------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugs.exim.org/show_bug.cgi?id=1309 --- Comment #3 from Todd Lyons <[email protected]> 2012-10-15 14:12:01 --- On Sun, Oct 14, 2012 at 5:22 PM, Tony Meyer <[email protected]> wrote: > For example, in the message below I have dkim_sign_headers set to > subject:to:from, and a message that has Subject: and From: headers, but no To: > header, and the h= tag in the DKIM signature is From:Subject (i.e. "To" is > missing). For those that don't know, the process of signing a header that is not actually present is one form of what is commonly referred to as oversigning headers. If you sign a header that isn't there and then someone actually adds that header, it will invalidate the signature. The way that it is operating above allows a person to take a signed email, add the missing header and it will still pass DKIM. Possible Solutions: 1. Retain current behavior, but add option to detect and perform oversign. 2. Don't give the knob, just sign the fields. To me #2 is easiest. I can't really think of any instance where I would want #1, but maybe I'm just not that imaginative. Looking at the code, it explicitly skips headers which are missing, so we need to test if signing a non-existent header creates a problem. I'm a bit wrapped up in some stuff for the next couple of weeks, maybe someone else can do this. Basically it just needs to exclude the header_name_match test and just unconditionally add the header name to the list. 1069 /* SIGNING -------------------------------------------------------------- */ 1070 if (ctx->mode == PDKIM_MODE_SIGN) { 1071 /* Traverse all signatures */ 1072 while (sig != NULL) { 1073 pdkim_stringlist *list; 1074 1075 if (header_name_match(ctx->cur_header->str, 1076 sig->sign_headers? 1077 sig->sign_headers: 1078 PDKIM_DEFAULT_SIGN_HEADERS, 0) != PDKIM_OK) goto NEXT_SIG; 1079 1080 /* Add header to the signed headers list (in reverse order) */ 1081 list = pdkim_prepend_stringlist(sig->headers, 1082 ctx->cur_header->str); 1083 if (list == NULL) return PDKIM_ERR_OOM; 1084 sig->headers = list; 1085 1086 NEXT_SIG: 1087 sig = sig->next; 1088 } 1089 } I don't know if this is going to cause a problem in the signing library (how well it handles signing a non-existent header, this would be uncovered during testing). ...Todd -- Configure bugmail: http://bugs.exim.org/userprefs.cgi?tab=email -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
