From ff7ddfd72cf97da9b1bb21f5086607525bf47a4a Mon Sep 17 00:00:00 2001 From: Tom Kistner Date: Mon, 23 Nov 2009 08:34:05 +0000 Subject: [PATCH] DKIM: fix wrong "pass" result on bodyhash mismatch --- src/src/pdkim/pdkim.c | 51 ++++++++++++++++++++++++++++++++----------- 1 file changed, 38 insertions(+), 13 deletions(-) diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index b16960f8b..e8eba59c0 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -20,7 +20,7 @@ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. */ -/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.9 2009/11/19 18:52:48 nm4 Exp $ */ +/* $Cambridge: exim/src/src/pdkim/pdkim.c,v 1.10 2009/11/23 08:34:05 tom Exp $ */ #include #include @@ -105,6 +105,27 @@ pdkim_combined_canon_entry pdkim_combined_canons[] = { }; +char *pdkim_verify_status_str(int status) { + switch(status) { + case PDKIM_VERIFY_NONE: return "PDKIM_VERIFY_NONE"; + case PDKIM_VERIFY_INVALID: return "PDKIM_VERIFY_INVALID"; + case PDKIM_VERIFY_FAIL: return "PDKIM_VERIFY_FAIL"; + case PDKIM_VERIFY_PASS: return "PDKIM_VERIFY_PASS"; + default: return "PDKIM_VERIFY_UNKNOWN"; + } +} +char *pdkim_verify_ext_status_str(int ext_status) { + switch(ext_status) { + case PDKIM_VERIFY_FAIL_BODY: return "PDKIM_VERIFY_FAIL_BODY"; + case PDKIM_VERIFY_FAIL_MESSAGE: return "PDKIM_VERIFY_FAIL_MESSAGE"; + case PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE: return "PDKIM_VERIFY_INVALID_PUBKEY_UNAVAILABLE"; + case PDKIM_VERIFY_INVALID_BUFFER_SIZE: return "PDKIM_VERIFY_INVALID_BUFFER_SIZE"; + case PDKIM_VERIFY_INVALID_PUBKEY_PARSING: return "PDKIM_VERIFY_INVALID_PUBKEY_PARSING"; + default: return "PDKIM_VERIFY_UNKNOWN"; + } +} + + /* -------------------------------------------------------------------------- */ /* Print debugging functions */ #ifdef PDKIM_DEBUG @@ -1283,7 +1304,7 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu #ifdef PDKIM_DEBUG if (ctx->debug_stream) fprintf(ctx->debug_stream, - "PDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); + "\nPDKIM <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<\n"); #endif } @@ -1573,26 +1594,30 @@ DLLEXPORT int pdkim_feed_finish(pdkim_ctx *ctx, pdkim_signature **return_signatu (unsigned char *)sig->sigdata) != 0) { sig->verify_status = PDKIM_VERIFY_FAIL; sig->verify_ext_status = PDKIM_VERIFY_FAIL_MESSAGE; - #ifdef PDKIM_DEBUG - if (ctx->debug_stream) { - fprintf(ctx->debug_stream, "PDKIM [%s] signature did NOT verify OK\n", - sig->domain); - } - #endif goto NEXT_VERIFY; } - /* We have a winner! */ - sig->verify_status = PDKIM_VERIFY_PASS; + /* We have a winner! (if bodydhash was correct earlier) */ + if (sig->verify_status == PDKIM_VERIFY_NONE) { + sig->verify_status = PDKIM_VERIFY_PASS; + } + + NEXT_VERIFY: #ifdef PDKIM_DEBUG if (ctx->debug_stream) { - fprintf(ctx->debug_stream, "PDKIM [%s] signature verified OK\n", - sig->domain); + fprintf(ctx->debug_stream, "PDKIM [%s] signature status: %s", + sig->domain, pdkim_verify_status_str(sig->verify_status)); + if (sig->verify_ext_status > 0) { + fprintf(ctx->debug_stream, " (%s)\n", + pdkim_verify_ext_status_str(sig->verify_ext_status)); + } + else { + fprintf(ctx->debug_stream, "\n"); + } } #endif - NEXT_VERIFY: rsa_free(&rsa); free(dns_txt_name); free(dns_txt_reply); -- 2.30.2