summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJeremy Harris <jgh146exb@wizmail.org>2018-03-23 11:06:35 +0000
committerJeremy Harris <jgh146exb@wizmail.org>2018-04-04 00:19:23 +0100
commitd64f251592db09252ac0584adbe72a2eeb9ca122 (patch)
tree88bc4526d38fa0c9cc0222e9ef4056d20d36b983 /src
parent59066f8faa347e2d1858f30066cbba6d82ffce0c (diff)
ARC: add independent-source testcase. Fix signatures by not line-terminating
last header line being hashed.
Diffstat (limited to 'src')
-rw-r--r--src/src/arc.c16
-rw-r--r--src/src/pdkim/pdkim.c14
2 files changed, 19 insertions, 11 deletions
diff --git a/src/src/arc.c b/src/src/arc.c
index e1fef6fb8..a0e2184bd 100644
--- a/src/src/arc.c
+++ b/src/src/arc.c
@@ -564,11 +564,11 @@ while ((hn = string_nextinlist(&headernames, &sep, NULL, 0)))
break;
}
-/* Finally add in the signature header (with the b= tag stripped) */
+/* Finally add in the signature header (with the b= tag stripped); no CRLF */
s = ams->rawsig_no_b_val.data, len = ams->rawsig_no_b_val.len;
if (relaxed)
- len = Ustrlen(s = pdkim_relax_header_n(s, len, TRUE));
+ len = Ustrlen(s = pdkim_relax_header_n(s, len, FALSE));
DEBUG(D_acl) pdkim_quoteprint(s, len);
exim_sha_update(&hhash_ctx, s, len);
@@ -865,6 +865,8 @@ if (!exim_sha_init(&hhash_ctx, pdkim_hashes[hashtype].exim_hashmethod))
header canonicalization defined in Section 3.4.2 of
[RFC6376]. Pass the canonicalized result to the hash
function.
+
+Headers are CRLF-separated, but the last one is not crlf-terminated.
*/
DEBUG(D_acl) debug_printf("ARC: AS header data for verification:\n");
@@ -895,7 +897,7 @@ for (as2 = ctx->arcset_chain;
al = as2->hdr_as;
if (as2->instance == as->instance)
s = pdkim_relax_header_n(al->rawsig_no_b_val.data,
- al->rawsig_no_b_val.len, TRUE);
+ al->rawsig_no_b_val.len, FALSE);
else if (!(s = al->relaxed))
al->relaxed = s = pdkim_relax_header_n(al->complete->text,
al->complete->slen, TRUE);
@@ -952,7 +954,7 @@ if ((errstr = exim_dkim_verify(&vctx,
{
DEBUG(D_acl)
debug_printf("ARC i=%d AS headers verify: %s\n", as->instance, errstr);
- arc_state_reason = US"seal sigverify init error";
+ arc_state_reason = US"seal sigverify error";
return US"fail";
}
@@ -1328,10 +1330,8 @@ if (g->s[g->ptr - 1] == ':') g->ptr--;
g = string_catn(g, US";\r\n\tb=;", 7);
/* Include the pseudo-header in the accumulation */
-/*XXX should that be prepended rather than appended? */
-/*XXX also need to include at the verify stage */
-s = pdkim_relax_header_n(g->s + ams_off, g->ptr - ams_off, TRUE);
+s = pdkim_relax_header_n(g->s + ams_off, g->ptr - ams_off, FALSE);
hdata = string_cat(hdata, s);
/* Calculate the signature from the accumulation */
@@ -1440,7 +1440,7 @@ for (as = Ustrcmp(status, US"fail") == 0
h = as->hdr_ams->complete;
hdata = string_cat(hdata, pdkim_relax_header_n(h->text, h->slen, TRUE));
h = as->hdr_as->complete;
- hdata = string_cat(hdata, pdkim_relax_header_n(h->text, h->slen, TRUE));
+ hdata = string_cat(hdata, pdkim_relax_header_n(h->text, h->slen, !!as->next));
}
/* Calculate the signature from the accumulation */
diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
index 457d83efc..2a66909ba 100644
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -1712,11 +1712,19 @@ for (sig = ctx->sig; sig; sig = sig->next)
sig->verify_ext_status = PDKIM_VERIFY_INVALID_SIGNATURE_ERROR;
DEBUG(D_acl) debug_printf(
- " Error in DKIM-Signature header: tags missing or invalid\n"
- "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ " Error in DKIM-Signature header: tags missing or invalid (%s)\n"
+ "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n",
+ !(sig->domain && *sig->domain) ? "d="
+ : !(sig->selector && *sig->selector) ? "s="
+ : !(sig->headernames && *sig->headernames) ? "h="
+ : !sig->bodyhash.data ? "bh="
+ : !sig->sighash.data ? "b="
+ : sig->keytype < 0 || sig->hashtype < 0 ? "a="
+ : "v="
+ );
goto NEXT_VERIFY;
}
-
+
/* Make sure sig uses supported DKIM version (only v1) */
if (sig->version != 1)
{