[exim-dev] [Bug 2269] New: protect against large number of D…

Top Page
This message is part of the following thread:
M+\the complete thread tree sorted by date
MMM 
admin at ->
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2269] New: protect against large number of DKIM sig headers
https://bugs.exim.org/show_bug.cgi?id=2269 

            Bug ID: 2269
           Summary: protect against large number of DKIM sig headers
           Product: Exim
           Version: 4.91
          Hardware: x86
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: jgh146exb@???
                CC: exim-dev@???


A message observed on the LKML had one thousand signature headers (all alike).

Although the verify implementation would have only evaluated the body-hash
once (they all had the same l= value) it would have checked all the signatures
separately. We should protect against excessive resource consumption via this
attack route. Limit the number of sig considered to, say, 20?

On expanding ${authres } for this message, the over-large check on expansions
tripped.

--
You are receiving this mail because:
You are on the CC list for the bug.
This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] [Bug 2266] TLS SNI should default set[exim-dev] [Bug 2269] protect against large number of DKIM sig headers->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)