[exim-dev] [Bug 2295] New: Invalid DKIM signatures (due to h…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
New-Topics: [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters), [exim-dev] [Bug 2295] Invalid DKIM signatures (pdkim_headcat obliterating near-EOL significant characters)
Subject: [exim-dev] [Bug 2295] New: Invalid DKIM signatures (due to header hash miscomputed)
https://bugs.exim.org/show_bug.cgi?id=2295

            Bug ID: 2295
           Summary: Invalid DKIM signatures (due to header hash
                    miscomputed)
           Product: Exim
           Version: 4.90
          Hardware: x86-64
                OS: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: DKIM
          Assignee: tom@???
          Reporter: guillaume-exim@???
                CC: exim-dev@???


Exim-generated DKIM-Signatures fail on virtually everyone
(http://www.appmaildev.com/fr/dkim, http://dkimvalidator.com/, GMail, …),in
4.90 and 4.90.1.

This is due to the header hash being computed (in relaxed mode) on:
[…]
dkim-signature:v=1;[…];b=;
instead of:
[…]
dkim-signature:v=1;[…];b=
(there should be no ending semicolon)

This was introduced by commit ea18931d9b1e9b73b699a2f3eb661d70b7f52fab ("DKIM:
fix signing bug induced by total size of parameter text causing header-line
fold between "b=" and terminating ";" of pseudo-header.").

I understand that the semicolon was introduced to prevent headcat() to insert
EOL after the b=. Is this still the case? After having simply modified my
src/pdkim/pdkim.c (s/b=;/b=/), my e-mails get successfully verified by all the
aforementioned verifiers.

Note that I only speak for relaxed canonicalization, I did not test in simple
mode.

--
You are receiving this mail because:
You are on the CC list for the bug.