From 7986de66296c7e73d39c485b317f9163ac520019 Mon Sep 17 00:00:00 2001 From: Scott Kitterman Date: Mon, 23 Sep 2019 11:52:17 -0400 Subject: [PATCH] - Catch more ascii encoding errors to improve resilience against bad data (LP: #1844189) --- CHANGES | 2 ++ dkimpy_milter/__init__.py | 37 ++++++++++++++++++++++++++++++------- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index b201c36..44ea9c2 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,8 @@ as verifying works correctly - Fix variable initialization so mailformed mails missing body From do not cause a traceback (LP: #1844161) + - Catch more ascii encoding errors to improve resilience against bad data + (LP: #1844189) 1.0.1 2019-02-11 * Reorder milter start and dropping privileges so permissions on Unix socket diff --git a/dkimpy_milter/__init__.py b/dkimpy_milter/__init__.py index a450b26..fa114db 100644 --- a/dkimpy_milter/__init__.py +++ b/dkimpy_milter/__init__.py @@ -141,7 +141,11 @@ class dkimMilter(Milter.Base): elif lname == 'authentication-results': self.arheaders.append(val) if self.fp: - self.fp.write("%s: %s\n" % (name, val)) + try: + self.fp.write("%s: %s\n" % (name, val)) + except: + # Don't choke on header fields with garbage in them. + pass return Milter.CONTINUE @Milter.noreply @@ -255,6 +259,7 @@ class dkimMilter(Milter.Base): def check_dkim(self, txt): res = False + self.header_a = None for y in range(self.has_dkim): # Verify _ALL_ the signatures d = dkim.DKIM(txt) try: @@ -281,9 +286,20 @@ class dkimMilter(Milter.Base): self.dkim_comment = str(x) if milterconfig.get('Syslog'): syslog.syslog("check_dkim: {0}".format(x)) - self.header_i = d.signature_fields.get(b'i') - self.header_d = d.signature_fields.get(b'd') - self.header_a = d.signature_fields.get(b'a') + try: + self.header_i = d.signature_fields.get(b'i') + except TypeError as x: + self.header_i = None + try: + self.header_d = d.signature_fields.get(b'd') + self.header_a = d.signature_fields.get(b'a') + except Exception as x: + self.dkim_comment = str(x) + if milterconfig.get('Syslog'): + syslog.syslog("check_dkim: {0}".format(x)) + self.header_d = None + if not self.header_a: + self.header_a = 'rsa-sha256' if res: if (milterconfig.get('Syslog') and (milterconfig.get('SyslogSuccess') or @@ -303,20 +319,27 @@ class dkimMilter(Milter.Base): syslog.syslog('DKIM: Fail (saved as {0})' .format(fname)) else: - syslog.syslog('DKIM: Fail ({0})'.format(d.domain.lower())) + if milterconfig.get('Syslog'): + if d.domain: + syslog.syslog('DKIM: Fail ({0})' + .format(d.domain.lower())) + else: + syslog.syslog('DKIM: Fail, unextractable domain') if res: result = 'pass' else: result = 'fail' res = False - self.arresults.append( - authres.DKIMAuthenticationResult(result=result, + if self.header_d: + self.arresults.append( + authres.DKIMAuthenticationResult(result=result, header_i=self.header_i, header_d=self.header_d, header_a=self.header_a, result_comment= self.dkim_comment) ) + self.header_a = None return