tom 2009/04/30 16:25:40 BST
Modified files: (Branch: DEVEL_PDKIM)
exim-src/src/pdkim pdkim.c pdkim.h
Log:
Change verification logic: headers do not need to be in the sequence specified in h=
Revision Changes Path
1.1.2.13 +28 -20 exim/exim-src/src/pdkim/pdkim.c
1.1.2.11 +4 -2 exim/exim-src/src/pdkim/pdkim.h
Index: pdkim.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/pdkim/Attic/pdkim.c,v
retrieving revision 1.1.2.12
retrieving revision 1.1.2.13
diff -u -r1.1.2.12 -r1.1.2.13
--- pdkim.c 9 Apr 2009 19:18:11 -0000 1.1.2.12
+++ pdkim.c 30 Apr 2009 15:25:39 -0000 1.1.2.13
@@ -20,7 +20,7 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.1.2.12 2009/04/09 19:18:11 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.1.2.13 2009/04/30 15:25:39 tom Exp $ */
#include <stdlib.h>
#include <stdio.h>
@@ -270,6 +270,7 @@
if (sig->signature_header != NULL) free(sig->signature_header);
if (sig->sha1_body != NULL) free(sig->sha1_body);
if (sig->sha2_body != NULL) free(sig->sha2_body);
+ if (sig->hnames_check != NULL) free(sig->hnames_check);
if (sig->pubkey != NULL) pdkim_free_pubkey(sig->pubkey);
@@ -295,21 +296,24 @@
"start". Returns the position of the header name in
the list. */
int header_name_match(char *header,
- char *list,
- int start) {
+ char *tick,
+ int do_tick) {
char *hname;
char *lcopy;
char *p;
char *q;
- int pos = 0;
int rc = PDKIM_FAIL;
+
+ /* Get header name */
char *hcolon = strchr(header,':');
if (hcolon == NULL) return rc; /* This isn't a header */
hname = malloc((hcolon-header)+1);
if (hname == NULL) return PDKIM_ERR_OOM;
memset(hname,0,(hcolon-header)+1);
strncpy(hname,header,(hcolon-header));
- lcopy = strdup(list);
+
+ /* Copy tick-off list locally, so we can punch zeroes into it */
+ lcopy = strdup(tick);
if (lcopy == NULL) {
free(hname);
return PDKIM_ERR_OOM;
@@ -318,20 +322,24 @@
q = strchr(p,':');
while (q != NULL) {
*q = '\0';
- if (pos >= start) {
- if (strcasecmp(p,hname) == 0) {
- rc = pos;
- goto BAIL;
- }
+
+ if (strcasecmp(p,hname) == 0) {
+ rc = PDKIM_OK;
+ /* Invalidate header name instance in tick-off list */
+ if (do_tick) tick[p-lcopy] = '_';
+ goto BAIL;
}
+
p = q+1;
q = strchr(p,':');
- pos++;
}
- if (pos >= start) {
- if (strcasecmp(p,hname) == 0)
- rc = pos;
+
+ if (strcasecmp(p,hname) == 0) {
+ rc = PDKIM_OK;
+ /* Invalidate header name instance in tick-off list */
+ if (do_tick) tick[p-lcopy] = '_';
}
+
BAIL:
free(hname);
free(lcopy);
@@ -660,6 +668,9 @@
return NULL;
}
+ /* Copy header list to 'tick-off' header list */
+ sig->hnames_check = strdup(sig->headernames);
+
*q = '\0';
/* Chomp raw header. The final newline must not be added to the signature. */
q--;
@@ -1024,16 +1035,13 @@
if (header_name_match(ctx->cur_header->str,
sig->sign_headers?
sig->sign_headers:
- PDKIM_DEFAULT_SIGN_HEADERS, 0) < 0) goto NEXT_SIG;
+ PDKIM_DEFAULT_SIGN_HEADERS, 0) != PDKIM_OK) goto NEXT_SIG;
}
/* VERIFICATION --------------------------------------------------------- */
else {
- int rc = header_name_match(ctx->cur_header->str,
- sig->headernames,
- sig->headernames_pos);
- /* Header is not included or out-of-sequence */
- if (rc < 0) goto NEXT_SIG;
- sig->headernames_pos = rc;
+ /* Header is not included or all instances were already 'ticked off' */
+ if (header_name_match(ctx->cur_header->str,
+ sig->hnames_check, 1) != PDKIM_OK) goto NEXT_SIG;
}
/* Add header to the signed headers list */
Index: pdkim.h
===================================================================
RCS file: /home/cvs/exim/exim-src/src/pdkim/Attic/pdkim.h,v
retrieving revision 1.1.2.10
retrieving revision 1.1.2.11
diff -u -r1.1.2.10 -r1.1.2.11
--- pdkim.h 9 Apr 2009 13:57:21 -0000 1.1.2.10
+++ pdkim.h 30 Apr 2009 15:25:39 -0000 1.1.2.11
@@ -20,7 +20,7 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.h,v 1.1.2.10 2009/04/09 13:57:21 tom Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.h,v 1.1.2.11 2009/04/30 15:25:39 tom Exp $ */
/* -------------------------------------------------------------------------- */
/* Debugging. This can also be enabled/disabled at run-time. I recommend to
@@ -240,7 +240,9 @@
char *rsa_privkey; /* Private RSA key */
char *sign_headers; /* To-be-signed header names */
/* Verification specific -------------------------------------------- */
- int headernames_pos; /* Current position in header name list */
+ char *hnames_check; /* Tick-off header list that we use to keep
+ track of header names that we have already
+ added to the signature */
char *rawsig_no_b_val; /* Original signature header w/o b= tag value. */
} pdkim_signature;
@@ -306,7 +308,7 @@
unsigned long);
DLLEXPORT
-int pdkim_feed (pdkim_ctx *, char *, int);
+int pdkim_feed (pdkim_ctx *, char *, int);
DLLEXPORT
int pdkim_feed_finish (pdkim_ctx *, pdkim_signature **);
