From 0c2250d167e858666f6ab372fe34dbd9e682932d Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Mon, 9 Apr 2018 15:08:34 +0100 Subject: [PATCH] ARC: fix signing when DKIM-signing is also being done The ordering of headers being signed was wrong when a message being forwarded arrived with a dkim signature --- src/src/arc.c | 11 +++--- test/confs/4562 | 75 ++++++++++++++++++++++++++++++++++++++ test/log/4562 | 18 +++++++++ test/scripts/4560-ARC/4562 | 48 ++++++++++++++++++++++++ 4 files changed, 146 insertions(+), 6 deletions(-) create mode 100644 test/confs/4562 create mode 100644 test/log/4562 create mode 100644 test/scripts/4560-ARC/4562 diff --git a/src/src/arc.c b/src/src/arc.c index 39c081193..6f567dc5f 100644 --- a/src/src/arc.c +++ b/src/src/arc.c @@ -1565,18 +1565,17 @@ string_from_gstring(sigheaders); if ((rheaders = arc_sign_scan_headers(&arc_sign_ctx, sigheaders))) { hdr_rlist ** rp; - for (rp = &rheaders; *rp; ) rp = &(*rp)->prev; - *rp = headers_rlist; - headers_rlist = rheaders; + for (rp = &headers_rlist; *rp; ) rp = &(*rp)->prev; + *rp = rheaders; } -else - rheaders = headers_rlist; /* Finally, build a normal-order headers list */ /*XXX only needed for hunt-the-AR? */ +/*XXX also, we really should be accepting any number of ADMD-matching ARs */ { header_line * hnext = NULL; - for (; rheaders; hnext = rheaders->h, rheaders = rheaders->prev) + for (rheaders = headers_rlist; rheaders; + hnext = rheaders->h, rheaders = rheaders->prev) rheaders->h->next = hnext; headers = hnext; } diff --git a/test/confs/4562 b/test/confs/4562 new file mode 100644 index 000000000..7adcd54f1 --- /dev/null +++ b/test/confs/4562 @@ -0,0 +1,75 @@ +# Exim test configuration 4562 + +SERVER= +VALUE= +INSERT= + +.include DIR/aux-var/std_conf_prefix + +primary_hostname = test.ex + +# ----- Main settings ----- + +acl_smtp_rcpt = accept +acl_smtp_data = check_data + +log_selector = +received_recipients +dkim_verbose +queue_only + +# ----- ACL ----- +begin acl + +check_data: + warn !verify = arc VALUE + INSERT + + warn logwrite = arc_state: <$arc_state> + condition = ${if def:arc_state_reason} + logwrite = reason: <$arc_state_reason> + +.ifdef OPTION + accept +.else + accept add_header = :at_start:${authresults {$primary_hostname}} +.endif + +# ----- Routers ----- + +begin routers + +d1: + driver = accept + local_parts = ^a + transport = tfile + +redir: + driver = redirect + data = ${substr_1:$local_part}@$domain + redirect_router = fwd + +fwd: + driver = accept + transport = tsmtp + +# ----- Transports ----- + +begin transports + +tfile: + driver = appendfile + file = DIR/test-mail/$local_part + user = CALLER + +tsmtp: + driver = smtp + hosts = 127.0.0.1 + port = PORT_D + allow_localhost + dkim_domain = $primary_hostname + dkim_selector = sel + dkim_private_key = DIR/aux-fixed/dkim/dkim.private +.ifndef OPTION + arc_sign = $primary_hostname : sel : DIR/aux-fixed/dkim/dkim.private +.endif + +# End diff --git a/test/log/4562 b/test/log/4562 new file mode 100644 index 000000000..bfb1d9e46 --- /dev/null +++ b/test/log/4562 @@ -0,0 +1,18 @@ + +******** SERVER ******** +1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 +1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=example.com s=sel c=relaxed/relaxed a=rsa-sha256 b=2048 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state: +1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net for za@test.ex +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=example.com s=sel c=relaxed/relaxed a=rsa-sha256 b=2048 [verification failed - body hash mismatch (body probably modified in transit)] +1999-03-02 09:44:33 10HmaY-0005vi-00 arc_state: +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss DKIM=test.ex ARC id=qwerty1234@disco-zombie.net for a@test.ex +1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00" +1999-03-02 09:44:33 10HmaX-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp +1999-03-02 09:44:33 Start queue run: pid=pppp +1999-03-02 09:44:33 10HmaY-0005vi-00 => a R=d1 T=tfile +1999-03-02 09:44:33 10HmaY-0005vi-00 Completed +1999-03-02 09:44:33 End queue run: pid=pppp diff --git a/test/scripts/4560-ARC/4562 b/test/scripts/4560-ARC/4562 new file mode 100644 index 000000000..3f21e1ebd --- /dev/null +++ b/test/scripts/4560-ARC/4562 @@ -0,0 +1,48 @@ +# ARC sign, DKIM header interactions +# +exim -DSERVER=server -bd -oX PORT_D +**** +# +# Random-ish input message, having a DKIM header +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; + d=example.com; s=sel; h=List-Archive; + bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=uslVEq1LzHDR2ACoSTiErsGhe + GcuqL5no/4XYjsEJOIXkKFp4FFTj7QTcblHqyqsjgd5Dgs7zuFV4U3lwU9jSZtqJNQI+BtYZ5dS48 + sjr9PbLiguw8rAv5eDXBQKi5XcNCnZlUnWEjl10OXEgJZ9UXdKToWHpSfWEw1nFvOlKAfPBfkznnA + EOQXSTJOTanLpr7EZ4Yw5LWE+9BWJfnl6snn6W0mmJl4tbfEXEV1ZzOxdQF1rwjJqmojoCG36Z+v5 + sWKswl7HgSlKo2GKgxh9zIIhoxg5+7zfmHdKUQ2/6zuR8nqjDAjl3bSdOMgZVM0L6G6EMxQP6Sj6f + oEr6ePt9A==; +From: mrgus@text.ex +To: bakawolf@yahoo.com +Date: Thu, 19 Nov 2015 17:00:07 -0700 +Message-ID: +Subject: simple test + +This is a simple test. +. +??? 250 +QUIT +??? 221 +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +exim -DSERVER=server -DNOTDAEMON -q +**** +# +# +# +# +# +killdaemon +no_stdout_check +no_msglog_check -- 2.25.1