[exim-dev] [Bug 1721] New: DKIM hash incorrect when ending l…

Top Page
This message is part of the following thread:
M+++++++++++++\the complete thread tree sorted by date
MMMMMMMMMMMMMMM 
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 1721] New: DKIM hash incorrect when ending lines have spaces
https://bugs.exim.org/show_bug.cgi?id=1721 

            Bug ID: 1721
           Summary: DKIM hash incorrect when ending lines have spaces
           Product: Exim
           Version: 4.86+ HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: mrgus@???
                CC: exim-dev@???


Created attachment 844
--> https://bugs.exim.org/attachment.cgi?id=844&action=edit
Test message and patch for DKIM bug w/spaces at the end of messages

The pdkim lib embedded into exim will not compute the body hash correctly when
one of the ending lines has spaces or tabs in them and the message was signed
with the "relaxed" canonicalization mode.

In the DKIM RFC, it states two (relevant) things (in Section 3.4.4) about
relaxed canonicalization:

1.) All whitespace at the end of a line should be omitted
2.) All empty lines at the end of a message should omitted

Because whitespace at the end of lines should be omitted, lines with only
spaces at the end of a message should be treated as empty lines and then
omitted in the same way empty lines are. In pdkim.c, the check for empty lines
is only looking for crlf-only lines, and not taking spaces into account. This
is what causes the body hash to be computed incorrectly.


I've attached a zipfile (pdkim_dkim_bodyhash.zip) to this bug report. It
includes two files:

dkim_test.txt - Test message that exhibits the bug (spaces on the
second-to-last line)
pdkim_dkim_bodyhash.patch - Patch to fix the bug


I've ran dkim_test.txt against a few different DKIM verification tools. It
passes against dkimverify, opendkim-testmsg, opendkim and others, but not when
ran through exim, nor the test_verify tool that came with pdkim's original git
repo.

With my patch applied, this message verifies. I also tested with a few other
messages received to me under normal circumstances (including a message from
Chase Bank, the first thing that made me aware of this bug--which is,
incidentally, probably the same behavior this exim-users thread was discussing:
https://lists.exim.org/lurker/message/20141108.232844.c71157d7.en.html).

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-[exim-dev] [Bug 1709] TLS enable by default[exim-dev] [Bug 1713] PDKIM_DEBUG not optional->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)