Menu
▾
▴
#270 Message hash verification fail when messge body contains long line
In dkim_canon_init function in the libopendkim/dkim-canon.c, cur->canon_buf has length BUFRSZ and maximum length BUFRSZ. If message body contains a line longer than BUFRSZ (1024), then only first 1024 bytes of the line will be updated to the message body hash.
In addition to this, in dkimf_testfile function in the opendkim/test.c, it assumes fgets will always read until a newline, and always append CRLF to the buffer. But the size of line is only MAXBUFRSZ (65536), if the message body contains a line longer than MAXBUFRSZ, than the appended CRLF will break message body hash.
Please consider applying the patch below
diff --git a/libopendkim/dkim-canon.c b/libopendkim/dkim-canon.c
index ff9843e..c6cffa0 100644
--- a/libopendkim/dkim-canon.c
+++ b/libopendkim/dkim-canon.c
@@ -647,7 +647,7 @@ dkim_canon_init(DKIM *dkim, _Bool tmp, _Bool keep)
}
cur->canon_hashbufsize = DKIM_HASHBUFSIZE;
cur->canon_hashbuflen = 0;
- cur->canon_buf = dkim_dstring_new(dkim, BUFRSZ, BUFRSZ);
+ cur->canon_buf = dkim_dstring_new(dkim, BUFRSZ, 0);
if (cur->canon_buf == NULL)
return DKIM_STAT_NORESOURCE;
diff --git a/opendkim/test.c b/opendkim/test.c
index 0899a86..c1e0a01 100644
--- a/opendkim/test.c
+++ b/opendkim/test.c
@@ -377,6 +377,7 @@ dkimf_testfile(DKIM_LIB *libopendkim, struct test_context *tctx,
FILE *f, char *file, _Bool strict, int tverbose)
{
bool inheaders = TRUE;
+ bool meet_newline = FALSE;
int len = 0;
int buflen = 0;
int lineno = 0;
@@ -423,10 +424,12 @@ dkimf_testfile(DKIM_LIB *libopendkim, struct test_context *tctx,
lineno++;
c = '\0';
+ meet_newline = FALSE;
for (p = line; *p != '\0'; p++)
{
if (*p == '\n')
{
+ meet_newline = TRUE;
*p = '\0';
break;
}
@@ -584,8 +587,11 @@ dkimf_testfile(DKIM_LIB *libopendkim, struct test_context *tctx,
memcpy(&buf[buflen], line, len);
buflen += len;
- memcpy(&buf[buflen], CRLF, 2);
- buflen += 2;
+
+ if (meet_newline) {
+ memcpy(&buf[buflen], CRLF, 2);
+ buflen += 2;
+ }
}
}
Looks right; first part of the patch applied, and added a new unit test to make sure it doesn't break in the future. Will look at the test stuff next.