From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 2 Oct 2017 19:49:25 +0000 (+0100)
Subject: [Fix] Fix DKIM forgeries via multiple headers
X-Git-Tag: 1.6.5~3^2~14
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=9e9697ecc562a22ff6b5cb82af9d43852cbe5108;p=rspamd.git

[Fix] Fix DKIM forgeries via multiple headers

MFH: rspamd-1.6
URL: http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html
---

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 72cc7232f..2b5357145 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -1938,6 +1938,22 @@ rspamd_dkim_canonize_header (struct rspamd_dkim_common_ctx *ctx,
 		ar = g_hash_table_lookup (task->raw_headers, header_name);
 
 		if (ar) {
+			/* Check uniqueness of the header */
+			rh = g_ptr_array_index (ar, 0);
+			if ((rh->type & RSPAMD_HEADER_UNIQUE) && ar->len > 1) {
+				guint64 random_cookie = ottery_rand_uint64 ();
+
+				msg_warn_dkim ("header %s is intended to be unique by"
+						" email standards, but we have %d headers of this"
+						" type, artificially break DKIM check", header_name,
+						ar->len);
+				rspamd_dkim_hash_update (ctx->headers_hash,
+						(const gchar *)&random_cookie,
+						sizeof (random_cookie));
+
+				return FALSE;
+			}
+
 			if (ar->len > count) {
 				/* Set skip count */
 				rh_num = ar->len - count - 1;