ARC: fix signing when DKIM-signing is also being done
authorJeremy Harris <jgh146exb@wizmail.org>
Mon, 9 Apr 2018 14:08:34 +0000 (15:08 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Mon, 9 Apr 2018 14:25:54 +0000 (15:25 +0100)
The ordering of headers being signed was wrong when a message
being forwarded arrived with a dkim signature

src/src/arc.c
test/confs/4562 [new file with mode: 0644]
test/log/4562 [new file with mode: 0644]
test/scripts/4560-ARC/4562 [new file with mode: 0644]

index 39c0811..6f567dc 100644 (file)
@@ -1565,18 +1565,17 @@ string_from_gstring(sigheaders);
 if ((rheaders = arc_sign_scan_headers(&arc_sign_ctx, sigheaders)))
   {
   hdr_rlist ** rp;
 if ((rheaders = arc_sign_scan_headers(&arc_sign_ctx, sigheaders)))
   {
   hdr_rlist ** rp;
-  for (rp = &rheaders; *rp; ) rp = &(*rp)->prev;
-  *rp = headers_rlist;
-  headers_rlist = rheaders;
+  for (rp = &headers_rlist; *rp; ) rp = &(*rp)->prev;
+  *rp = rheaders;
   }
   }
-else
-  rheaders = headers_rlist;
 
 /* Finally, build a normal-order headers list */
 /*XXX only needed for hunt-the-AR? */
 
 /* Finally, build a normal-order headers list */
 /*XXX only needed for hunt-the-AR? */
+/*XXX also, we really should be accepting any number of ADMD-matching ARs */
   {
   header_line * hnext = NULL;
   {
   header_line * hnext = NULL;
-  for (; rheaders; hnext = rheaders->h, rheaders = rheaders->prev)
+  for (rheaders = headers_rlist; rheaders;
+       hnext = rheaders->h, rheaders = rheaders->prev)
     rheaders->h->next = hnext;
   headers = hnext;
   }
     rheaders->h->next = hnext;
   headers = hnext;
   }
diff --git a/test/confs/4562 b/test/confs/4562
new file mode 100644 (file)
index 0000000..7adcd54
--- /dev/null
@@ -0,0 +1,75 @@
+# Exim test configuration 4562
+
+SERVER=
+VALUE=
+INSERT=
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+acl_smtp_data = check_data
+
+log_selector = +received_recipients +dkim_verbose
+queue_only
+
+# ----- ACL -----
+begin acl
+
+check_data:
+  warn !verify =       arc VALUE
+       INSERT
+
+  warn logwrite =      arc_state: <$arc_state>
+       condition =     ${if def:arc_state_reason}
+       logwrite =      reason:    <$arc_state_reason>
+
+.ifdef OPTION
+  accept
+.else
+  accept add_header =  :at_start:${authresults {$primary_hostname}}
+.endif
+  
+# ----- Routers -----
+
+begin routers
+
+d1:
+  driver = accept
+  local_parts = ^a
+  transport = tfile
+
+redir:
+  driver =     redirect
+  data =       ${substr_1:$local_part}@$domain
+  redirect_router = fwd
+
+fwd:
+  driver =     accept
+  transport =  tsmtp
+
+# ----- Transports -----
+
+begin transports
+
+tfile:
+  driver =     appendfile
+  file =       DIR/test-mail/$local_part
+  user =       CALLER
+
+tsmtp:
+  driver =     smtp
+  hosts =      127.0.0.1
+  port =       PORT_D
+  allow_localhost
+  dkim_domain =        $primary_hostname
+  dkim_selector = sel
+  dkim_private_key = DIR/aux-fixed/dkim/dkim.private
+.ifndef OPTION
+  arc_sign =   $primary_hostname : sel : DIR/aux-fixed/dkim/dkim.private
+.endif
+
+# End
diff --git a/test/log/4562 b/test/log/4562
new file mode 100644 (file)
index 0000000..bfb1d9e
--- /dev/null
@@ -0,0 +1,18 @@
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=example.com s=sel c=relaxed/relaxed a=rsa-sha256 b=2048 [verification failed - body hash mismatch (body probably modified in transit)]
+1999-03-02 09:44:33 10HmaX-0005vi-00 arc_state: <none>
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net for za@test.ex
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=relaxed/relaxed a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=example.com s=sel c=relaxed/relaxed a=rsa-sha256 b=2048 [verification failed - body hash mismatch (body probably modified in transit)]
+1999-03-02 09:44:33 10HmaY-0005vi-00 arc_state: <pass>
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@bloggs.com H=localhost (test.ex) [127.0.0.1] P=esmtp S=sss DKIM=test.ex ARC id=qwerty1234@disco-zombie.net for a@test.ex
+1999-03-02 09:44:33 10HmaX-0005vi-00 => a@test.ex <za@test.ex> R=fwd T=tsmtp H=127.0.0.1 [127.0.0.1] C="250 OK id=10HmaY-0005vi-00"
+1999-03-02 09:44:33 10HmaX-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
+1999-03-02 09:44:33 Start queue run: pid=pppp
+1999-03-02 09:44:33 10HmaY-0005vi-00 => a <a@test.ex> R=d1 T=tfile
+1999-03-02 09:44:33 10HmaY-0005vi-00 Completed
+1999-03-02 09:44:33 End queue run: pid=pppp
diff --git a/test/scripts/4560-ARC/4562 b/test/scripts/4560-ARC/4562
new file mode 100644 (file)
index 0000000..3f21e1e
--- /dev/null
@@ -0,0 +1,48 @@
+# ARC sign, DKIM header interactions
+#
+exim -DSERVER=server -bd -oX PORT_D
+****
+#
+# Random-ish input message, having a DKIM header
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<za@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
+       d=example.com; s=sel; h=List-Archive;
+        bh=47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=; b=uslVEq1LzHDR2ACoSTiErsGhe
+       GcuqL5no/4XYjsEJOIXkKFp4FFTj7QTcblHqyqsjgd5Dgs7zuFV4U3lwU9jSZtqJNQI+BtYZ5dS48
+       sjr9PbLiguw8rAv5eDXBQKi5XcNCnZlUnWEjl10OXEgJZ9UXdKToWHpSfWEw1nFvOlKAfPBfkznnA
+       EOQXSTJOTanLpr7EZ4Yw5LWE+9BWJfnl6snn6W0mmJl4tbfEXEV1ZzOxdQF1rwjJqmojoCG36Z+v5
+       sWKswl7HgSlKo2GKgxh9zIIhoxg5+7zfmHdKUQ2/6zuR8nqjDAjl3bSdOMgZVM0L6G6EMxQP6Sj6f
+       oEr6ePt9A==;
+From: mrgus@text.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+exim -DSERVER=server -DNOTDAEMON -q
+****
+exim -DSERVER=server -DNOTDAEMON -q
+****
+#
+#
+#
+#
+#
+killdaemon
+no_stdout_check
+no_msglog_check