Vsevolod Stakhov
7 years ago
1 changed files with 55 additions and 4 deletions
+ 55
- 4
src/libserver/dkim.c
View File
| @@ -1337,7 +1337,9 @@ rspamd_dkim_skip_empty_lines (const gchar *start, const gchar *end, | |||
| state = test_spaces; | |||
| } | |||
| else { | |||
| *need_crlf = TRUE; | |||
| if (type != DKIM_CANON_RELAXED) { | |||
| *need_crlf = TRUE; | |||
| } | |||
| goto end; | |||
| } | |||
| @@ -1797,6 +1799,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, | |||
| { | |||
| const gchar *p, *body_end, *body_start; | |||
| guchar raw_digest[EVP_MAX_MD_SIZE]; | |||
| EVP_MD_CTX *cpy_ctx; | |||
| gsize dlen; | |||
| gint res = DKIM_CONTINUE; | |||
| guint i; | |||
| @@ -1832,15 +1835,63 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, | |||
| ctx->dkim_header, ctx->domain); | |||
| dlen = EVP_MD_CTX_size (ctx->common.body_hash); | |||
| EVP_DigestFinal_ex (ctx->common.body_hash, raw_digest, NULL); | |||
| /* Copy md_ctx to deal with broken CRLF at the end */ | |||
| cpy_ctx = EVP_MD_CTX_create (); | |||
| EVP_MD_CTX_copy (cpy_ctx, ctx->common.body_hash); | |||
| EVP_DigestFinal_ex (cpy_ctx, raw_digest, NULL); | |||
| /* Check bh field */ | |||
| if (memcmp (ctx->bh, raw_digest, ctx->bhlen) != 0) { | |||
| msg_debug_dkim ("bh value mismatch: %*xs versus %*xs", dlen, ctx->bh, | |||
| msg_debug_dkim ("bh value mismatch: %*xs versus %*xs, try add CRLF", | |||
| dlen, ctx->bh, | |||
| dlen, raw_digest); | |||
| return DKIM_REJECT; | |||
| /* Try add CRLF */ | |||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) | |||
| EVP_MD_CTX_cleanup (cpy_ctx); | |||
| #else | |||
| EVP_MD_CTX_reset (cpy_ctx); | |||
| #endif | |||
| EVP_MD_CTX_copy (cpy_ctx, ctx->common.body_hash); | |||
| EVP_DigestUpdate (cpy_ctx, "\r\n", 2); | |||
| EVP_DigestFinal_ex (cpy_ctx, raw_digest, NULL); | |||
| if (memcmp (ctx->bh, raw_digest, ctx->bhlen) != 0) { | |||
| msg_debug_dkim ("bh value mismatch: %*xs versus %*xs, try add LF", | |||
| dlen, ctx->bh, | |||
| dlen, raw_digest); | |||
| /* Try add LF */ | |||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) | |||
| EVP_MD_CTX_cleanup (cpy_ctx); | |||
| #else | |||
| EVP_MD_CTX_reset (cpy_ctx); | |||
| #endif | |||
| EVP_MD_CTX_copy (cpy_ctx, ctx->common.body_hash); | |||
| EVP_DigestUpdate (cpy_ctx, "\n", 2); | |||
| EVP_DigestFinal_ex (cpy_ctx, raw_digest, NULL); | |||
| if (memcmp (ctx->bh, raw_digest, ctx->bhlen) != 0) { | |||
| msg_debug_dkim ("bh value mismatch: %*xs versus %*xs", | |||
| dlen, ctx->bh, | |||
| dlen, raw_digest); | |||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) | |||
| EVP_MD_CTX_cleanup (cpy_ctx); | |||
| #else | |||
| EVP_MD_CTX_reset (cpy_ctx); | |||
| #endif | |||
| EVP_MD_CTX_destroy (cpy_ctx); | |||
| return DKIM_REJECT; | |||
| } | |||
| } | |||
| } | |||
| #if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(LIBRESSL_VERSION_NUMBER) | |||
| EVP_MD_CTX_cleanup (cpy_ctx); | |||
| #else | |||
| EVP_MD_CTX_reset (cpy_ctx); | |||
| #endif | |||
| EVP_MD_CTX_destroy (cpy_ctx); | |||
| dlen = EVP_MD_CTX_size (ctx->common.headers_hash); | |||
| EVP_DigestFinal_ex (ctx->common.headers_hash, raw_digest, NULL); | |||
| /* Check headers signature */ | |||
Loading…