*************************************************/
/* Experimental ARC support for Exim
Copyright (c) Jeremy Harris 2018 - 2020
+ Copyright (c) The Exim Maintainers 2021
License: GPL
*/
+/* Per RFCs 6376, 7489 the only allowed chars in either an ADMD id
+or a selector are ALPHA/DIGGIT/'-'/'.'
+
+Check, to help catch misconfigurations such as a missing selector
+element in the arc_sign list.
+*/
+
+static BOOL
+arc_valid_id(const uschar * s)
+{
+for (uschar c; c = *s++; )
+ if (!isalnum(c) && c != '-' && c != '.') return FALSE;
+return TRUE;
+}
+
+
+
/* ARC signing. Called from the smtp transport, if the arc_sign option is set.
The dkim_exim_sign() function has already been called, so will have hashed the
message body for us so long as we requested a hash previously.
/* Parse the signing specification */
-identity = string_nextinlist(&signspec, &sep, NULL, 0);
-selector = string_nextinlist(&signspec, &sep, NULL, 0);
-if ( !*identity || !*selector
- || !(privkey = string_nextinlist(&signspec, &sep, NULL, 0)) || !*privkey)
- {
- log_write(0, LOG_MAIN, "ARC: bad signing-specification (%s)",
- !*identity ? "identity" : !*selector ? "selector" : "private-key");
- return sigheaders ? sigheaders : string_get(0);
- }
+if (!(identity = string_nextinlist(&signspec, &sep, NULL, 0)) || !*identity)
+ { s = US"identity"; goto bad_arg_ret; }
+if (!(selector = string_nextinlist(&signspec, &sep, NULL, 0)) || !*selector)
+ { s = US"selector"; goto bad_arg_ret; }
+if (!(privkey = string_nextinlist(&signspec, &sep, NULL, 0)) || !*privkey)
+ { s = US"privkey"; goto bad_arg_ret; }
+if (!arc_valid_id(identity))
+ { s = US"identity"; goto bad_arg_ret; }
+if (!arc_valid_id(selector))
+ { s = US"selector"; goto bad_arg_ret; }
if (*privkey == '/' && !(privkey = expand_file_big_buffer(privkey)))
- return sigheaders ? sigheaders : string_get(0);
+ goto ret_sigheaders;
if ((opts = string_nextinlist(&signspec, &sep, NULL, 0)))
{
if (!(arc_sign_find_ar(headers, identity, &ar)))
{
log_write(0, LOG_MAIN, "ARC: no Authentication-Results header for signing");
- return sigheaders ? sigheaders : string_get(0);
+ goto ret_sigheaders;
}
/* We previously built the data-struct for the existing ARC chain, if any, using a headers
/* Finally, append the dkim headers and return the lot. */
if (sigheaders) g = string_catn(g, sigheaders->s, sigheaders->ptr);
-(void) string_from_gstring(g);
-gstring_release_unused(g);
-return g;
+
+out:
+ if (!g) return string_get(1);
+ (void) string_from_gstring(g);
+ gstring_release_unused(g);
+ return g;
+
+
+bad_arg_ret:
+ log_write(0, LOG_MAIN, "ARC: bad signing-specification (%s)", s);
+ret_sigheaders:
+ g = sigheaders;
+ goto out;
}