#118 revoked keys are not handled

v2.6.0
closed-fixed
8
2009-01-16
2009-01-15
Mike Markley
No

dkim-filter does not properly handle verification of messages signed with a key that has been revoked in DNS (the p= flag set to an empty string).

Example key:

revoked._domainkey.loopted.com. TXT "v=DKIM1; g=*; k=rsa; p="

dkim-filter -t shows the actual error:
dkim-filter: dkim.c:3725: dkim_error: Assertion `format != ((void *)0)' failed.
Aborted

A backtrace is attached.

Discussion

  • Mike Markley
    Mike Markley
    2009-01-15

    dkim-filter crash backtrace

     
    Attachments
  • Mike Markley
    Mike Markley
    2009-01-15

    trivial patch for revoked key handling on verify

     
    Attachments
  • Mike Markley
    Mike Markley
    2009-01-15

    As discussed in email, this does appear to be as simple as a missing entry for DKIM_SIGERROR_KEYREVOKED when calling dkim_code_to_name() for dkim_error(). I'm attaching a trivial patch just for completeness.
    File Added: dkim-revoked.diff

     
    • milestone: --> v2.6.0
    • assigned_to: nobody --> sm-msk
     
  • Looks right. The patch is slightly more involved for total correctness, but your patch fixes the crash issue.

     
  • Full patch attached.
    File Added: PATCH

     
  • Proposed patch #1

     
    Attachments
  • Also added a unit test which fails without the patch to verify correct handling.

    Fix and new unit test will appear in 2.8.1, which I plan to release soon.

     
    • priority: 5 --> 8
    • status: open --> closed-fixed
     
  • v2.8.1 released, containing this patch.