DKIM: fix relaxed body verify for a newline-only body. Bug 963

[exim.git] / src / src / pdkim / pdkim.c

diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
index de774a265a8a1ff2e062651e3221e78ea654ff37..94328f7ee2f039350b5e1024672d74bc4b0e1175 100644 (file)
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -26,11 +26,12 @@
 #include <ctype.h>
 
 #include "pdkim.h"
+#include "pdkim-rsa.h"
 
-#include "sha1.h"
-#include "sha2.h"
-#include "rsa.h"
-#include "base64.h"
+#include "polarssl/sha1.h"
+#include "polarssl/sha2.h"
+#include "polarssl/rsa.h"
+#include "polarssl/base64.h"
 
 #define PDKIM_SIGNATURE_VERSION     "1"
 #define PDKIM_PUB_RECORD_VERSION    "DKIM1"
@@ -986,11 +987,11 @@ int pdkim_finish_bodyhash(pdkim_ctx *ctx) {
       else {
         #ifdef PDKIM_DEBUG
         if (ctx->debug_stream) {
-          fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n",
-                  sig->domain);
           fprintf(ctx->debug_stream, "PDKIM [%s] bh signature: ", sig->domain);
           pdkim_hexprint(ctx->debug_stream, sig->bodyhash,
                            (sig->algo == PDKIM_ALGO_RSA_SHA1)?20:32,1);
+          fprintf(ctx->debug_stream, "PDKIM [%s] Body hash did NOT verify\n",
+                  sig->domain);
         }
         #endif
         sig->verify_status     = PDKIM_VERIFY_FAIL;
@@ -1021,6 +1022,12 @@ int pdkim_bodyline_complete(pdkim_ctx *ctx) {
   if (ctx->input_mode == PDKIM_INPUT_SMTP) {
     /* Terminate on EOD marker */
     if (memcmp(p,".\r\n",3) == 0) {
+      /* In simple body mode, if any empty lines were buffered,
+      replace with one. rfc 4871 3.4.3 */
+      if (ctx->sig && ctx->sig->canon_body == PDKIM_CANON_SIMPLE
+        && ctx->num_buffered_crlf > 0)
+       pdkim_update_bodyhash(ctx,"\r\n",2);
+
       ctx->seen_eod = 1;
       goto BAIL;
     }