cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-20 12:58:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Reject DKIM signatures that do not cover the whole message body

Browse Source
This commit is contained in:
link2xt
2024-06-11 21:57:58 +00:00
parent 2b5d903cc5
commit 57c29c14a4
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -2,6 +2,9 @@
## untagged ## untagged
- Reject DKIM signatures that do not cover the whole message body.
([#321](https://github.com/deltachat/chatmail/pull/321))
- check that OpenPGP has only PKESK, SKESK and SEIPD packets - check that OpenPGP has only PKESK, SKESK and SEIPD packets
([#323](https://github.com/deltachat/chatmail/pull/323), ([#323](https://github.com/deltachat/chatmail/pull/323),
[#324](https://github.com/deltachat/chatmail/pull/324)) [#324](https://github.com/deltachat/chatmail/pull/324))

6
cmdeploy/src/cmdeploy/opendkim/final.lua
View File

@@ -19,7 +19,11 @@ for i = 1, nsigs do
-- Any valid signature that was not ignored like this -- Any valid signature that was not ignored like this
-- means the message is acceptable. -- means the message is acceptable.
if sigres == 0 then if sigres == 0 then
return nil -- Do not accept the signature if it does not cover the whole body
-- of the message by using `l=` tag.
if odkim.sig_canonlength(ctx, sig) < odkim.sig_bodylength(ctx, sig) then
return nil
end
end end
end end