You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by mm...@apache.org on 2013/01/23 18:34:36 UTC

svn commit: r1437593 - /spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm

Author: mmartinec
Date: Wed Jan 23 17:34:35 2013
New Revision: 1437593

URL: http://svn.apache.org/viewvc?rev=1437593&view=rev
Log:
Bug 6895" Avoid "Use of uninitialized value" warnings in DKIM plugin on broken signatures

Modified:
    spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm

Modified: spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm?rev=1437593&r1=1437592&r2=1437593&view=diff
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/Plugin/DKIM.pm Wed Jan 23 17:34:35 2013
@@ -663,7 +663,9 @@ sub _check_dkim_signed_by {
       next if $sig->UNIVERSAL::can("check_expiration") &&
               !$sig->check_expiration;
     }
-    my $sdid = lc($sig->domain);
+    my $sdid = $sig->domain;
+    next if !defined $sdid;  # a signature with a missing required tag 'd' ?
+    $sdid = lc $sdid;
     if ($must_be_author_domain_signature) {
       next if !$pms->{dkim_author_domains}->{$sdid};
     }
@@ -815,14 +817,20 @@ sub _check_dkim_signature {
       }
       push(@valid_signatures, $signature)  if $valid && !$expired;
       # check if we have a potential Author Domain Signature, valid or not
-      my $d = lc($signature->domain);
-      if ($pms->{dkim_author_domains}->{$d}) {  # SDID matches author domain
-        $pms->{dkim_has_any_author_sig}->{$d} = 1;
-        if ($valid && !$expired) {
-          $pms->{dkim_has_valid_author_sig}->{$d} = 1;
-        } elsif ( ($sig_result_supported ?$signature :$verifier)->result_detail
-                 =~ /\b(?:timed out|SERVFAIL)\b/i) {
-          $pms->{dkim_author_sig_tempfailed}->{$d} = 1;
+      my $d = $signature->domain;
+      if (!defined $d) {
+        # can be undefined on a broken signatures with missing required tags
+      } else {
+        $d = lc $d;
+        if ($pms->{dkim_author_domains}->{$d}) {  # SDID matches author domain
+          $pms->{dkim_has_any_author_sig}->{$d} = 1;
+          if ($valid && !$expired) {
+            $pms->{dkim_has_valid_author_sig}->{$d} = 1;
+          } elsif ( ($sig_result_supported ? $signature
+                                           : $verifier)->result_detail
+                   =~ /\b(?:timed out|SERVFAIL)\b/i) {
+            $pms->{dkim_author_sig_tempfailed}->{$d} = 1;
+          }
         }
       }
       if (would_log("dbg","dkim")) {
@@ -833,8 +841,10 @@ sub _check_dkim_signature {
           $signature->algorithm, scalar($signature->canonicalization),
           ($sig_result_supported ? $signature : $verifier)->result,
           !$expired ? '' : ', expired',
-          $pms->{dkim_author_domains}->{$d} ? 'matches author domain' :
-                                              'does not match author domain');
+          defined $d && $pms->{dkim_author_domains}->{$d}
+            ? 'matches author domain'
+            : 'does not match author domain'
+        );
       }
     }
     if (@valid_signatures) {
@@ -1141,7 +1151,8 @@ sub _wlcheck_list {
     if ($valid && $signature->UNIVERSAL::can("check_expiration")) {
       $expired = !$signature->check_expiration;
     }
-    my $sdid = lc($signature->domain);
+    my $sdid = $signature->domain;
+    my $sdid = lc $sdid  if defined $sdid;
 
     my $info = $valid ? 'VALID' : 'FAILED';
     $info .= ' EXPIRED'  if $expired;
@@ -1160,8 +1171,10 @@ sub _wlcheck_list {
       $tried_authors{$author} = 1;  # for logging purposes
 
       my $matches = 0;
-      if (!defined $acceptable_sdid || $acceptable_sdid eq '') {
+      if (!defined $sdid) {
+        # don't bother, invalid signature with a missing 'd' tag
 
+      } elsif (!defined $acceptable_sdid || $acceptable_sdid eq '') {
         # An "Author Domain Signature" (sometimes called a first-party
         # signature) is a Valid Signature in which the domain name of the
         # DKIM signing entity, i.e., the d= tag in the DKIM-Signature header
@@ -1170,9 +1183,8 @@ sub _wlcheck_list {
 
         # checking for Author Domain Signature
         $matches = 1  if $sdid eq $author_domain;
-      }
-      else {  # checking for verifier-acceptable signature
 
+      } else {  # checking for verifier-acceptable signature
         # The second argument to a 'whitelist_from_dkim' option is now (since
         # version 3.3.0) supposed to be a signing domain (SDID), no longer an
         # identity (AUID). Nevertheless, be prepared to accept the full e-mail
@@ -1204,7 +1216,8 @@ sub _wlcheck_list {
       }
     }
     dbg("dkim: %s signature by %s, author %s, no valid matches",
-        $info, $sdid, join(", ", keys %tried_authors))  if !$any_match_at_all;
+        $info,  defined $sdid ? $sdid : '(undef)',
+        join(", ", keys %tried_authors))  if !$any_match_at_all;
   }
   return ($any_match_at_all, \%any_match_by_wl);
 }