DKIM: tighten up parsing for DKIM DNS and header records. Bug 3056

diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 9ab50f08dfc22cdcfae21c1bf2f120e7bf9cadd0..369e951202603160a76d3e64467b4a847a6cb872 100644 (file)
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -39,6 +39,11 @@ JH/06 Bug 3054: Fix dnsdb lookup for a TXT record with multiple chunks, with a
 JH/07 Bug 3050: Fix -bp for old message_id format spoolfiles.  Previously it
       included the -H with the id; this also messed up exiqgrep.
 
+JH/08 Bug 3056: Tighten up parsing of DKIM DNS records.  Previously, whitespace
+      was not properly skipped and empty elements would cause mis-parsing.
+      Tighten parsing of DKIM header records.  Previously, all but lowercase
+      alpha chars would be ignored in potential tag names.
+
 
 
 Exim version 4.97

diff --git a/src/src/functions.h b/src/src/functions.h
index 74cd15424cd7a2b7fcb0daaaa30d59c67028d989..b201467b209d00e6d9cc1470e79e4d9d33bc5afe 100644 (file)
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -760,7 +760,7 @@ return US strncpy(CS dst, CCS src, n);
 
 
 /* Advance the string pointer given over any whitespace.
-Return the next char as there's enought places using it to be useful. */
+Return the next char as there's enough places using it to be useful. */
 
 #define Uskip_whitespace(sp) skip_whitespace(CUSS sp)
 

diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c
index c723ae6c876817b322f89b83c35d77d35cad919b..21e17c61e8d4046ef9aef6dfa26202f657484513 100644 (file)
--- a/src/src/pdkim/pdkim.c
+++ b/src/src/pdkim/pdkim.c
@@ -512,10 +512,6 @@ for (uschar * p = raw_hdr; ; p++)
     }
 
   if (where == PDKIM_HDR_TAG)
-    {
-    if (c >= 'a' && c <= 'z')
-      cur_tag = string_catn(cur_tag, p, 1);
-
     if (c == '=')
       {
       if (Ustrcmp(string_from_gstring(cur_tag), "b") == 0)
@@ -526,7 +522,8 @@ for (uschar * p = raw_hdr; ; p++)
       where = PDKIM_HDR_VALUE;
       goto NEXT_CHAR;
       }
-    }
+    else if (!isspace(c))
+      cur_tag = string_catn(cur_tag, p, 1);
 
   if (where == PDKIM_HDR_VALUE)
     {
@@ -553,17 +550,17 @@ for (uschar * p = raw_hdr; ; p++)
            switch (cur_tag->s[1])
              {
              case '\0': pdkim_decode_base64(cur_val->s, &sig->sighash); break;
-             case 'h':  if (cur_tag->ptr == 2)
-                          pdkim_decode_base64(cur_val->s, &sig->bodyhash);
+             case 'h':  if (cur_tag->ptr != 2) goto bad_tag;
+                        pdkim_decode_base64(cur_val->s, &sig->bodyhash);
                         break;
-             default:   break;
+             default:   goto bad_tag;
              }
            break;
          case 'v':                                     /* version */
              /* We only support version 1, and that is currently the
                 only version there is. */
            sig->version =
-             Ustrcmp(cur_val->s, PDKIM_SIGNATURE_VERSION) == 0 ? 1 : -1;
+               Ustrcmp(cur_val->s, PDKIM_SIGNATURE_VERSION) == 0 ? 1 : -1;
            break;
          case 'a':                                     /* algorithm */
            {
@@ -578,6 +575,7 @@ for (uschar * p = raw_hdr; ; p++)
                if (Ustrcmp(elem, pdkim_hashes[i].dkim_hashname) == 0)
                  { sig->hashtype = i; break; }
            }
+           break;
 
          case 'c':                                     /* canonicalization */
            pdkim_cstring_to_canons(cur_val->s, 0,
@@ -586,15 +584,15 @@ for (uschar * p = raw_hdr; ; p++)
          case 'q':                             /* Query method (for pubkey)*/
            for (int i = 0; pdkim_querymethods[i]; i++)
              if (Ustrcmp(cur_val->s, pdkim_querymethods[i]) == 0)
-               {
+               {
                sig->querymethod = i;   /* we never actually use this */
                break;
                }
            break;
          case 's':                                     /* Selector */
-           sig->selector = string_copyn(cur_val->s, cur_val->ptr); break;
+           sig->selector = string_copy_from_gstring(cur_val); break;
          case 'd':                                     /* SDID */
-           sig->domain = string_copyn(cur_val->s, cur_val->ptr); break;
+           sig->domain = string_copy_from_gstring(cur_val); break;
          case 'i':                                     /* AUID */
            sig->identity = pdkim_decode_qp(cur_val->s); break;
          case 't':                                     /* Timestamp */
@@ -604,16 +602,18 @@ for (uschar * p = raw_hdr; ; p++)
          case 'l':                                     /* Body length count */
            sig->bodylength = strtol(CS cur_val->s, NULL, 10); break;
          case 'h':                                     /* signed header fields */
-           sig->headernames = string_copyn(cur_val->s, cur_val->ptr); break;
+           sig->headernames = string_copy_from_gstring(cur_val); break;
          case 'z':                                     /* Copied headfields */
            sig->copiedheaders = pdkim_decode_qp(cur_val->s); break;
 /*XXX draft-ietf-dcrup-dkim-crypto-05 would need 'p' tag support
 for rsafp signatures.  But later discussion is dropping those. */
          default:
-           DEBUG(D_acl) debug_printf(" Unknown tag encountered\n");
-           break;
+           goto bad_tag;
          }
        }
+       else
+bad_tag:  DEBUG(D_acl) debug_printf(" Unknown tag encountered: %Y\n", cur_tag);
+
       cur_tag = cur_val = NULL;
       in_b_val = FALSE;
       where = PDKIM_HDR_LIMBO;
@@ -659,25 +659,37 @@ return sig;
 /* -------------------------------------------------------------------------- */
 
 pdkim_pubkey *
-pdkim_parse_pubkey_record(const uschar *raw_record)
+pdkim_parse_pubkey_record(const uschar * raw_record)
 {
-const uschar * ele;
-int sep = ';';
-pdkim_pubkey * pub;
+pdkim_pubkey * pub = store_get(sizeof(pdkim_pubkey), GET_TAINTED);
 
-pub = store_get(sizeof(pdkim_pubkey), GET_TAINTED);
 memset(pub, 0, sizeof(pdkim_pubkey));
 
-while ((ele = string_nextinlist(&raw_record, &sep, NULL, 0)))
+for (const uschar * ele = raw_record, * tspec, * end, * val; *ele; ele = end)
   {
-  const uschar * val;
+  Uskip_whitespace(&ele);
+  end = US strchrnul(CS ele, ';');
+  tspec = string_copyn(ele, end - ele);
+  if (*end) end++;                     /* skip the ; */
 
-  if ((val = Ustrchr(ele, '=')))
+  if ((val = Ustrchr(tspec, '=')))
     {
-    int taglen = val++ - ele;
+    int taglen = val++ - tspec;
+
+    DEBUG(D_acl) debug_printf(" %.*s=%s\n", taglen, tspec, val);
+    while (taglen > 1 && isspace(tspec[taglen-1]))
+      taglen--;                        /* Ignore whitespace before = */
+    while (isspace(*val))
+      val++;                   /* Ignore whitespace after = */
+    if (isspace(val[ Ustrlen(val)-1 ]))
+      {                                /* Ignore whitespace after value */
+      gstring * g = string_cat(NULL, val);
+      while (isspace(gstring_last_char(g)))
+       gstring_trim(g, 1);
+      val = string_from_gstring(g);
+      }
 
-    DEBUG(D_acl) debug_printf(" %.*s=%s\n", taglen, ele, val);
-    switch (ele[0])
+    if (taglen == 1) switch (tspec[0])
       {
       case 'v': pub->version = val;                    break;
       case 'h': pub->hashes = val;                     break;
@@ -689,8 +701,11 @@ while ((ele = string_nextinlist(&raw_record, &sep, NULL, 0)))
       case 't': if (Ustrchr(val, 'y')) pub->testing = 1;
                if (Ustrchr(val, 's')) pub->no_subdomaining = 1;
                break;
-      default:  DEBUG(D_acl) debug_printf(" Unknown tag encountered\n"); break;
+      default:  goto bad_tag;
       }
+    else
+bad_tag:
+       DEBUG(D_acl) debug_printf(" Unknown tag encountered\n");
     }
   }