From 49e56fb37f587bf0e69d2fbe76fa0793f898c26f Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Thu, 21 Jun 2018 17:03:38 +0100 Subject: [PATCH] DKIM: Fix signing for body lines starting with a pair of dots. Bug 2284 Broken-by: 42055a3385 --- doc/doc-txt/ChangeLog | 2 ++ src/src/dkim_transport.c | 9 +++++++-- test/log/4520 | 14 ++++++++++++-- test/mail/4520.a | 17 ----------------- test/scripts/4500-DKIM/4520 | 9 ++++++++- 5 files changed, 29 insertions(+), 22 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 5303b2d50..96508ff3f 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -66,6 +66,8 @@ JH/13 For receent Openssl versions (1.1 onward) use modern generic protocol now-deprecated earlier definitions used only specified the range up to TLS 1.2 (in the older-version library docs). +JH/14 Bug 2284: Fix DKIM signing for body lines starting with a pair of dots. + Exim version 4.91 ----------------- diff --git a/src/src/dkim_transport.c b/src/src/dkim_transport.c index c35ba1eff..0e9c3818c 100644 --- a/src/src/dkim_transport.c +++ b/src/src/dkim_transport.c @@ -154,7 +154,10 @@ if (!rc) return FALSE; arc_sign_init(); #endif -dkim->dot_stuffed = !!(save_options & topt_end_dot); +/* The dotstuffed status of the datafile depends on whether it was stored +in wireformat. */ + +dkim->dot_stuffed = spool_file_wireformat; if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET, hdrs, dkim, &errstr))) if (!(rc = dkt_sign_fail(dkim, &errno))) @@ -272,7 +275,9 @@ if (!rc) arc_sign_init(); #endif -/* Feed the file to the goats^W DKIM lib */ +/* Feed the file to the goats^W DKIM lib. At this point the dotstuffed +status of the file depends on the output of transport_write_message() just +above, which should be the result of the end_dot flag in tctx->options. */ dkim->dot_stuffed = !!(options & topt_end_dot); if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr))) diff --git a/test/log/4520 b/test/log/4520 index d58393310..f49af25bf 100644 --- a/test/log/4520 +++ b/test/log/4520 @@ -20,8 +20,11 @@ 1999-03-02 09:44:33 10HmbJ-0005vi-00 => d@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbK-0005vi-00" 1999-03-02 09:44:33 10HmbJ-0005vi-00 Completed 1999-03-02 09:44:33 10HmbL-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss -1999-03-02 09:44:33 10HmbL-0005vi-00 => a@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbM-0005vi-00" +1999-03-02 09:44:33 10HmbL-0005vi-00 => e@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbM-0005vi-00" 1999-03-02 09:44:33 10HmbL-0005vi-00 Completed +1999-03-02 09:44:33 10HmbN-0005vi-00 <= CALLER@myhost.test.ex U=CALLER P=local S=sss +1999-03-02 09:44:33 10HmbN-0005vi-00 => f@test.ex R=client T=send_to_server H=ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4] C="250 OK id=10HmbO-0005vi-00" +1999-03-02 09:44:33 10HmbN-0005vi-00 Completed ******** SERVER ******** 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 @@ -78,5 +81,12 @@ 1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive 1999-03-02 09:44:33 10HmbM-0005vi-00 data acl: dkim status 1999-03-02 09:44:33 10HmbM-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbL-0005vi-00@myhost.test.ex -1999-03-02 09:44:33 10HmbM-0005vi-00 => a R=server_store T=file +1999-03-02 09:44:33 10HmbM-0005vi-00 => e R=server_store T=file 1999-03-02 09:44:33 10HmbM-0005vi-00 Completed +1999-03-02 09:44:33 rcpt acl: macro: From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post:List-Owner:List-Archive +1999-03-02 09:44:33 10HmbO-0005vi-00 dkim_acl: signer: test.ex bits: 1024 h=From +1999-03-02 09:44:33 10HmbO-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded] +1999-03-02 09:44:33 10HmbO-0005vi-00 data acl: dkim status pass +1999-03-02 09:44:33 10HmbO-0005vi-00 <= CALLER@myhost.test.ex H=the.local.host.name (myhost.test.ex) [ip4.ip4.ip4.ip4] P=esmtp S=sss id=E10HmbN-0005vi-00@myhost.test.ex +1999-03-02 09:44:33 10HmbO-0005vi-00 => f R=server_store T=file +1999-03-02 09:44:33 10HmbO-0005vi-00 Completed diff --git a/test/mail/4520.a b/test/mail/4520.a index f33057d4d..430033f9c 100644 --- a/test/mail/4520.a +++ b/test/mail/4520.a @@ -21,20 +21,3 @@ Date: Tue, 2 Mar 1999 09:44:33 +0000 content -From CALLER@myhost.test.ex Tue Mar 02 09:44:33 1999 -Received: from the.local.host.name ([ip4.ip4.ip4.ip4] helo=myhost.test.ex) - by myhost.test.ex with esmtp (Exim x.yz) - (envelope-from ) - id 10HmbM-0005vi-00 - for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -Received: from CALLER by myhost.test.ex with local (Exim x.yz) - (envelope-from ) - id 10HmbL-0005vi-00 - for a@test.ex; Tue, 2 Mar 1999 09:44:33 +0000 -From: nobody@example.com -Message-Id: -Sender: CALLER_NAME -Date: Tue, 2 Mar 1999 09:44:33 +0000 - -content - diff --git a/test/scripts/4500-DKIM/4520 b/test/scripts/4500-DKIM/4520 index 8e60f4bec..8f962a001 100644 --- a/test/scripts/4500-DKIM/4520 +++ b/test/scripts/4500-DKIM/4520 @@ -67,12 +67,19 @@ content **** # # check that an empty dkim_privatekey overrides dkim_strict -exim -DOPT=From -DSTRICT=true -DSELECTOR=none -odf a@test.ex +exim -DOPT=From -DSTRICT=true -DSELECTOR=none -odf e@test.ex From: nobody@example.com content **** # +# single header signed, body line starting with dot +exim -DOPT=From -odf f@test.ex +From: nobody@example.com + +..content +**** +# millisleep 500 killdaemon no_msglog_check -- 2.25.1