DKIM: Fix signing for body lines starting with a pair of dots. Bug 2284

[exim.git] / src / src / dkim_transport.c

diff --git a/src/src/dkim_transport.c b/src/src/dkim_transport.c
index f707595cb8449ab9cdaf611ffc13cbb53ad87705..0e9c3818cddbcdbf63e44c665a5ee73f96fa1e13 100644 (file)
--- a/src/src/dkim_transport.c
+++ b/src/src/dkim_transport.c
@@ -2,7 +2,7 @@
 *     Exim - an Internet mail transport agent    *
 *************************************************/
 
-/* Copyright (c) University of Cambridge 1995 - 2017 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
 /* See the file NOTICE for conditions of use and distribution. */
 
 /* Transport shim for dkim signing */
@@ -150,8 +150,14 @@ if (!rc) return FALSE;
 
 /* Get signatures for headers plus spool data file */
 
-dkim->dot_stuffed = !!(save_options & topt_end_dot);
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* The dotstuffed status of the datafile depends on whether it was stored
+in wireformat. */
 
+dkim->dot_stuffed = spool_file_wireformat;
 if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
                                    hdrs, dkim, &errstr)))
   if (!(rc = dkt_sign_fail(dkim, &errno)))
@@ -160,6 +166,18 @@ if (!(dkim_signature = dkim_exim_sign(deliver_datafile, SPOOL_DATA_START_OFFSET,
     return FALSE;
     }
 
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec)                        /* Prepend ARC headers */
+  {
+  uschar * e;
+  if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, &e)))
+    {
+    *err = e;
+    return FALSE;
+    }
+  }
+#endif
+
 /* Write the signature and headers into the deliver-out-buffer.  This should
 mean they go out in the same packet as the MAIL, RCPT and (first) BDAT commands
 (transport_write_message() sizes the BDAT for the buffered amount) - for short
@@ -253,7 +271,13 @@ if (!rc)
   goto CLEANUP;
   }
 
-/* Feed the file to the goats^W DKIM lib */
+#ifdef EXPERIMENTAL_ARC
+arc_sign_init();
+#endif
+
+/* Feed the file to the goats^W DKIM lib.  At this point the dotstuffed
+status of the file depends on the output of transport_write_message() just
+above, which should be the result of the end_dot flag in tctx->options. */
 
 dkim->dot_stuffed = !!(options & topt_end_dot);
 if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
@@ -268,6 +292,15 @@ if (!(dkim_signature = dkim_exim_sign(dkim_fd, 0, NULL, dkim, &errstr)))
 else
   dlen = dkim_signature->ptr;
 
+#ifdef EXPERIMENTAL_ARC
+if (dkim->arc_signspec)                                /* Prepend ARC headers */
+  {
+  if (!(dkim_signature = arc_sign(dkim->arc_signspec, dkim_signature, USS err)))
+    goto CLEANUP;
+  dlen = dkim_signature->ptr;
+  }
+#endif
+
 #ifndef OS_SENDFILE
 if (options & topt_use_bdat)
 #endif
@@ -351,7 +384,8 @@ dkim_transport_write_message(transport_ctx * tctx,
 {
 /* If we can't sign, just call the original function. */
 
-if (!(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector))
+if (  !(dkim->dkim_private_key && dkim->dkim_domain && dkim->dkim_selector)
+   && !dkim->force_bodyhash)
   return transport_write_message(tctx, 0);
 
 /* If there is no filter command set up, construct the message and calculate