- Catch more ascii encoding errors to improve resilience against bad data

(LP: #1844189)
2019-09-23 11:52:17 -04:00
parent 5322c81027
commit 7986de6629
2 changed files with 32 additions and 7 deletions
@@ -4,6 +4,8 @@
   as verifying works correctly
 - Fix variable initialization so mailformed mails missing body From do not
   cause a traceback (LP: #1844161)
+ - Catch more ascii encoding errors to improve resilience against bad data
+   (LP: #1844189)

 1.0.1 2019-02-11
 * Reorder milter start and dropping privileges so permissions on Unix socket
@@ -141,7 +141,11 @@ class dkimMilter(Milter.Base):
        elif lname == 'authentication-results':
            self.arheaders.append(val)
        if self.fp:
-            self.fp.write("%s: %s\n" % (name, val))
+            try:
+                self.fp.write("%s: %s\n" % (name, val))
+            except:
+                # Don't choke on header fields with garbage in them.
+                pass
        return Milter.CONTINUE

    @Milter.noreply
@@ -255,6 +259,7 @@ class dkimMilter(Milter.Base):

    def check_dkim(self, txt):
        res = False
+        self.header_a = None
        for y in range(self.has_dkim):  # Verify _ALL_ the signatures
            d = dkim.DKIM(txt)
            try:
@@ -281,9 +286,20 @@ class dkimMilter(Milter.Base):
                self.dkim_comment = str(x)
                if milterconfig.get('Syslog'):
                    syslog.syslog("check_dkim: {0}".format(x))
-            self.header_i = d.signature_fields.get(b'i')
-            self.header_d = d.signature_fields.get(b'd')
-            self.header_a = d.signature_fields.get(b'a')
+            try:
+                self.header_i = d.signature_fields.get(b'i')
+            except TypeError as x:
+                self.header_i = None
+            try:
+                self.header_d = d.signature_fields.get(b'd')
+                self.header_a = d.signature_fields.get(b'a')
+            except Exception as x:
+                self.dkim_comment = str(x)
+                if milterconfig.get('Syslog'):
+                    syslog.syslog("check_dkim: {0}".format(x))
+                self.header_d = None
+            if not self.header_a:
+                self.header_a = 'rsa-sha256'
            if res:
                if (milterconfig.get('Syslog') and
                        (milterconfig.get('SyslogSuccess') or
@@ -303,20 +319,27 @@ class dkimMilter(Milter.Base):
                        syslog.syslog('DKIM: Fail (saved as {0})'
                                      .format(fname))
                else:
-                    syslog.syslog('DKIM: Fail ({0})'.format(d.domain.lower()))
+                    if milterconfig.get('Syslog'):
+                        if d.domain:
+                            syslog.syslog('DKIM: Fail ({0})'
+                                          .format(d.domain.lower()))
+                        else:
+                            syslog.syslog('DKIM: Fail, unextractable domain')
            if res:
                result = 'pass'
            else:
                result = 'fail'
            res = False
-            self.arresults.append(
-                authres.DKIMAuthenticationResult(result=result,
+            if self.header_d:
+                self.arresults.append(
+                    authres.DKIMAuthenticationResult(result=result,
                                                 header_i=self.header_i,
                                                 header_d=self.header_d,
                                                 header_a=self.header_a,
                                                 result_comment=
                                                 self.dkim_comment)
            )
+            self.header_a = None
        return