#29 Signature parsing anomalies

v0.3.4
closed-fixed
6
2008-03-05
2006-05-10
No

There are a few border cases that should be verified
when parsing signature headers:

- no space after ";" before next tag name
- spaces before the tag name
- spaces between tag name and "="
- spaces between "=" and tag value
- spaces between tag value an ";"
- spaces between header names and ":" in "h="

The same tests should also be verified in key record
and policy record processing.

It has been reported that at least the last one is not
working.

Discussion

  • Ken Jones

    Ken Jones - 2006-05-26

    Logged In: YES
    user_id=736757

    In the latest thunderbird (1.5.0.2) , there is the following
    header generated:

    "Content-Type: text/plain; charset=ISO-8859-1; format=flowed"

    As it has spaces after the semicolin(s), it breaks both
    domainkeys-milter and dkim-milter.

    Is there an eta for the fix ?

    Thanks
    - Ken

     
  • Anonymous - 2006-06-01

    Logged In: YES
    user_id=1048957

    There's no reason that header should be causing verification
    failures. The parsing I'm talking about in this bug is
    strictly involving the DomainKeys-Signature: and
    DKIM-Signature: headers. The header you're talking about
    has no special meaning to any of these filters.

    Moreover, dkim-filter doesn't have any of these problems
    with respect to signatures, and I'm not currently convinced
    dk-filter does either.

     
  • Ken Jones

    Ken Jones - 2006-06-01

    Logged In: YES
    user_id=736757

    The test I performed was a simple one.
    I telneted into the mail server, and manually typed out a
    message (I had pre-typed it and used c&p)

    In the first message, there were no spaces typed at the end
    of the lines of the message headers, and the Content-Type
    header was not present. On the receiving side the message
    verified, both dkim and dk-filter.

    The second test was to paste the same headers, this time
    with a space character at the end of each line. On the
    receiving end, the message failed verication.

    The third test was using the same text, with no trailing
    spaces and adding back in the Content-Type header below.
    This message also failed verification on the receiving side.

    Shall I open this as a new bug ? or continue in this bug ?

    Thanks

    - Ken
    ps: the underlying reason is that mail sent using
    squirrelmail on the server, or outlook/outlook express
    works, however mail sent using thunderbird always fails
    verification on the receiving side.

     
  • Anonymous - 2006-06-01

    Logged In: YES
    user_id=1048957

    You originally said "spaces after semicolons" which
    shouldn't be a problem. Your last comment said "spaces at
    the end" which might be. The MTA may be stripping them, so
    your filters both sign as though the spaces are there, but
    the MTA tries to be helpful and removes them before transit
    which obviously invalidates the signatures.

    Do you get the same problem using the more tolerant
    canonicalizations, i.e. "nofws" for DomainKeys and
    "relaxed/simple" for DKIM?

     
  • Ken Jones

    Ken Jones - 2006-06-05

    Logged In: YES
    user_id=736757

    Ok,

    In further checking, using the more tolerant
    canonicalizations, i.e. "nofws" for DomainKeys and
    "relaxed/simple" for DKIM results in passing checks every time.

    Changing to "simple" on either causes that check to fail.

    As I added below, the underlying problem is that mail sent
    using squirrelmail on the server, or outlook/outlook express
    on the client pc passes verification, however mail sent
    using thunderbird on the client pc always fails verification
    on the receiving side.

    It appears to be a Thunderbird problem, however I am at a
    loss as to where to look ??

    - Ken

     
  • Ken Jones

    Ken Jones - 2006-06-15

    Logged In: YES
    user_id=736757

    After installing the latest DKIM (compiled with
    _FFR_ANTICIPATE_SENDMAIL_MUNGE, the simple/simple
    canonicalizations work great. (tested with
    outlook,thunderbird, and squirrelmail)

    As for this package, using nofws canonicalizations, all is
    great, but using simple, the thunderbird mail client still
    doesn't pass checks on the receiving end.

    - Ken

     
  • Anonymous - 2007-04-07

    Logged In: YES
    user_id=1048957
    Originator: YES

    An additional patch coming in the next version deals with this if you're running against 8.14 by asking for the exact spacing of the message it arrived, and then replays it exactly the same way outbound. I've also copied _FFR_ANTICIPATE_SENDMAIL_MUNGE into dk-filter.

    This solves the initial spaces problem in both environments.

     
  • Anonymous - 2008-03-05

    Logged In: YES
    user_id=1048957
    Originator: YES

    Considering this issue closed for now. If there's still an anomaly with Thunderbird or any of the above parsing issues remain, please open a new bug (or multiple ones).

     
  • Anonymous - 2008-03-05
    • status: open --> closed-fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks