summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--doc/doc-txt/ChangeLog6
-rw-r--r--src/src/pdkim/pdkim.c17
2 files changed, 20 insertions, 3 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index d13004b8c..7ec669b1c 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -19,6 +19,12 @@ JH/02 Disallow '/' characters in queue names specified for the "queue=" ACL
JH/03 Fix pgsql lookup for multiple result-tuples with a single column.
Previously only the last row was returned.
+JH/04 Bug 2217: Tighten up the parsing of DKIM signature headers. Previously
+ we assumed that tags in the header were well-formed, and parsed the
+ element content after inspecting only the first char of the tag.
+ Assumptions at that stage could crash the receive process on malformed
+ input.
+
Exim version 4.90
-----------------
diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
index 20366a461..b884671da 100644
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -490,7 +490,12 @@ for (p = raw_hdr; ; p++)
if (c == ';' || c == '\0')
{
- if (cur_tag && cur_val)
+ /* We must have both tag and value, and tags must be one char except
+ for the possibility of "bh". */
+
+ if ( cur_tag && cur_val
+ && (cur_tag->ptr == 1 || *cur_tag->s == 'b')
+ )
{
(void) string_from_gstring(cur_val);
pdkim_strtrim(cur_val);
@@ -500,8 +505,14 @@ for (p = raw_hdr; ; p++)
switch (*cur_tag->s)
{
case 'b':
- pdkim_decode_base64(cur_val->s,
- cur_tag->s[1] == 'h' ? &sig->bodyhash : &sig->sighash);
+ switch (cur_tag->s[1])
+ {
+ case '\0': pdkim_decode_base64(cur_val->s, &sig->sighash); break;
+ case 'h': if (cur_tag->ptr == 2)
+ pdkim_decode_base64(cur_val->s, &sig->bodyhash);
+ break;
+ default: break;
+ }
break;
case 'v':
/* We only support version 1, and that is currently the