- if (where == PDKIM_HDR_VALUE) {
- if (cur_val == NULL)
- cur_val = pdkim_strnew(NULL);
-
- if ( (*p == '\r') || (*p == '\n') || (*p == ' ') || (*p == '\t') )
- goto NEXT_CHAR;
-
- if ( (*p == ';') || (*p == '\0') ) {
- if (cur_tag->len > 0) {
- pdkim_strtrim(cur_val);
- #ifdef PDKIM_DEBUG
- if (ctx->debug_stream)
- fprintf(ctx->debug_stream, "%s=%s\n", cur_tag->str, cur_val->str);
- #endif
- switch (cur_tag->str[0]) {
- case 'b':
- switch (cur_tag->str[1]) {
- case 'h':
- sig->bodyhash = pdkim_decode_base64(cur_val->str,&(sig->bodyhash_len));
- break;
- default:
- sig->sigdata = pdkim_decode_base64(cur_val->str,&(sig->sigdata_len));
- break;
- }
- break;
- case 'v':
- if (strcmp(cur_val->str,PDKIM_SIGNATURE_VERSION) == 0) {
- /* We only support version 1, and that is currently the
- only version there is. */
- sig->version = 1;
- }
- break;
- case 'a':
- i = 0;
- while (pdkim_algos[i] != NULL) {
- if (strcmp(cur_val->str,pdkim_algos[i]) == 0 ) {
- sig->algo = i;
- break;
- }
- i++;
- }
- break;
- case 'c':
- i = 0;
- while (pdkim_combined_canons[i].str != NULL) {
- if (strcmp(cur_val->str,pdkim_combined_canons[i].str) == 0 ) {
- sig->canon_headers = pdkim_combined_canons[i].canon_headers;
- sig->canon_body = pdkim_combined_canons[i].canon_body;
- break;
- }
- i++;
- }
- break;
- case 'q':
- i = 0;
- while (pdkim_querymethods[i] != NULL) {
- if (strcmp(cur_val->str,pdkim_querymethods[i]) == 0 ) {
- sig->querymethod = i;
- break;
- }
- i++;
- }
- break;
- case 's':
- sig->selector = strdup(cur_val->str);
- break;
- case 'd':
- sig->domain = strdup(cur_val->str);
- break;
- case 'i':
- sig->identity = pdkim_decode_qp(cur_val->str);
- break;
- case 't':
- sig->created = strtoul(cur_val->str,NULL,10);
- break;
- case 'x':
- sig->expires = strtoul(cur_val->str,NULL,10);
- break;
- case 'l':
- sig->bodylength = strtol(cur_val->str,NULL,10);
- break;
- case 'h':
- sig->headernames = strdup(cur_val->str);
- break;
- case 'z':
- sig->copiedheaders = pdkim_decode_qp(cur_val->str);
- break;
- default:
- #ifdef PDKIM_DEBUG
- if (ctx->debug_stream)
- fprintf(ctx->debug_stream, "Unknown tag encountered\n");
- #endif
- break;
- }
- }
- pdkim_strclear(cur_tag);
- pdkim_strclear(cur_val);
- in_b_val = 0;
- where = PDKIM_HDR_LIMBO;
- goto NEXT_CHAR;
+ if (where == PDKIM_HDR_VALUE)
+ {
+ if (c == '\r' || c == '\n' || c == ' ' || c == '\t')
+ goto NEXT_CHAR;
+
+ if (c == ';' || c == '\0')
+ {
+ /* We must have both tag and value, and tags must be one char except
+ for the possibility of "bh". */
+
+ if ( cur_tag && cur_val
+ && (cur_tag->ptr == 1 || *cur_tag->s == 'b')
+ )
+ {
+ (void) string_from_gstring(cur_val);
+ pdkim_strtrim(cur_val);
+
+ DEBUG(D_acl) debug_printf(" %s=%s\n", cur_tag->s, cur_val->s);
+
+ switch (*cur_tag->s)
+ {
+ case 'b': /* sig-data or body-hash */
+ switch (cur_tag->s[1])
+ {
+ case '\0': pdkim_decode_base64(cur_val->s, &sig->sighash); break;
+ case 'h': if (cur_tag->ptr == 2)
+ pdkim_decode_base64(cur_val->s, &sig->bodyhash);
+ break;
+ default: break;
+ }
+ break;
+ case 'v': /* version */
+ /* We only support version 1, and that is currently the
+ only version there is. */
+ sig->version =
+ Ustrcmp(cur_val->s, PDKIM_SIGNATURE_VERSION) == 0 ? 1 : -1;
+ break;
+ case 'a': /* algorithm */
+ {
+ uschar * s = Ustrchr(cur_val->s, '-');
+
+ for(i = 0; i < nelem(pdkim_keytypes); i++)
+ if (Ustrncmp(cur_val->s, pdkim_keytypes[i], s - cur_val->s) == 0)
+ { sig->keytype = i; break; }
+ if (sig->keytype < 0)
+ log_write(0, LOG_MAIN,
+ "DKIM: ignoring signature due to nonhandled keytype in a=%s",
+ cur_val->s);
+
+ for (++s, i = 0; i < nelem(pdkim_hashes); i++)
+ if (Ustrcmp(s, pdkim_hashes[i].dkim_hashname) == 0)
+ { sig->hashtype = i; break; }
+ if (sig->hashtype < 0)
+ log_write(0, LOG_MAIN,
+ "DKIM: ignoring signature due to nonhandled hashtype in a=%s",
+ cur_val);
+ break;
+ }
+
+ case 'c': /* canonicalization */
+ for (i = 0; pdkim_combined_canons[i].str; i++)
+ if (Ustrcmp(cur_val->s, pdkim_combined_canons[i].str) == 0)
+ {
+ sig->canon_headers = pdkim_combined_canons[i].canon_headers;
+ sig->canon_body = pdkim_combined_canons[i].canon_body;
+ break;
+ }
+ break;
+ case 'q': /* Query method (for pubkey)*/
+ for (i = 0; pdkim_querymethods[i]; i++)
+ if (Ustrcmp(cur_val->s, pdkim_querymethods[i]) == 0)
+ {
+ sig->querymethod = i; /* we never actually use this */
+ break;
+ }
+ break;
+ case 's': /* Selector */
+ sig->selector = string_copyn(cur_val->s, cur_val->ptr); break;
+ case 'd': /* SDID */
+ sig->domain = string_copyn(cur_val->s, cur_val->ptr); break;
+ case 'i': /* AUID */
+ sig->identity = pdkim_decode_qp(cur_val->s); break;
+ case 't': /* Timestamp */
+ sig->created = strtoul(CS cur_val->s, NULL, 10); break;
+ case 'x': /* Expiration */
+ sig->expires = strtoul(CS cur_val->s, NULL, 10); break;
+ case 'l': /* Body length count */
+ sig->bodylength = strtol(CS cur_val->s, NULL, 10); break;
+ case 'h': /* signed header fields */
+ sig->headernames = string_copyn(cur_val->s, cur_val->ptr); break;
+ case 'z': /* Copied headfields */
+ sig->copiedheaders = pdkim_decode_qp(cur_val->s); break;
+/*XXX draft-ietf-dcrup-dkim-crypto-05 would need 'p' tag support
+for rsafp signatures. But later discussion is dropping those. */
+ default:
+ DEBUG(D_acl) debug_printf(" Unknown tag encountered\n");
+ break;
+ }
+ }
+ cur_tag = cur_val = NULL;
+ in_b_val = FALSE;
+ where = PDKIM_HDR_LIMBO;