JH/12 Bug 3112: Fix logging of config-file position for "obsolete lookup
syntax". Previously, the end of the top-level file was reported.
+JH/13 Bug 3120: Fix parsing of DKIM pubkey DNS record. Previously a crafted
+ record could crash the meesage recieve process. Investigation by
+ Maxim Galaganov.
+
Exim version 4.98
-----------------
static inline uschar
gstring_last_char(gstring * g)
{
-return g->s[g->ptr-1];
+return g ? g->s[g->ptr-1] : '\0';
}
static inline void
gstring * g = string_cat(NULL, val);
while (isspace(gstring_last_char(g)))
gstring_trim(g, 1);
- val = string_from_gstring(g);
+ if (!(val = string_from_gstring(g)))
+ {
+ DEBUG(D_acl)
+ debug_printf(" Missing value for tag '%.*s'\n", taglen, tspec);
+ return NULL;
+ }
}
if (taglen == 1) switch (tspec[0])
;
; Deliberate bad version, having extra backslashes
; sha256-hash-only version.... appears to be too long, gets truncated
+; Bad records, missing a value for the key
;
; Another, 512-bit (with a Notes field)
; 512 requiring sha1 hash
sel._domainkey TXT "v=DKIM1; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
sel_bad._domainkey TXT "v=DKIM1\; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
sel_sha256._domainkey TXT "v=DKIM1; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDXRFf+VhT+lCgFhhSkinZKcFNeRzjYdW8vT29Rbb3NadvTFwAd+cVLPFwZL8H5tUD/7JbUPqNTCPxmpgIL+V5T4tEZMorHatvvUM2qfcpQ45IfsZ+YdhbIiAslHCpy4xNxIR3zylgqRUF4+Dtsaqy3a5LhwMiKCLrnzhXk1F1hxwIDAQAB"
+sel_nullkey._domainkey TXT "v=DKIM1; p="
+sel_snullkey._domainkey TXT "v=DKIM1; p= "
ses._domainkey TXT "v=DKIM1; n=halfkilo; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
ses_sha1._domainkey TXT "v=DKIM1; h=sha1; p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL6eAQxd9didJ0/+05iDwJOqT6ly826Vi8aGPecsBiYK5/tAT97fxXk+dPWMZp9kQxtknEzYjYjAydzf+HQ2yJMCAwEAAQ=="
1999-03-02 09:44:33 10HmbD-000000005vi-0000 Authentication-Results: myhost.test.ex
1999-03-02 09:44:33 10HmbD-000000005vi-0000 dkim_state DOES NOT include pass
1999-03-02 09:44:33 10HmbD-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=20180418125440.Horde.vVKB6E7UvpLfJsPzv2ZPs6z@webmail.sego.es
-1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 unknown
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey [failed key import]
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: validation error: error:068000E0:asn1 encoding routines::too small
1999-03-02 09:44:33 10HmbE-000000005vi-0000 signer: test.ex bits: 0
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
-1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 DKIM: d=test.ex s=sel_nullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record]
+1999-03-02 09:44:33 10HmbE-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (public key record import problem)\n header.d=test.ex header.s=sel_nullkey header.a=rsa-sha1
1999-03-02 09:44:33 10HmbE-000000005vi-0000 dkim_state DOES NOT include pass
1999-03-02 09:44:33 10HmbE-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey [failed key import]
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 signer: test.ex bits: 0
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 DKIM: d=test.ex s=sel_snullkey c=simple/simple a=rsa-sha1 b=1024 [invalid - syntax error in public key record]
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (public key record import problem)\n header.d=test.ex header.s=sel_snullkey header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 dkim_state DOES NOT include pass
+1999-03-02 09:44:33 10HmbF-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
+1999-03-02 09:44:33 exim x.yz daemon started: pid=p1235, no queue runs, listening for SMTP on port PORT_D
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 unknown
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 signer: test.ex bits: 0
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 Authentication-Results: myhost.test.ex;\n dkim=neutral (signature tag missing or invalid)\n header.d=test.ex header.s=sel header.a=rsa-sha1
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 dkim_state DOES NOT include pass
+1999-03-02 09:44:33 10HmbG-000000005vi-0000 <= CALLER@bloggs.com H=(xxx) [127.0.0.1] P=smtp S=sss id=qwerty1234@disco-zombie.net
1999-03-02 09:44:33 exim x.yz daemon started: pid=p1236, no queue runs, listening for SMTP on port PORT_D
1999-03-02 09:44:33 10HmaX-000000005vi-0000 signer: test.ex bits: 0
1999-03-02 09:44:33 10HmaX-000000005vi-0000 DKIM: d=test.ex s=sel c=simple/simple a=rsa-sha1 b=0 [invalid - signature tag missing or invalid]
Do You Need A Helping Hand?
+.
+??? 250
+QUIT
+??? 221
+****
+#
+#
+# These should fail verify (missing pubkey in DNS record)
+client 127.0.0.1 PORT_D
+??? 220
+HELO xxx
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel_nullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/
+ +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5
+ B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0=
+From: mrgus@test.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
+.
+??? 250
+MAIL FROM:<CALLER@bloggs.com>
+??? 250
+RCPT TO:<a@test.ex>
+??? 250
+DATA
+??? 354
+DKIM-Signature: v=1; a=rsa-sha1; c=simple/simple; d=test.ex; h=from:to
+ :date:message-id:subject; s=sel_snullkey; bh=OB9dZVu7+5/ufs3TH9leIcEpXSo=; b=
+ CoaRNB2Z59hSnhTzT8bYbMIN3P57XAVcFeV5oGEl4aKmhm6Mtu2uIc7B2z9k5+A/
+ +KFIE9HRj7eg9kPzagoPIvI84WE5PN5yRehMjJI6WqhM3V+bQDHkb8ubSmiaYxY5
+ B2Pd/kEGgHUlMDB0Hug4FMMt7GcFxagKspthOT/Pso0=
+From: mrgus@test.ex
+To: bakawolf@yahoo.com
+Date: Thu, 19 Nov 2015 17:00:07 -0700
+Message-ID: <qwerty1234@disco-zombie.net>
+Subject: simple test
+
+This is a simple test.
.
??? 250
QUIT
git://git.exim.org / exim.git / commitdiff