------- You are receiving this mail because: -------
You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1309
--- Comment #3 from Todd Lyons <tlyons@???> 2012-10-15 14:12:01 ---
On Sun, Oct 14, 2012 at 5:22 PM, Tony Meyer <tony@???> wrote:
> For example, in the message below I have dkim_sign_headers set to
> subject:to:from, and a message that has Subject: and From: headers, but no To:
> header, and the h= tag in the DKIM signature is From:Subject (i.e. "To" is
> missing).
For those that don't know, the process of signing a header that is not
actually present is one form of what is commonly referred to as
oversigning headers. If you sign a header that isn't there and then
someone actually adds that header, it will invalidate the signature.
The way that it is operating above allows a person to take a signed
email, add the missing header and it will still pass DKIM.
Possible Solutions:
1. Retain current behavior, but add option to detect and perform oversign.
2. Don't give the knob, just sign the fields.
To me #2 is easiest. I can't really think of any instance where I
would want #1, but maybe I'm just not that imaginative.
Looking at the code, it explicitly skips headers which are missing, so
we need to test if signing a non-existent header creates a problem.
I'm a bit wrapped up in some stuff for the next couple of weeks, maybe
someone else can do this. Basically it just needs to exclude the
header_name_match test and just unconditionally add the header name to
the list.
1069 /* SIGNING
-------------------------------------------------------------- */
1070 if (ctx->mode == PDKIM_MODE_SIGN) {
1071 /* Traverse all signatures */
1072 while (sig != NULL) {
1073 pdkim_stringlist *list;
1074
1075 if (header_name_match(ctx->cur_header->str,
1076 sig->sign_headers?
1077 sig->sign_headers:
1078 PDKIM_DEFAULT_SIGN_HEADERS, 0) !=
PDKIM_OK) goto NEXT_SIG;
1079
1080 /* Add header to the signed headers list (in reverse order) */
1081 list = pdkim_prepend_stringlist(sig->headers,
1082 ctx->cur_header->str);
1083 if (list == NULL) return PDKIM_ERR_OOM;
1084 sig->headers = list;
1085
1086 NEXT_SIG:
1087 sig = sig->next;
1088 }
1089 }
I don't know if this is going to cause a problem in the signing
library (how well it handles signing a non-existent header, this would
be uncovered during testing).
...Todd
--
Configure bugmail:
http://bugs.exim.org/userprefs.cgi?tab=email