#118 revoked keys are not handled


dkim-filter does not properly handle verification of messages signed with a key that has been revoked in DNS (the p= flag set to an empty string).

Example key:

revoked._domainkey.loopted.com. TXT "v=DKIM1; g=*; k=rsa; p="

dkim-filter -t shows the actual error:
dkim-filter: dkim.c:3725: dkim_error: Assertion `format != ((void *)0)' failed.

A backtrace is attached.


  • Mike Markley

    Mike Markley - 2009-01-15

    dkim-filter crash backtrace

  • Mike Markley

    Mike Markley - 2009-01-15

    trivial patch for revoked key handling on verify

  • Mike Markley

    Mike Markley - 2009-01-15

    As discussed in email, this does appear to be as simple as a missing entry for DKIM_SIGERROR_KEYREVOKED when calling dkim_code_to_name() for dkim_error(). I'm attaching a trivial patch just for completeness.
    File Added: dkim-revoked.diff

  • Anonymous - 2009-01-15
    • milestone: --> v2.6.0
    • assigned_to: nobody --> sm-msk
  • Anonymous - 2009-01-15

    Looks right. The patch is slightly more involved for total correctness, but your patch fixes the crash issue.

  • Anonymous - 2009-01-15

    Full patch attached.
    File Added: PATCH

  • Anonymous - 2009-01-15

    Proposed patch #1

  • Anonymous - 2009-01-15

    Also added a unit test which fails without the patch to verify correct handling.

    Fix and new unit test will appear in 2.8.1, which I plan to release soon.

  • Anonymous - 2009-01-16
    • priority: 5 --> 8
    • status: open --> closed-fixed
  • Anonymous - 2009-01-16

    v2.8.1 released, containing this patch.


Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks