From: Peter Wu <peter@lekensteyn.nl>
Date: Thu, 16 Jan 2020 01:11:49 +0000 (+0000)
Subject: [Minor] Dkim_signing: correct is_skip_sign logic
X-Git-Tag: 2.3~101^2
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=845b8c00dc03d2a98f5514eda15f0e8909cd96b7;p=rspamd.git

[Minor] Dkim_signing: correct is_skip_sign logic

If any of "sign_networks", "auth_only", or "sign_local" are disabled,
then it should not automatically proceed with signing if the enabled
conditions all fail. For example, if only the auth_only setting is
enabled, and is_authed is false, then signing should be skipped.

An earlier check luckily prevents this correctness issue from being
exploitable ("ignoring unauthenticated mail"), but fix the logic anyway.
---

diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua
index 90bff13d5..42b595670 100644
--- a/lualib/lua_dkim_tools.lua
+++ b/lualib/lua_dkim_tools.lua
@@ -211,9 +211,9 @@ local function prepare_dkim_signing(N, task, settings)
   end
 
   local function is_skip_sign()
-    return (settings.sign_networks and not is_sign_networks) and
-        (settings.auth_only and not is_authed) and
-        (settings.sign_local and not is_local)
+    return not (settings.sign_networks and is_sign_networks) and
+        not (settings.auth_only and is_authed) and
+        not (settings.sign_local and is_local)
   end
 
   if hdom then