You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by jm...@apache.org on 2006/11/03 19:40:46 UTC

svn commit: r470939 - /spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm

Author: jm
Date: Fri Nov  3 10:40:46 2006
New Revision: 470939

URL: http://svn.apache.org/viewvc?view=rev&rev=470939
Log:
bug 5140: fix parsing of DK tags, tags are case-sensitive, and whitespace may appear before and after tag name and value.  let DK_POLICY_TESTING be true if t=y appears in a public key, even when policy record is not fetched.  thanks to Mark Martinec <Mark.Martinec /at/ ijs.si>

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm?view=diff&rev=470939&r1=470938&r2=470939
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DomainKeys.pm Fri Nov  3 10:40:46 2006
@@ -29,9 +29,13 @@
 
 Policy:
    Note that DK policy record is only fetched if DK_VERIFIED is false
-   to save signing domain from unnecessary DNS queries;
-   as recommended by draft-delany-domainkeys-base (SHOULD)!
-   Rules DK_POLICY_* will return false when DK_VERIFIED is true.
+   to save signing domain from unnecessary DNS queries,
+   as recommended (SHOULD) by draft-delany-domainkeys-base.
+   Rules DK_POLICY_* should preferably not be relied upon when DK_VERIFIED
+   is true, although they will return false in current implementation
+   when a policy record is not fetched, except for DK_POLICY_TESTING,
+   which is true if t=y appears in a public key record OR in a policy
+   record (when available).
  header DK_POLICY_TESTING        eval:check_domainkeys_testing()
  header DK_POLICY_SIGNSOME       eval:check_domainkeys_signsome()
  header DK_POLICY_SIGNALL        eval:check_domainkeys_signall()
@@ -260,7 +264,7 @@
   dbg("dk: signature: $dksighdr")  if defined $dksighdr;
 
   $self->sanitize_header_for_dk(\$header)
-    if defined($dksighdr) && !grep {/^h=/i} split(/[ \t]*;[ \t]*/,$dksighdr);
+    if defined $dksighdr && $dksighdr !~ /(?:^|;)[ \t]*h=/;  # case sensitive
 
   my $message = Mail::DomainKeys::Message->load(HeadString => $header,
 						 BodyReference => $body);
@@ -333,6 +337,10 @@
       $scan->{domainkeys_verified} = 1;
     }
   }
+  # testing flag in signature
+  if ($message->testing()) {
+    $scan->{domainkeys_testing} = 1;
+  }
   my $policy;
   if (!$scan->{domainkeys_verified}) {
     # Recipient systems SHOULD not retrieve a policy TXT record
@@ -350,8 +358,8 @@
     $scan->{domainkeys_signsome} = 1;
   }
 
-  # domain or key testing
-  if ($message->testing() || $policy->testing()) {
+  # testing flag in policy
+  if ($policy->testing()) {
     $scan->{domainkeys_testing} = 1;
   }
 
@@ -394,7 +402,8 @@
     return $message->signature->domain;
   } else {
     # otherwise parse it ourself
-    if ($scan->{msg}->get_header("DomainKey-Signature") =~ /d=([^;\s]+)/) {
+    if ($scan->{msg}->get_header("DomainKey-Signature") =~
+        /(?: ^|; ) [ \t]* d= [ \t]* ([^;]*?) [ \t]* (?: ;|$ )/x) {
       return $1;
     }
     return undef;