From: Jeremy Harris Date: Tue, 20 Mar 2018 16:40:31 +0000 (+0000) Subject: DKIM: harden signature header parsing X-Git-Tag: exim-4_91_RC2~5 X-Git-Url: https://git.exim.org/users/heiko/exim.git/commitdiff_plain/e220ba1dbf0c31fdc639128384dffe9337a505ac DKIM: harden signature header parsing --- diff --git a/src/src/pdkim/pdkim.c b/src/src/pdkim/pdkim.c index e291d9dd3..381bdbc5d 100644 --- a/src/src/pdkim/pdkim.c +++ b/src/src/pdkim/pdkim.c @@ -561,18 +561,18 @@ for (p = raw_hdr; ; p++) break; case 'a': /* algorithm */ { - uschar * s = Ustrchr(cur_val->s, '-'); - - for(i = 0; i < nelem(pdkim_keytypes); i++) - if (Ustrncmp(cur_val->s, pdkim_keytypes[i], s - cur_val->s) == 0) - { sig->keytype = i; break; } - if (sig->keytype < 0) - log_write(0, LOG_MAIN, - "DKIM: ignoring signature due to nonhandled keytype in a=%s", - cur_val->s); - - sig->hashtype = pdkim_hashname_to_hashtype(++s, 0); - break; + const uschar * list = cur_val->s; + int sep = '-'; + uschar * elem; + + if ((elem = string_nextinlist(&list, &sep, NULL, 0))) + for(i = 0; i < nelem(pdkim_keytypes); i++) + if (Ustrcmp(elem, pdkim_keytypes[i]) == 0) + { sig->keytype = i; break; } + if ((elem = string_nextinlist(&list, &sep, NULL, 0))) + for (i = 0; i < nelem(pdkim_hashes); i++) + if (Ustrcmp(elem, pdkim_hashes[i].dkim_hashname) == 0) + { sig->hashtype = i; break; } } case 'c': /* canonicalization */