]> source.dussan.org Git - rspamd.git/commitdiff
[Fix] Reject invalid bh for DKIM signatures earlier
authorVsevolod Stakhov <vsevolod@highsecure.ru>
Wed, 9 Aug 2017 18:15:20 +0000 (19:15 +0100)
committerAndrew Lewis <nerf@judo.za.org>
Mon, 28 Aug 2017 11:08:06 +0000 (13:08 +0200)
src/libserver/dkim.c

index 06adab305bc060fd04a06bdac5a342873357d3cc..72cc7232f74324dc2bec2b84ad656a5fcffe0537 100644 (file)
@@ -2196,6 +2196,14 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx,
                                        }
                                }
                        }
+                       else {
+                               msg_debug_dkim (
+                                               "bh value mismatch: %*xs versus %*xs",
+                                               dlen, ctx->bh,
+                                               dlen, cached_bh->digest_normal);
+
+                               return DKIM_REJECT;
+                       }
                }
 
                if (cpy_ctx) {