[exim-dev] [PATCH] Include header list in DomainKeys header

Tue, 13 Jun 2006 11:57:44 -0700 

DomainKeys signature have a greater chance of being useful (i.e. 
successfully verifying when they should) if they include the "h" tag,
which lists the header fields included in the signature. This patch 
should accomplish that. It also fixes what looks like an error: The 
call to dk_getsig() claimed that the buffer is 8192 bytes, when in 
fact it's only 1024. (I don't think it's counted in bits.)

diff -urNad exim4-4.62~/src/dk.c exim4-4.62/src/dk.c
--- exim4-4.62.orig/src/dk.c
+++ exim4-4.62/src/dk.c
@@ -239,6 +239,8 @@
                      uschar *dk_selector,
                      uschar *dk_canon) {
   uschar *rc = NULL;
+  uschar *headers = NULL;
+  int headers_len;
   int dk_canon_int = DK_CANON_SIMPLE;
   char c;
   int seen_lf = 0;
@@ -398,7 +400,7 @@
   }

   /* Get the signature. */
-  dk_internal_status = dk_getsig(dk_context, dk_private_key, sig, 8192);
+  dk_internal_status = dk_getsig(dk_context, dk_private_key, sig, 1024);

   /* Check for unuseable key */
   if (dk_internal_status != DK_STAT_OK) {
@@ -407,13 +409,17 @@
     goto CLEANUP;
   }

-  rc = store_get(1024);
+  headers_len = dk_headers(dk_context, NULL);
+  rc = store_get(1024+256+headers_len);
+  headers = store_malloc(headers_len);
+  dk_headers(dk_context, headers);
   /* Build DomainKey-Signature header to return. */
-  (void)string_format(rc, 1024, "DomainKey-Signature: a=rsa-sha1; q=dns; 
c=%s;\r\n"
-                     "\ts=%s; d=%s;\r\n"
-                     "\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, sig);
+  (void)string_format(rc, 1024+256+headers_len, "DomainKey-Signature: 
a=rsa-sha1; q=dns; c=%s; s=%s; d=%s;\r\n"
+                     "\th=%s;\r\n"
+                     "\tb=%s;\r\n", dk_canon, dk_selector, dk_domain, headers, 
sig);

-  log_write(0, LOG_MAIN, "DK: message signed using a=rsa-sha1; q=dns; c=%s; 
s=%s; d=%s;", dk_canon, dk_selector, dk_domain);
+  log_write(0, LOG_MAIN, "DK: message signed using a=rsa-sha1; q=dns; c=%s; 
s=%s; d=%s; h=%s;", dk_canon, dk_selector, dk_domain, headers);
+  store_free(headers);

   CLEANUP:
   if (dk_context != NULL) {

-- 
Magnus Holmgren        [EMAIL PROTECTED]
                       (No Cc of list mail needed, thanks)

Attachment: pgpHV6QLe4peA.pgp
Description: PGP signature

-- 
## List details at http://www.exim.org/mailman/listinfo/exim-dev Exim details 
at http://www.exim.org/ ##

Reply via email to