From 9042106b5116fcc621e1c720460a42896011c1cd Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sun, 29 Nov 2015 01:36:06 +0000 Subject: [PATCH] DKIM: fix relaxed body verify for a newline-only body. Bug 963 --- src/src/pdkim/pdkim.c | 10 ++++- test/aux-fixed/4502.msg2.txt | 17 ++++++++ test/log/4502 | 2 + .../4500-Domain-Keys-Identified-Mail/4502 | 41 +++++++++++++++++++ 4 files changed, 68 insertions(+), 2 deletions(-) create mode 100644 test/aux-fixed/4502.msg2.txt diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index 99948ffc5..94328f7ee 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -987,11 +987,11 @@ int pdkim_finish_bodyhash(pdkim_ctx *ctx) { else { #ifdef PDKIM_DEBUG if (ctx->debug_stream) { - fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n", - sig->domain); fprintf(ctx->debug_stream, "PDKIM [%s] bh signature: ", sig->domain); pdkim_hexprint(ctx->debug_stream, sig->bodyhash, (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32,1); + fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n", + sig->domain); } #endif sig->verify_status = PDKIM_VERIFY_FAIL; @@ -1022,6 +1022,12 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) { if (ctx->input_mode == PDKIM_INPUT_SMTP) { /* Terminate on EOD marker */ if (memcmp(p,".\r\n",3) == 0) { + /* In simple body mode, if any empty lines were buffered, + replace with one. rfc 4871 3.4.3 */ + if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE + && ctx->num_buffered_crlf > 0) + pdkim_update_bodyhash(ctx,"\r\n",2); + ctx->seen_eod = 1; goto BAIL; } diff --git a/test/aux-fixed/4502.msg2.txt b/test/aux-fixed/4502.msg2.txt new file mode 100644 index 000000000..d0eabc487 --- /dev/null +++ b/test/aux-fixed/4502.msg2.txt @@ -0,0 +1,17 @@ +Received: from xxxxxxxx.sproing.at ([127.0.0.1]:6225 helo=xxxxxxxx.sproing.at) + by yyyyyyyyyy.sproing.at with esmtp (Exim 4.86) + (envelope-from ) + id 1a2FuN-0007pz-HD + for eximdkimtest@sproing.at; Fri, 27 Nov 2015 11:05:39 +0100 +From: +To: +Subject: test +Date: Fri, 27 Nov 2015 11:05:38 +0100 +MIME-Version: 1.0 +Content-Type: text/plain; + + + + + + diff --git a/test/log/4502 b/test/log/4502 index 1e6be43f0..eff4be051 100644 --- a/test/log/4502 +++ b/test/log/4502 @@ -3,3 +3,5 @@ 1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225 1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha1 [verification succeeded] 1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=564CFC9B.1040905@yahoo.com +1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/simple a=rsa-sha1 [verification succeeded] +1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss diff --git a/test/scripts/4500-Domain-Keys-Identified-Mail/4502 b/test/scripts/4500-Domain-Keys-Identified-Mail/4502 index 9f6d62fcd..25ebadde3 100644 --- a/test/scripts/4500-Domain-Keys-Identified-Mail/4502 +++ b/test/scripts/4500-Domain-Keys-Identified-Mail/4502 @@ -44,6 +44,47 @@ test +. +??? 250 +QUIT +??? 221 +**** +# +# This should pass. +# Mail original in aux-fixed/4502.msg2.txt +# Sig generated by: perl aux-fixed/dkim/sign.pl --method=relaxed < aux_fixed/4502.msg2.txt +client 127.0.0.1 PORT_D +??? 220 +HELO xxx +??? 250 +MAIL FROM: +??? 250 +RCPT TO: +??? 250 +DATA +??? 354 +DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=test.ex; h=from:to:subject + :date:mime-version:content-type; s=sel; bh=uoq1oCgLlTqpdDX/iUbLy + 7J1Wic=; b=R8INFWPcNpQCsFaaflR6DMlxeSiNyJzOhC6cd56blJf1Ko4pgXnPP + /iZk1GVEUVvrCg/PUSQZGbXfukFf3iiPeKuq3xLtFHLZ23BcWTBUTK/mBPNQrB6p + YSQAYzZC/3x4DzTlkqgQgBcm78x8SkO2TdaUK/3Ja6HloNp2spUgLQ= +Received: from xxxxxxxx.sproing.at ([127.0.0.1]:6225 helo=xxxxxxxx.sproing.at) + by yyyyyyyyyy.sproing.at with esmtp (Exim 4.86) + (envelope-from ) + id 1a2FuN-0007pz-HD + for eximdkimtest@sproing.at; Fri, 27 Nov 2015 11:05:39 +0100 +From: +To: +Subject: test +Date: Fri, 27 Nov 2015 11:05:38 +0100 +MIME-Version: 1.0 +Content-Type: text/plain; + + + + + + . ??? 250 QUIT -- 2.25.1