";
+ }
+}
+
+
/* -------------------------------------------------------------------------- */
/* Print debugging functions */
#ifdef PDKIM_DEBUG
@@ -1283,7 +1304,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
#ifdef PDKIM_DEBUG
if (ctx->debug_stream)
fprintf(ctx->debug_stream,
- "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ "\nPDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
#endif
}
@@ -1573,26 +1594,30 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu
(unsigned char *)sig->sigdata) != 0) {
sig->verify_status = PDKIM_VERIFY_FAIL;
sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE;
- #ifdef PDKIM_DEBUG
- if (ctx->debug_stream) {
- fprintf(ctx->debug_stream, "PDKIM [%s] signature did NOT verify OK\n",
- sig->domain);
- }
- #endif
goto NEXT_VERIFY;
}
- /* We have a winner! */
- sig->verify_status = PDKIM_VERIFY_PASS;
+ /* We have a winner! (if bodydhash was correct earlier) */
+ if (sig->verify_status == PDKIM_VERIFY_NONE) {
+ sig->verify_status = PDKIM_VERIFY_PASS;
+ }
+
+ NEXT_VERIFY:
#ifdef PDKIM_DEBUG
if (ctx->debug_stream) {
- fprintf(ctx->debug_stream, "PDKIM [%s] signature verified OK\n",
- sig->domain);
+ fprintf(ctx->debug_stream, "PDKIM [%s] signature status: %s",
+ sig->domain, pdkim_verify_status_str(sig->verify_status));
+ if (sig->verify_ext_status > 0) {
+ fprintf(ctx->debug_stream, " (%s)\n",
+ pdkim_verify_ext_status_str(sig->verify_ext_status));
+ }
+ else {
+ fprintf(ctx->debug_stream, "\n");
+ }
}
#endif
- NEXT_VERIFY:
rsa_free(&rsa);
free(dns_txt_name);
free(dns_txt_reply);