You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jh...@apache.org on 2021/01/23 21:17:10 UTC
svn commit: r1885854 -
/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
Author: jhardin
Date: Sat Jan 23 21:17:09 2021
New Revision: 1885854
URL: http://svn.apache.org/viewvc?rev=1885854&view=rev
Log:
Bug 7831 - fix mishandling of DK header that refers to nonexistent DKIM record
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm?rev=1885854&r1=1885853&r2=1885854&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm Sat Jan 23 21:17:09 2021
@@ -721,7 +721,10 @@ sub _check_dkim_signed_by {
next if $minimum_key_bits && $sig->{_spamassassin_key_size} &&
$sig->{_spamassassin_key_size} < $minimum_key_bits;
}
- my ($sdid) = $sig->identity =~ /\@(\S+)/;
+ my $sdid = $sig->domain;
+ if (defined $sig->identity) {
+ ($sdid) = $sig->identity =~ /\@(\S+)/;
+ }
next if !defined $sdid; # a signature with a missing required tag 'd' or 'i' ?
$sdid = lc $sdid;
if ($must_be_author_domain_signature) {
@@ -864,6 +867,16 @@ sub _check_dkim_signature {
# signature, newer versions allow access to all signatures of a message
@signatures = $verifier->UNIVERSAL::can("signatures") ?
$verifier->signatures : $verifier->signature;
+
+ if (would_log("dbg","dkim")) {
+ foreach my $signature (@signatures) {
+ dbg("dkim: signature i=%s d=%s",
+ map(!defined $_ ? '(undef)' : $_,
+ $signature->identity, $signature->domain
+ )
+ );
+ }
+ }
});
if ($timer->timed_out()) {
dbg("dkim: public key lookup or verification timed out after %s s",
@@ -910,7 +923,10 @@ sub _check_dkim_signature {
push(@valid_signatures, $signature) if $valid && !$expired;
# check if we have a potential Author Domain Signature, valid or not
- my ($d) = $signature->identity =~ /\@(\S+)/;
+ my $d = $signature->domain;
+ if (defined $signature->identity) {
+ ($d) = $signature->identity =~ /\@(\S+)/;
+ }
if (!defined $d) {
# can be undefined on a broken signature with missing required tags
} else {
@@ -1262,7 +1278,10 @@ sub _wlcheck_list {
}
}
- my ($sdid) = $signature->identity =~ /\@(\S+)/;
+ my $sdid = $signature->domain;
+ if (defined $signature->identity) {
+ ($sdid) = $signature->identity =~ /\@(\S+)/;
+ }
$sdid = lc $sdid if defined $sdid;
my %tried_authors;