/* -------------------------------------------------------------------------- */
/* Print debugging functions */
static void
-pdkim_quoteprint(const char *data, int len)
+pdkim_quoteprint(const uschar *data, int len)
{
int i;
-const unsigned char *p = (const unsigned char *)data;
-
for (i = 0; i < len; i++)
{
- const int c = p[i];
+ const int c = data[i];
switch (c)
{
case ' ' : debug_printf("{SP}"); break;
}
static void
-pdkim_hexprint(const char *data, int len)
+pdkim_hexprint(const uschar *data, int len)
{
int i;
-const unsigned char *p = (const unsigned char *)data;
-
-for (i = 0 ; i < len; i++)
- debug_printf("%02x", p[i]);
+for (i = 0 ; i < len; i++) debug_printf("%02x", data[i]);
debug_printf("\n");
}
if (!new_entry) return NULL;
memset(new_entry, 0, sizeof(pdkim_stringlist));
if (!(new_entry->value = strdup(str))) return NULL;
-if (base)
- {
- pdkim_stringlist *last = base;
- while (last->next != NULL) { last = last->next; }
- last->next = new_entry;
- return base;
- }
-else
- return new_entry;
+if (base) new_entry->next = base;
+return new_entry;
}
pdkim_decode_base64(uschar *str, blob * b)
{
int dlen;
-char *res;
dlen = b64decode(str, &b->data);
if (dlen < 0) b->data = NULL;
b->len = dlen;
case 'l':
sig->bodylength = strtol(cur_val->str, NULL, 10); break;
case 'h':
- sig->headernames = string_copy(cur_val->str); break;
+ sig->headernames = string_copy(US cur_val->str); break;
case 'z':
sig->copiedheaders = pdkim_decode_qp(cur_val->str); break;
default:
{
debug_printf(
"PDKIM >> Raw signature w/o b= tag value >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n");
- pdkim_quoteprint(sig->rawsig_no_b_val, strlen(sig->rawsig_no_b_val));
+ pdkim_quoteprint(US sig->rawsig_no_b_val, strlen(sig->rawsig_no_b_val));
debug_printf(
- "PDKIM >> Sig size: %4d bits\n", sig->sigdata.len*8);
+ "PDKIM >> Sig size: %4u bits\n", (unsigned) sig->sigdata.len*8);
debug_printf(
"PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
}
if (!cur_val)
cur_val = pdkim_strnew(NULL);
- if (c == '\r' || c == '\n')
- goto NEXT_CHAR;
-
if (c == ';' || c == '\0')
{
if (cur_tag->len > 0)
{
pdkim_signature *sig = ctx->sig;
/* Cache relaxed version of data */
-char *relaxed_data = NULL;
-int relaxed_len = 0;
+uschar *relaxed_data = NULL;
+int relaxed_len = 0;
/* Traverse all signatures, updating their hashes. */
while (sig)
{
/* Defaults to simple canon (no further treatment necessary) */
- const char *canon_data = data;
- int canon_len = len;
+ const uschar *canon_data = CUS data;
+ int canon_len = len;
if (sig->canon_body == PDKIM_CANON_RELAXED)
{
if (canon_len > 0)
{
- exim_sha_update(&sig->body_hash, canon_data, canon_len);
+ exim_sha_update(&sig->body_hash, CCS canon_data, canon_len);
sig->signed_body_bytes += canon_len;
DEBUG(D_acl) pdkim_quoteprint(canon_data, canon_len);
}
debug_printf("PDKIM [%s] Body bytes hashed: %lu\n"
"PDKIM [%s] bh computed: ",
sig->domain, sig->signed_body_bytes, sig->domain);
- pdkim_hexprint(CS bh.data, bh.len);
+ pdkim_hexprint(CUS bh.data, bh.len);
}
/* SIGNING -------------------------------------------------------------- */
pdkim_signature *sig;
for (sig = ctx->sig; sig; sig = sig->next) /* Traverse all signatures */
- if (header_name_match(ctx->cur_header->str,
- sig->sign_headers) == PDKIM_OK)
- {
- pdkim_stringlist *list;
+ {
+ pdkim_stringlist *list;
- /* Add header to the signed headers list (in reverse order) */
- if (!(list = pdkim_prepend_stringlist(sig->headers,
- ctx->cur_header->str)))
- return PDKIM_ERR_OOM;
- sig->headers = list;
- }
+ /* Add header to the signed headers list (in reverse order) */
+ if (!(list = pdkim_prepend_stringlist(sig->headers,
+ ctx->cur_header->str)))
+ return PDKIM_ERR_OOM;
+ sig->headers = list;
+ }
}
/* VERIFICATION ----------------------------------------------------------- */
/* list of header names can be split between items. */
{
char *n = CS string_copy(sig->headernames);
- char *f = n;
char *i = "h=";
char *s = ";";
int sep = 0;
for (p = sig->headers; p; p = p->next)
- {
- uschar * rh;
- /* Collect header names (Note: colon presence is guaranteed here) */
- uschar * q = Ustrchr(p->value, ':');
+ if (header_name_match(p->value, sig->sign_headers) == PDKIM_OK)
+ {
+ uschar * rh;
+ /* Collect header names (Note: colon presence is guaranteed here) */
+ uschar * q = Ustrchr(p->value, ':');
- if (!(pdkim_strncat(headernames, p->value,
- (q - US p->value) + (p->next ? 1 : 0))))
- return PDKIM_ERR_OOM;
+ if (!(pdkim_strncat(headernames, p->value,
+ (q - US p->value) + (p->next ? 1 : 0))))
+ return PDKIM_ERR_OOM;
- rh = sig->canon_headers == PDKIM_CANON_RELAXED
- ? US pdkim_relax_header(p->value, 1) /* cook header for relaxed canon */
- : string_copy(p->value); /* just copy it for simple canon */
- if (!rh)
- return PDKIM_ERR_OOM;
+ rh = sig->canon_headers == PDKIM_CANON_RELAXED
+ ? US pdkim_relax_header(p->value, 1) /* cook header for relaxed canon */
+ : string_copy(CUS p->value); /* just copy it for simple canon */
+ if (!rh)
+ return PDKIM_ERR_OOM;
- /* Feed header to the hash algorithm */
- exim_sha_update(&hhash_ctx, rh, strlen(rh));
+ /* Feed header to the hash algorithm */
+ exim_sha_update(&hhash_ctx, CCS rh, Ustrlen(rh));
- /* Remember headers block for signing (when the library cannot do incremental) */
- (void) exim_rsa_data_append(&hdata, &hdata_alloc, rh);
+ /* Remember headers block for signing (when the library cannot do incremental) */
+ (void) exim_rsa_data_append(&hdata, &hdata_alloc, rh);
- DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
- }
+ DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
+ }
l = US sig->sign_headers;
while((s = string_nextinlist(&l, &sep, NULL, 0)))
if (*s != '_')
- {
- if (headernames->len > 0)
+ { /*SSS string_append_listele() */
+ if (headernames->len > 0 && headernames->str[headernames->len-1] != ':')
if (!(pdkim_strncat(headernames, ":", 1)))
return PDKIM_ERR_OOM;
if (!(pdkim_strncat(headernames, CS s, Ustrlen(s))))
if ((q = Ustrchr(p, ':')))
*q = '\0';
+/*XXX walk the list of headers in same order as received. */
for (hdrs = ctx->headers; hdrs; hdrs = hdrs->next)
if ( hdrs->tag == 0
&& strncasecmp(hdrs->value, CS p, Ustrlen(p)) == 0
{
uschar * rh = sig->canon_headers == PDKIM_CANON_RELAXED
? US pdkim_relax_header(hdrs->value, 1) /* cook header for relaxed canon */
- : string_copy(hdrs->value); /* just copy it for simple canon */
+ : string_copy(CUS hdrs->value); /* just copy it for simple canon */
if (!rh)
return PDKIM_ERR_OOM;
/* Feed header to the hash algorithm */
- exim_sha_update(&hhash_ctx, rh, strlen(rh));
+ exim_sha_update(&hhash_ctx, CCS rh, Ustrlen(rh));
DEBUG(D_acl) pdkim_quoteprint(rh, Ustrlen(rh));
hdrs->tag = 1;
{
debug_printf(
"PDKIM >> Signed DKIM-Signature header, canonicalized >>>>>>>>>>>>>>>>>\n");
- pdkim_quoteprint(sig_hdr, strlen(sig_hdr));
+ pdkim_quoteprint(CUS sig_hdr, strlen(sig_hdr));
debug_printf(
"PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n");
}
/* Remember headers block for signing (when the library cannot do incremental) */
if (ctx->mode == PDKIM_MODE_SIGN)
- (void) exim_rsa_data_append(&hdata, &hdata_alloc, sig_hdr);
+ (void) exim_rsa_data_append(&hdata, &hdata_alloc, US sig_hdr);
free(sig_hdr);
const uschar * errstr;
/* Import private key */
- if ((errstr = exim_rsa_signing_init(sig->rsa_privkey, &sctx)))
+ if ((errstr = exim_rsa_signing_init(US sig->rsa_privkey, &sctx)))
{
DEBUG(D_acl) debug_printf("signing_init: %s\n", errstr);
return PDKIM_ERR_RSA_PRIVKEY;
if (!(sig->signature_header = pdkim_create_header(sig, TRUE)))
return PDKIM_ERR_OOM;
+
+ /* We only ever sign with one sig, and we free'd "headernames"
+ above. So to keep static-analysers happy, exit the loop explicitly.
+ Perhaps the code would be more clear if signing and verification
+ loops were separated? */
+
+ break;
}
/* VERIFICATION ----------------------------------------------------------- */
debug_printf(
"PDKIM >> Parsing public key record >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>\n"
" Raw record: ");
- pdkim_quoteprint(dns_txt_reply, strlen(dns_txt_reply));
+ pdkim_quoteprint(CUS dns_txt_reply, strlen(dns_txt_reply));
}
if (!(sig->pubkey = pdkim_parse_pubkey_record(ctx, dns_txt_reply)))