Gitweb:
https://git.exim.org/exim.git/commitdiff/ae63862ba6f6ee0c17ec865cc6cf0eebb3ca2389
Commit: ae63862ba6f6ee0c17ec865cc6cf0eebb3ca2389
Parent: 3f9700ab53b9f4fa4a2667957afb249f5639da9d
Author: Mad Alex <alex.exim@???>
AuthorDate: Wed Jan 30 13:57:36 2019 +0000
Committer: Jeremy Harris <jgh146exb@???>
CommitDate: Wed Jan 30 13:59:52 2019 +0000
Fix dkim_verify_signers option. Bug 2366
Testsuite coverage by jgh.
Broken-by: d342446f29
---
doc/doc-txt/ChangeLog | 3 +
src/src/smtp_in.c | 1 -
test/confs/4508 | 33 ++++++++++
test/confs/4520 | 2 +-
test/log/4508 | 25 ++++++++
test/scripts/4500-DKIM/4508 | 149 ++++++++++++++++++++++++++++++++++++++++++++
6 files changed, 211 insertions(+), 2 deletions(-)
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index e2dd71b..7da07ad 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -191,6 +191,9 @@ JH/41 Fix the loop reading a message header line to check for integer overflow,
and more-often against header_maxsize. Previously a crafted message could
induce a crash of the recive process; now the message is cleanly rejected.
+JH/42 Bug 2366: Fix the behaviour of the dkim_verify_signers option. It had
+ been totally disabled for all of 4.91. Discovery and fix by "Mad Alex".
+
Exim version 4.91
-----------------
diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c
index af2cdb2..86f87ea 100644
--- a/src/src/smtp_in.c
+++ b/src/src/smtp_in.c
@@ -2084,7 +2084,6 @@ f.dkim_disable_verify = FALSE;
dkim_collect_input = 0;
dkim_verify_overall = dkim_verify_status = dkim_verify_reason = NULL;
dkim_key_length = 0;
-dkim_verify_signers = US"$dkim_signers";
#endif
#ifdef EXPERIMENTAL_DMARC
f.dmarc_has_been_checked = f.dmarc_disable_verify = f.dmarc_enable_forensic = FALSE;
diff --git a/test/confs/4508 b/test/confs/4508
new file mode 100644
index 0000000..dae4a8a
--- /dev/null
+++ b/test/confs/4508
@@ -0,0 +1,33 @@
+# Exim test configuration 4508
+
+SERVER=
+
+.include DIR/aux-var/std_conf_prefix
+
+primary_hostname = myhost.test.ex
+
+# ----- Main settings -----
+
+acl_smtp_rcpt = accept
+acl_smtp_dkim = check_dkim
+acl_smtp_data = check_data
+
+log_selector = +dkim_verbose
+dkim_verify_signers = DYNAMIC_OPTION
+
+queue_only
+queue_run_in_order
+
+# ----- ACL ---------
+
+begin acl
+
+check_dkim:
+ accept
+ logwrite = DKIM: acl called - signer: $dkim_cur_signer bits: $dkim_key_length
+
+check_data:
+ accept logwrite = overall \$dkim_verify_status: $dkim_verify_status
+ logwrite = ${authresults {$primary_hostname}}
+
+# End
diff --git a/test/confs/4520 b/test/confs/4520
index 8976923..1a8e34f 100644
--- a/test/confs/4520
+++ b/test/confs/4520
@@ -14,7 +14,7 @@ acl_smtp_rcpt = accept logwrite = rcpt acl: macro: _DKIM_SIGN_HEADERS
acl_smtp_dkim = accept logwrite = dkim_acl: signer: $dkim_cur_signer bits: $dkim_key_length h=$dkim_headernames
acl_smtp_data = accept logwrite = data acl: dkim status $dkim_verify_status
-dkim_verify_signers = $dkim_signers : FAKE
+dkim_verify_signers = $dkim_signers
DDIR=DIR/aux-fixed/dkim
diff --git a/test/log/4508 b/test/log/4508
new file mode 100644
index 0000000..4a031f2
--- /dev/null
+++ b/test/log/4508
@@ -0,0 +1,25 @@
+
+******** SERVER ********
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: acl called - signer: test.ex bits: 1024
+1999-03-02 09:44:33 10HmaX-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaX-0005vi-00 overall $dkim_verify_status: pass
+1999-03-02 09:44:33 10HmaX-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256
+1999-03-02 09:44:33 10HmaX-0005vi-00 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@???
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaY-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmaY-0005vi-00 overall $dkim_verify_status:
+1999-03-02 09:44:33 10HmaY-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256
+1999-03-02 09:44:33 10HmaY-0005vi-00 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@???
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmaZ-0005vi-00 DKIM: acl called - signer: nothere.example.com bits: 0
+1999-03-02 09:44:33 10HmaZ-0005vi-00 overall $dkim_verify_status: none
+1999-03-02 09:44:33 10HmaZ-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256
+1999-03-02 09:44:33 10HmaZ-0005vi-00 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@???
+1999-03-02 09:44:33 exim x.yz daemon started: pid=pppp, no queue runs, listening for SMTP on port 1225
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: acl called - signer: test.ex bits: 1024
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha256 b=1024 [verification succeeded]
+1999-03-02 09:44:33 10HmbA-0005vi-00 DKIM: acl called - signer: different.example.com bits: 1024
+1999-03-02 09:44:33 10HmbA-0005vi-00 overall $dkim_verify_status: pass:none
+1999-03-02 09:44:33 10HmbA-0005vi-00 Authentication-Results: myhost.test.ex;\n dkim=pass header.d=test.ex header.s=sel header.a=rsa-sha256
+1999-03-02 09:44:33 10HmbA-0005vi-00 <= CALLER@??? H=(xxx) [127.0.0.1] P=smtp S=sss DKIM=test.ex id=qwerty1234@???
diff --git a/test/scripts/4500-DKIM/4508 b/test/scripts/4500-DKIM/4508
new file mode 100644
index 0000000..b9eaabe
--- /dev/null
+++ b/test/scripts/4500-DKIM/4508
@@ -0,0 +1,149 @@
+# DKIM verify, dkim_verify_signers option
+#
+exim -DSERVER=server -DDYNAMIC_OPTION='$dkim_signers' -bd -oX PORT_D
+****
+#
+# Same as default. This should pass.
+# - sha256, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
+# --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1
+ 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP
+ Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh
+ +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+#
+exim -DSERVER=server -DDYNAMIC_OPTION='' -bd -oX PORT_D
+****
+# Empty. Should avoid calling dkim ACL.
+# - sha256, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
+# --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1
+ 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP
+ Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh
+ +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+#
+exim -DSERVER=server -DDYNAMIC_OPTION='nothere.example.com' -bd -oX PORT_D
+****
+# Different domain. Should fail DKIM verify.
+# - sha256, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
+# --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1
+ 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP
+ Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh
+ +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+#
+exim -DSERVER=server -DDYNAMIC_OPTION='test.ex : different.example.com' -bd -oX PORT_D
+****
+# Mixed set. Should get one DKIM verify pass.
+# - sha256, 1024b
+# Mail original in aux-fixed/4500.msg1.txt
+# Sig generated by: perl aux-fixed/dkim/sign.pl --algorithm=rsa-sha256 \
+# --method=simple/simple < aux-fixed/4500.msg1.txt
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@???>
+??? 250
+RCPT TO:<a@???>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel; bh=3UbbJTudPxmejzh7U1Zg33U3QT+1
+ 6kfV2eOTvMeiEis=; b=xQSD/JMqz0C+xKf0A1NTkPTbkDuDdJbpBuyjjT9iYvyP
+ Zez+xl0TkoPobFGVa6EN8+ZeYV18zjifhtWYLSsNmPinUtcpKQLG1zxAKmmS0JEh
+ +qihlWbeGJ5+tK588ugUzXHPj+4JBW0H6kxHvdH0l2SlQE5xs/cdggnx5QX5USY=
+From: mrgus@???
+To: bakawolf@???
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@???>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+QUIT
+??? 221
+****
+killdaemon
+#
+no_stdout_check
+no_msglog_check