From 59e9dd2cb58c19113280e68d2fbc19f8b8c2f994 Mon Sep 17 00:00:00 2001 From: Scott Kitterman Date: Sat, 25 Feb 2023 17:16:53 -0500 Subject: [PATCH] Correct base64 validation regexp so that valid signature with == split between two lines are not incorrectly evaluated as invalid (LP: #2002295) - Thanks to for the report and the proposed fix --- ChangeLog | 4 ++++ dkim/__init__.py | 4 ++-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 35cde20..d6236cb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,6 +19,10 @@ Version 1.1.0 along with timeout error from dnspython (LP: #1873449) - Invalid Authentication-Results header fields are ignored for ARC signing (LP: #1884044) + - Correct base64 validation regexp so that valid signature with == split + between two lines are not incorrectly evaluated as invalid (LP: + #2002295) - Thanks to for the report and + the proposed fix 2019-12-31 Version 1.0.2 - dknewkey: On posix operating systems set file permissions to 600 for diff --git a/dkim/__init__.py b/dkim/__init__.py index 52d1c8b..73d095f 100644 --- a/dkim/__init__.py +++ b/dkim/__init__.py @@ -284,13 +284,13 @@ def validate_signature_fields(sig, mandatory_fields=[b'v', b'a', b'b', b'bh', b' raise ValidationError("unknown signature algorithm: %s" % sig[b'a']) if b'b' in sig: - if re.match(br"[\s0-9A-Za-z+/]+=*$", sig[b'b']) is None: + if re.match(br"[\s0-9A-Za-z+/]+[\s=]*$", sig[b'b']) is None: raise ValidationError("b= value is not valid base64 (%s)" % sig[b'b']) if len(re.sub(br"\s+", b"", sig[b'b'])) % 4 != 0: raise ValidationError("b= value is not valid base64 (%s)" % sig[b'b']) if b'bh' in sig: - if re.match(br"[\s0-9A-Za-z+/]+=*$", sig[b'bh']) is None: + if re.match(br"[\s0-9A-Za-z+/]+[\s=]*$", sig[b'b']) is None: raise ValidationError("bh= value is not valid base64 (%s)" % sig[b'bh']) if len(re.sub(br"\s+", b"", sig[b'bh'])) % 4 != 0: raise ValidationError("bh= value is not valid base64 (%s)" % sig[b'bh'])