From 8e245d29b27dcba15b651b4f1eea96f8d2ba526d Mon Sep 17 00:00:00 2001
From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sat, 18 May 2024 15:20:47 +0100
Subject: [PATCH] [Feature] Verify sanity of l= tag in DKIM

---
 src/libserver/dkim.c | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 3134b0ecf..cff8152b6 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2129,7 +2129,8 @@ end:
 }
 
 static gboolean
-rspamd_dkim_canonize_body(struct rspamd_dkim_common_ctx *ctx,
+rspamd_dkim_canonize_body(struct rspamd_task *task,
+						  struct rspamd_dkim_common_ctx *ctx,
 						  const char *start,
 						  const char *end,
 						  gboolean sign)
@@ -2149,7 +2150,20 @@ rspamd_dkim_canonize_body(struct rspamd_dkim_common_ctx *ctx,
 			EVP_DigestUpdate(ctx->body_hash, "", 0);
 		}
 	}
-	else {
+	else if (end > start) {
+		/* Add sanity checks for ctx->len */
+		if (ctx->len > 0) {
+			if (ctx->len < 2 && end - start > 2) {
+				msg_info_task("DKIM l tag is invalid: %d (%d actual size)", (int) ctx->len, (int) (end - start));
+				return FALSE;
+			}
+			if (ctx->len + 2 < (double) (end - start) * 0.9) {
+				msg_info_task("DKIM l tag does not cover enough of the body: %d (%d actual size)",
+							  (int) ctx->len, (int) (end - start));
+				return FALSE;
+			}
+		}
+
 		/* Strip extra ending CRLF */
 		p = rspamd_dkim_skip_empty_lines(start, end, ctx->body_canon_type,
 										 sign, &need_crlf);
-- 
2.39.5