tom 2009/11/23 08:34:05 GMT
Modified files:
exim-src/src/pdkim pdkim.c
Log:
DKIM: fix wrong "pass" result on bodyhash mismatch
Revision Changes Path
1.10 +37 -12 exim/exim-src/src/pdkim/pdkim.c
Index: pdkim.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/pdkim/pdkim.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -r1.9 -r1.10
--- pdkim.c 19 Nov 2009 18:52:48 -0000 1.9
+++ pdkim.c 23 Nov 2009 08:34:05 -0000 1.10
@@ -20,7 +20,7 @@
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
-/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.9 2009/11/19 18:52:48 nm4 Exp $ */
+/* $Cambridge: exim/exim-src/src/pdkim/pdkim.c,v 1.10 2009/11/23 08:34:05 tom Exp $ */
#include <stdlib.h>
#include <stdio.h>
@@ -105,6 +105,27 @@
};
+char *pdkim_verify_status_str(int status) {
+ switch(status) {
+ case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE";
+ case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID";
+ case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL";
+ case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS";
+ default: return "PDKIM_VERIFY_UNKNOWN";
+ }
+}
+char *pdkim_verify_ext_status_str(int ext_status) {
+ switch(ext_status) {
+ case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY";
+ case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE";
+ case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE";
+ case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE";
+ case PDKIM_VERIFY_INVALID_PUBKEY_PARSING: return "PDKIM_VERIFY_INVALID_PUBKEY_PARSING";
+ default: return "PDKIM_VERIFY_UNKNOWN";
+ }
+}
+
+
/* -------------------------------------------------------------------------- */
/* Print debugging functions */
#ifdef PDKIM_DEBUG
@@ -1283,7 +1304,7 @@
#ifdef PDKIM_DEBUG
if (ctx->debug_stream)
fprintf(ctx->debug_stream,
- "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
+ "\nPDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
#endif
}
@@ -1573,26 +1594,30 @@
(unsigned char *)sig->sigdata) != 0) {
sig->verify_status = PDKIM_VERIFY_FAIL;
sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE;
- #ifdef PDKIM_DEBUG
- if (ctx->debug_stream) {
- fprintf(ctx->debug_stream, "PDKIM [%s] signature did NOT verify OK\n",
- sig->domain);
- }
- #endif
goto NEXT_VERIFY;
}
- /* We have a winner! */
- sig->verify_status = PDKIM_VERIFY_PASS;
+ /* We have a winner! (if bodydhash was correct earlier) */
+ if (sig->verify_status == PDKIM_VERIFY_NONE) {
+ sig->verify_status = PDKIM_VERIFY_PASS;
+ }
+
+ NEXT_VERIFY:
#ifdef PDKIM_DEBUG
if (ctx->debug_stream) {
- fprintf(ctx->debug_stream, "PDKIM [%s] signature verified OK\n",
- sig->domain);
+ fprintf(ctx->debug_stream, "PDKIM [%s] signature status: %s",
+ sig->domain, pdkim_verify_status_str(sig->verify_status));
+ if (sig->verify_ext_status > 0) {
+ fprintf(ctx->debug_stream, " (%s)\n",
+ pdkim_verify_ext_status_str(sig->verify_ext_status));
+ }
+ else {
+ fprintf(ctx->debug_stream, "\n");
+ }
}
#endif
- NEXT_VERIFY:
rsa_free(&rsa);
free(dns_txt_name);
free(dns_txt_reply);
