[exim-dev] [Bug 2295] Invalid DKIM signatures (due to header…

Top Page
Delete this message
Reply to this message
Author: admin
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 2295] Invalid DKIM signatures (due to header hash miscomputed)
https://bugs.exim.org/show_bug.cgi?id=2295

--- Comment #5 from Guillaume Outters <guillaume-exim@???> ---
Created attachment 1096
--> https://bugs.exim.org/attachment.cgi?id=1096&action=edit
full rewrite of pdkim_headcat

In addition to having this bug, pdkim_headcat seemed to have complexified over
time, so maybe it's time to make a (working!) rewrite of the function.

With it running on my server I created valid DKIM signatures:
- in my nominal case (the signature ending 1 character before the EOL, the
semicolon correctly gets the last place on the line)
- by shifting everything (introducing a space before the b=), thus having the
signature take the full last line, and the semicolon correctly appear on the
start of a new, padded line

So this corrects the "disappearing last char" problem, on the b= ending
semicolon.

Note that this applies only on the full signature, not on the one with an empty
b=; used to compute the signature: in both our cases (my exim server and
exim-dev's one), the bh= always gets on a new line, so b= always stars at
position 49, so there is no chance that the b=; gets split around the
semicolon:
              h=abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz
 abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcde
 abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz;
 bh=abcdefghijklmnopqrstuvwxyz0123456789; b=;


For this to be tested, we could play with the h=, removing some headers to let
the bh= and the b= get a place without starting a new line:
              h=abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz
 abcdefghijklmnopqrstuvwxyz0123456789abcdefghijklmnopqrstuvwxyz0123456789abcde
 abcdefghijklmnopqrstuvwxyz012345; bh=abcdefghijklmnopqrstuvwxyz0123456789; b=
 ;


Now *this* would get interesting, because it would confirm (or dismiss) the
undeterministic "could insert a linebreak" comment.

--
You are receiving this mail because:
You are on the CC list for the bug.