From 264230308cd5b47cb24f115f9f71d1ac334a6ca6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Cruz?= Date: Thu, 30 Mar 2023 16:02:46 +0100 Subject: [PATCH] fix correct AMS header selection When we are verifying the ARC seal we need to fetch the raw AMS header from the header list. But it's not enough to return the first one we find, since we may be interested in a different arc seal, we need to search for the correct ARC index. --- dkim/__init__.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/dkim/__init__.py b/dkim/__init__.py index 73d095f..c2e77e9 100644 --- a/dkim/__init__.py +++ b/dkim/__init__.py @@ -1293,7 +1293,9 @@ class ARC(DomainSigner): # we can't use the AMS provided above, as it's already been canonicalized relaxed # for use in validating the AS. However the AMS is included in the AMS itself, # and this can use simple canonicalization - raw_ams_header = [(x, y) for (x, y) in self.headers if x.lower() == b'arc-message-signature'][0] + raw_ams_header = [ + (x, y) for (x, y) in self.headers if x.lower() == b'arc-message-signature' and b" i="+sig[b'i']+b";" in y.lower() + ][0] # Only relaxed canonicalization used by ARC if b'c' not in sig: