The DKIM signature is canonicalized and signed by calling dkim_getsighdr() with margins (dkim_getsighdr(dkim, tmp + n, sizeof tmp - n, DKIM_HDRMARGIN, strlen(DKIM_SIGNHEADER) + 2)). This means that for some messages, calling dkim_getsighdr with margin=0 and initial=0 results in an incorrect signature.
Specifically, the margin code prints a "\r\n\t " for some "h=" lines but the non-margin code does not have the extra space, causing some signatures to fail. A sample message for which this occurs is attached.
Log in to post a comment.