[exim-cvs] cvs commit: exim/exim-src/src/pdkim pdkim.c pdkim…

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-src/src/pdkim pdkim.c pdkim.h
tom 2009/04/30 16:25:40 BST

  Modified files:        (Branch: DEVEL_PDKIM)
    exim-src/src/pdkim   pdkim.c pdkim.h 
  Log:
  Change verification logic: headers do not need to be in the sequence specified in h=


  Revision  Changes    Path
  1.1.2.13  +28 -20    exim/exim-src/src/pdkim/pdkim.c
  1.1.2.11  +4 -2      exim/exim-src/src/pdkim/pdkim.h


  Index: pdkim.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/pdkim/Attic/pdkim.c,v
  retrieving revision 1.1.2.12
  retrieving revision 1.1.2.13
  diff -u -r1.1.2.12 -r1.1.2.13
  --- pdkim.c    9 Apr 2009 19:18:11 -0000    1.1.2.12
  +++ pdkim.c    30 Apr 2009 15:25:39 -0000    1.1.2.13
  @@ -20,7 +20,7 @@
    *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    */


-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.1.2.12 2009/04/09 19:18:11 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.1.2.13 2009/04/30 15:25:39 tom Exp $ */

   #include <stdlib.h>
   #include <stdio.h>
  @@ -270,6 +270,7 @@
       if (sig->signature_header != NULL) free(sig->signature_header);
       if (sig->sha1_body        != NULL) free(sig->sha1_body);
       if (sig->sha2_body        != NULL) free(sig->sha2_body);
  +    if (sig->hnames_check     != NULL) free(sig->hnames_check);


       if (sig->pubkey != NULL) pdkim_free_pubkey(sig->pubkey);


  @@ -295,21 +296,24 @@
      "start". Returns the position of the header name in
      the list. */
   int header_name_match(char *header,
  -                      char *list,
  -                      int   start) {
  +                      char *tick,
  +                      int   do_tick) {
     char *hname;
     char *lcopy;
     char *p;
     char *q;
  -  int pos = 0;
     int rc = PDKIM_FAIL;
  +
  +  /* Get header name */
     char *hcolon = strchr(header,':');
     if (hcolon == NULL) return rc; /* This isn't a header */
     hname = malloc((hcolon-header)+1);
     if (hname == NULL) return PDKIM_ERR_OOM;
     memset(hname,0,(hcolon-header)+1);
     strncpy(hname,header,(hcolon-header));
  -  lcopy = strdup(list);
  +
  +  /* Copy tick-off list locally, so we can punch zeroes into it */
  +  lcopy = strdup(tick);
     if (lcopy == NULL) {
       free(hname);
       return PDKIM_ERR_OOM;
  @@ -318,20 +322,24 @@
     q = strchr(p,':');
     while (q != NULL) {
       *q = '\0';
  -    if (pos >= start) {
  -      if (strcasecmp(p,hname) == 0) {
  -        rc = pos;
  -        goto BAIL;
  -      }
  +
  +    if (strcasecmp(p,hname) == 0) {
  +      rc = PDKIM_OK;
  +      /* Invalidate header name instance in tick-off list */
  +      if (do_tick) tick[p-lcopy] = '_';
  +      goto BAIL;
       }
  +
       p = q+1;
       q = strchr(p,':');
  -    pos++;
     }
  -  if (pos >= start) {
  -    if (strcasecmp(p,hname) == 0)
  -      rc = pos;
  +
  +  if (strcasecmp(p,hname) == 0) {
  +    rc = PDKIM_OK;
  +    /* Invalidate header name instance in tick-off list */
  +    if (do_tick) tick[p-lcopy] = '_';
     }
  +
     BAIL:
     free(hname);
     free(lcopy);
  @@ -660,6 +668,9 @@
       return NULL;
     }


  +  /* Copy header list to 'tick-off' header list */
  +  sig->hnames_check = strdup(sig->headernames);
  +
     *q = '\0';
     /* Chomp raw header. The final newline must not be added to the signature. */
     q--;
  @@ -1024,16 +1035,13 @@
         if (header_name_match(ctx->cur_header->str,
                               sig->sign_headers?
                                 sig->sign_headers:
  -                              PDKIM_DEFAULT_SIGN_HEADERS, 0) < 0) goto NEXT_SIG;
  +                              PDKIM_DEFAULT_SIGN_HEADERS, 0) != PDKIM_OK) goto NEXT_SIG;
       }
       /* VERIFICATION --------------------------------------------------------- */
       else {
  -      int rc = header_name_match(ctx->cur_header->str,
  -                                 sig->headernames,
  -                                 sig->headernames_pos);
  -      /* Header is not included or out-of-sequence */
  -      if (rc < 0) goto NEXT_SIG;
  -      sig->headernames_pos = rc;
  +      /* Header is not included or all instances were already 'ticked off' */
  +      if (header_name_match(ctx->cur_header->str,
  +                            sig->hnames_check, 1) != PDKIM_OK) goto NEXT_SIG;
       }


       /* Add header to the signed headers list */


  Index: pdkim.h
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/pdkim/Attic/pdkim.h,v
  retrieving revision 1.1.2.10
  retrieving revision 1.1.2.11
  diff -u -r1.1.2.10 -r1.1.2.11
  --- pdkim.h    9 Apr 2009 13:57:21 -0000    1.1.2.10
  +++ pdkim.h    30 Apr 2009 15:25:39 -0000    1.1.2.11
  @@ -20,7 +20,7 @@
    *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    */


-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.h,v 1.1.2.10 2009/04/09 13:57:21 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.h,v 1.1.2.11 2009/04/30 15:25:39 tom Exp $ */

   /* -------------------------------------------------------------------------- */
   /* Debugging. This can also be enabled/disabled at run-time. I recommend to
  @@ -240,7 +240,9 @@
     char *rsa_privkey;     /* Private RSA key                             */
     char *sign_headers;    /* To-be-signed header names                   */
     /* Verification specific -------------------------------------------- */
  -  int headernames_pos;   /* Current position in header name list        */
  +  char *hnames_check;    /* Tick-off header list that we use to keep
  +                            track of header names that we have already
  +                            added to the signature                      */
     char *rawsig_no_b_val; /* Original signature header w/o b= tag value. */
   } pdkim_signature;


  @@ -306,7 +308,7 @@
                                  unsigned long);


   DLLEXPORT
  -int        pdkim_feed        (pdkim_ctx *, char *, int);
  +int        pdkim_feed         (pdkim_ctx *, char *, int);
   DLLEXPORT
   int        pdkim_feed_finish  (pdkim_ctx *, pdkim_signature **);