diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2021-08-11 13:08:43 +0100 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2021-08-11 13:10:11 +0100 |
| commit | 44a62f58613f26f5cba82e9fa1e3d6f83124c550 (patch) | |
| tree | 5531287cf379ff0391cff60bd47360debfcaf5e3 | |
| parent | b7fb6ac5d99f0b1000652c91fecad101af4defc0 (diff) | |
| download | exim4-44a62f58613f26f5cba82e9fa1e3d6f83124c550.tar.gz | |
DKIM: fix verify under TLS & chunking, with pipelined next command
Cherry-picked from: b367453a08
| -rw-r--r-- | doc/doc-txt/ChangeLog | 5 | ||||
| -rw-r--r-- | src/src/dkim.c | 5 | ||||
| -rw-r--r-- | src/src/functions.h | 4 | ||||
| -rw-r--r-- | src/src/globals.c | 2 | ||||
| -rw-r--r-- | src/src/globals.h | 2 | ||||
| -rw-r--r-- | src/src/smtp_in.c | 6 | ||||
| -rw-r--r-- | src/src/tls-gnu.c | 4 | ||||
| -rw-r--r-- | src/src/tls-openssl.c | 4 |
8 files changed, 23 insertions, 9 deletions
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 3e93f653f..136363b51 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -231,6 +231,11 @@ JH/57 Fix control=fakreject for a custom message containing tainted data. Previously this resulted in a log complaint, due to a re-expansion present since fakereject was originally introduced. +JH/59 DKIM: Fix small-message verification under TLS with chunking. If a + pipelined SMTP command followed the BDAT LAST then it would be + incorrrectly treated as part of the message body, causing a verification + fail. + Exim version 4.94 ----------------- diff --git a/src/src/dkim.c b/src/src/dkim.c index 92adb3589..b376aa240 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -127,8 +127,9 @@ dkim_verify_ctx = pdkim_init_verify(&dkim_exim_query_dns_txt, dot_stuffing); dkim_collect_input = dkim_verify_ctx ? DKIM_MAX_SIGNATURES : 0; dkim_collect_error = NULL; -/* Start feed up with any cached data */ -receive_get_cache(); +/* Start feed up with any cached data, but limited to message data */ +receive_get_cache(chunking_state == CHUNKING_LAST + ? chunking_data_left : GETC_BUFFER_UNLIMITED); store_pool = dkim_verify_oldpool; } diff --git a/src/src/functions.h b/src/src/functions.h index e22fd4f99..c450536a2 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -64,7 +64,7 @@ extern int tls_ferror(void); extern void tls_free_cert(void **); extern int tls_getc(unsigned); extern uschar *tls_getbuf(unsigned *); -extern void tls_get_cache(void); +extern void tls_get_cache(unsigned); extern BOOL tls_import_cert(const uschar *, void **); extern int tls_read(void *, uschar *, size_t); extern int tls_server_start(const uschar *, uschar **); @@ -481,7 +481,7 @@ extern BOOL smtp_get_interface(uschar *, int, address_item *, extern BOOL smtp_get_port(uschar *, address_item *, int *, uschar *); extern int smtp_getc(unsigned); extern uschar *smtp_getbuf(unsigned *); -extern void smtp_get_cache(void); +extern void smtp_get_cache(unsigned); extern int smtp_handle_acl_fail(int, int, uschar *, uschar *); extern void smtp_log_no_mail(void); extern void smtp_message_code(uschar **, int *, uschar **, uschar **, BOOL); diff --git a/src/src/globals.c b/src/src/globals.c index fcb9cc0b5..c89cf6304 100644 --- a/src/src/globals.c +++ b/src/src/globals.c @@ -168,7 +168,7 @@ uschar * (*lwr_receive_getbuf)(unsigned *) = NULL; int (*lwr_receive_ungetc)(int) = stdin_ungetc; int (*receive_getc)(unsigned) = stdin_getc; uschar * (*receive_getbuf)(unsigned *) = NULL; -void (*receive_get_cache)(void)= NULL; +void (*receive_get_cache)(unsigned) = NULL; int (*receive_ungetc)(int) = stdin_ungetc; int (*receive_feof)(void) = stdin_feof; int (*receive_ferror)(void) = stdin_ferror; diff --git a/src/src/globals.h b/src/src/globals.h index bb811553c..f615a29ad 100644 --- a/src/src/globals.h +++ b/src/src/globals.h @@ -156,7 +156,7 @@ extern uschar * (*lwr_receive_getbuf)(unsigned *); extern int (*lwr_receive_ungetc)(int); extern int (*receive_getc)(unsigned); extern uschar * (*receive_getbuf)(unsigned *); -extern void (*receive_get_cache)(void); +extern void (*receive_get_cache)(unsigned); extern int (*receive_ungetc)(int); extern int (*receive_feof)(void); extern int (*receive_ferror)(void); diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 17d17beb9..fc5328478 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -583,10 +583,12 @@ return buf; } void -smtp_get_cache(void) +smtp_get_cache(unsigned lim) { #ifndef DISABLE_DKIM int n = smtp_inend - smtp_inptr; +if (n > lim) + n = lim; if (n > 0) dkim_exim_verify_feed(smtp_inptr, n); #endif @@ -661,7 +663,9 @@ for(;;) if (chunking_state == CHUNKING_LAST) { #ifndef DISABLE_DKIM + dkim_collect_input = dkim_save; dkim_exim_verify_feed(NULL, 0); /* notify EOD */ + dkim_collect_input = 0; #endif return EOD; } diff --git a/src/src/tls-gnu.c b/src/src/tls-gnu.c index 6ee603595..17081c821 100644 --- a/src/src/tls-gnu.c +++ b/src/src/tls-gnu.c @@ -3267,11 +3267,13 @@ return buf; void -tls_get_cache() +tls_get_cache(unsigned lim) { #ifndef DISABLE_DKIM exim_gnutls_state_st * state = &state_server; int n = state->xfer_buffer_hwm - state->xfer_buffer_lwm; +if (n > lim) + n = lim; if (n > 0) dkim_exim_verify_feed(state->xfer_buffer+state->xfer_buffer_lwm, n); #endif diff --git a/src/src/tls-openssl.c b/src/src/tls-openssl.c index 499384b50..55b4162f8 100644 --- a/src/src/tls-openssl.c +++ b/src/src/tls-openssl.c @@ -3566,10 +3566,12 @@ return buf; void -tls_get_cache() +tls_get_cache(unsigned lim) { #ifndef DISABLE_DKIM int n = ssl_xfer_buffer_hwm - ssl_xfer_buffer_lwm; +if (n > lim) + n = lim; if (n > 0) dkim_exim_verify_feed(ssl_xfer_buffer+ssl_xfer_buffer_lwm, n); #endif |