[exim-dev] [Bug 2269] New: protect against large number of D…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2269] New: protect against large number of DKIM sig headers
https://bugs.exim.org/show_bug.cgi?id=2269

            Bug ID: 2269
           Summary: protect against large number of DKIM sig headers
           Product: Exim
           Version: 4.91
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


A message observed on the LKML had one thousand signature headers (all alike).

Although the verify implementation would have only evaluated the body-hash
once (they all had the same l= value) it would have checked all the signatures
separately. We should protect against excessive resource consumption via this
attack route. Limit the number of sig considered to, say, 20?

On expanding ${authres } for this message, the over-large check on expansions
tripped.

--
You are receiving this mail because:
You are on the CC list for the bug.