#100 SSP dkim=strict check fails for valid signature

v2.4.1
closed-fixed
7
2008-01-03
2007-12-24
No

Looks like the first step in dkim_policy, where the validity of the signature is checked, is never executed.

The parameter pstate was added to dkim_policy in 2.4.1, it's set to NULL when mlfi_eom calls dkim_policy and doesn't change until it's tested to see whether a valid signature exists:

/*
** 1. If a valid Originator Signature exists, the message is
** not Suspicious, and the algorithm terminates.
*/

if (pstate != NULL && pstate->ps_state < 1)
{

With dkim=strict and no "t" tag it falls through to step 10 and the message is considered suspicious.

Discussion

  • Anonymous - 2007-12-24
    • priority: 5 --> 7
    • assigned_to: nobody --> sm-msk
     
  • Anonymous - 2007-12-31

    Proposed patch #1

     
  • Anonymous - 2007-12-31

    Logged In: YES
    user_id=1048957
    Originator: NO

    Try the attached patch. I'll put a release out containing
    this fix at the end of this week.

    File Added: PATCH

     
  • Werner Wiethege

    Werner Wiethege - 2008-01-01

    Logged In: YES
    user_id=110376
    Originator: YES

    The patch fixes the problem.

     
  • Anonymous - 2008-01-03
    • status: open --> closed-fixed
     
  • Anonymous - 2008-01-03

    Logged In: YES
    user_id=1048957
    Originator: NO

    v2.4.2 released, including this patch.

     

Log in to post a comment.