diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-12-30 17:49:53 +0000 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2016-12-30 17:50:29 +0000 |
| commit | 7b184d160668cf4596e3210f993b300689e47cb8 (patch) | |
| tree | 903e9aee6df07c95e3e9c67038e4ba1dd77dc820 | |
| parent | d4ef714bfe9944f7d211f7260719c03096b92e53 (diff) | |
| download | rspamd-7b184d160668cf4596e3210f993b300689e47cb8.tar.gz rspamd-7b184d160668cf4596e3210f993b300689e47cb8.zip | |
[CritFix] Fix headers selection in DKIM verification
Found by: @moisseev
MFH: true
| -rw-r--r-- | src/libserver/dkim.c | 64 |
1 files changed, 32 insertions, 32 deletions
diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c index 33459adc0..3a9dff80c 100644 --- a/src/libserver/dkim.c +++ b/src/libserver/dkim.c @@ -373,7 +373,7 @@ rspamd_dkim_parse_hdrlist_common (struct rspamd_dkim_common_ctx *ctx, gchar *h; gboolean from_found = FALSE; guint count = 0; - struct rspamd_dkim_header *new; + struct rspamd_dkim_header *new, *check; GHashTable *htb; p = param; @@ -401,25 +401,26 @@ rspamd_dkim_parse_hdrlist_common (struct rspamd_dkim_common_ctx *ctx, rspamd_strlcpy (h, c, p - c + 1); g_strstrip (h); - if ((new = g_hash_table_lookup (htb, h)) != NULL) { + new = rspamd_mempool_alloc (ctx->pool, + sizeof (struct rspamd_dkim_header)); + new->name = h; + new->count = 0; + + /* Check mandatory from */ + if (!from_found && g_ascii_strcasecmp (h, "from") == 0) { + from_found = TRUE; + } + + g_ptr_array_add (ctx->hlist, new); + + if ((check = g_hash_table_lookup (htb, h)) != NULL) { new->count++; } else { /* Insert new header to the list */ - new = - rspamd_mempool_alloc (ctx->pool, - sizeof (struct rspamd_dkim_header)); - new->name = h; - new->count = 1; g_hash_table_insert (htb, new->name, new); - - /* Check mandatory from */ - if (!from_found && g_ascii_strcasecmp (h, "from") == 0) { - from_found = TRUE; - } - - g_ptr_array_add (ctx->hlist, new); } + c = p + 1; p++; } @@ -1714,7 +1715,7 @@ rspamd_dkim_canonize_header (struct rspamd_dkim_common_ctx *ctx, const gchar *dkim_domain) { struct rspamd_mime_header *rh; - guint rh_num = 0, i; + gint rh_num = 0; GPtrArray *ar; if (dkim_header == NULL) { @@ -1723,27 +1724,24 @@ rspamd_dkim_canonize_header (struct rspamd_dkim_common_ctx *ctx, if (ar) { if (ar->len > count) { /* Set skip count */ - rh_num = ar->len - count; + rh_num = ar->len - count - 1; } else { - rh_num = 0; + rh_num = ar->len - 1; } + rh = g_ptr_array_index (ar, rh_num); - for (i = rh_num; i < ar->len; i ++) { - rh = g_ptr_array_index (ar, i); - - if (ctx->header_canon_type == DKIM_CANON_SIMPLE) { - rspamd_dkim_hash_update (ctx->headers_hash, rh->raw_value, - rh->raw_len); - msg_debug_dkim ("update signature with header: %*s", - (gint)rh->raw_len, rh->raw_value); - } - else { - if (!rspamd_dkim_canonize_header_relaxed (ctx, rh->value, - header_name, FALSE)) { - return FALSE; - } + if (ctx->header_canon_type == DKIM_CANON_SIMPLE) { + rspamd_dkim_hash_update (ctx->headers_hash, rh->raw_value, + rh->raw_len); + msg_debug_dkim ("update signature with header: %*s", + (gint)rh->raw_len, rh->raw_value); + } + else { + if (!rspamd_dkim_canonize_header_relaxed (ctx, rh->value, + header_name, FALSE)) { + return FALSE; } } } @@ -1752,6 +1750,8 @@ rspamd_dkim_canonize_header (struct rspamd_dkim_common_ctx *ctx, /* For signature check just use the saved dkim header */ if (ctx->header_canon_type == DKIM_CANON_SIMPLE) { /* We need to find our own signature and use it */ + guint i; + ar = g_hash_table_lookup (task->raw_headers, DKIM_SIGNHEADER); if (ar) { @@ -1833,7 +1833,7 @@ rspamd_dkim_check (rspamd_dkim_context_t *ctx, } /* Canonize dkim signature */ - rspamd_dkim_canonize_header (&ctx->common, task, DKIM_SIGNHEADER, 1, + rspamd_dkim_canonize_header (&ctx->common, task, DKIM_SIGNHEADER, 0, ctx->dkim_header, ctx->domain); dlen = EVP_MD_CTX_size (ctx->common.body_hash); |