[exim-cvs] cvs commit: exim/exim-src/src/pdkim pdkim.c

Top Page
Delete this message
Reply to this message
Author: Tom Kistner
Date:  
To: exim-cvs
Subject: [exim-cvs] cvs commit: exim/exim-src/src/pdkim pdkim.c
tom 2009/11/23 08:34:05 GMT

  Modified files:
    exim-src/src/pdkim   pdkim.c 
  Log:
  DKIM: fix wrong "pass" result on bodyhash mismatch


  Revision  Changes    Path
  1.10      +37 -12    exim/exim-src/src/pdkim/pdkim.c


  Index: pdkim.c
  ===================================================================
  RCS file: /home/cvs/exim/exim-src/src/pdkim/pdkim.c,v
  retrieving revision 1.9
  retrieving revision 1.10
  diff -u -r1.9 -r1.10
  --- pdkim.c    19 Nov 2009 18:52:48 -0000    1.9
  +++ pdkim.c    23 Nov 2009 08:34:05 -0000    1.10
  @@ -20,7 +20,7 @@
    *  51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
    */


-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.9 2009/11/19 18:52:48 nm4 Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.10 2009/11/23 08:34:05 tom Exp $ */

#include <stdlib.h>
#include <stdio.h>
@@ -105,6 +105,27 @@
};


  +char *pdkim_verify_status_str(int status) {
  +  switch(status) {
  +    case PDKIM_VERIFY_NONE:    return "PDKIM_VERIFY_NONE";
  +    case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
  +    case PDKIM_VERIFY_FAIL:    return "PDKIM_VERIFY_FAIL";
  +    case PDKIM_VERIFY_PASS:    return "PDKIM_VERIFY_PASS";
  +    default:                   return "PDKIM_VERIFY_UNKNOWN";
  +  }
  +}
  +char *pdkim_verify_ext_status_str(int ext_status) {
  +  switch(ext_status) {
  +    case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
  +    case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
  +    case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
  +    case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
  +    case PDKIM_VERIFY_INVALID_PUBKEY_PARSING: return "PDKIM_VERIFY_INVALID_PUBKEY_PARSING";
  +    default: return "PDKIM_VERIFY_UNKNOWN";
  +  }
  +}
  +
  +
   /* -------------------------------------------------------------------------- */
   /* Print debugging functions */
   #ifdef PDKIM_DEBUG
  @@ -1283,7 +1304,7 @@
       #ifdef PDKIM_DEBUG
       if (ctx->debug_stream)
         fprintf(ctx->debug_stream,
  -        "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
  +        "\nPDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
       #endif
     }


  @@ -1573,26 +1594,30 @@
                           (unsigned char *)sig->sigdata) != 0) {
           sig->verify_status =      PDKIM_VERIFY_FAIL;
           sig->verify_ext_status =  PDKIM_VERIFY_FAIL_MESSAGE;
  -        #ifdef PDKIM_DEBUG
  -        if (ctx->debug_stream) {
  -          fprintf(ctx->debug_stream, "PDKIM [%s] signature did NOT verify OK\n",
  -                  sig->domain);
  -        }
  -        #endif
           goto NEXT_VERIFY;
         }


  -      /* We have a winner! */
  -      sig->verify_status = PDKIM_VERIFY_PASS;
  +      /* We have a winner! (if bodydhash was correct earlier) */
  +      if (sig->verify_status == PDKIM_VERIFY_NONE) {
  +        sig->verify_status = PDKIM_VERIFY_PASS;
  +      }
  +
  +      NEXT_VERIFY:


         #ifdef PDKIM_DEBUG
         if (ctx->debug_stream) {
  -        fprintf(ctx->debug_stream, "PDKIM [%s] signature verified OK\n",
  -                sig->domain);
  +        fprintf(ctx->debug_stream, "PDKIM [%s] signature status: %s",
  +                sig->domain, pdkim_verify_status_str(sig->verify_status));
  +        if (sig->verify_ext_status > 0) {
  +          fprintf(ctx->debug_stream, " (%s)\n",
  +                  pdkim_verify_ext_status_str(sig->verify_ext_status));
  +        }
  +        else {
  +          fprintf(ctx->debug_stream, "\n");
  +        }
         }
         #endif


  -      NEXT_VERIFY:
         rsa_free(&rsa);
         free(dns_txt_name);
         free(dns_txt_reply);