DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Correct ARC signing for AR headers with authres-version or comments before resinfo (LP: #2052526) - Thanks to Nikolay Vizovitin for the report and the fix

Browse Source
This commit is contained in:
Scott Kitterman
2024-06-23 17:06:31 -04:00
parent ed5931c0c9
commit 9380655a6e
3 changed files with 11 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dkim/__init__.py
+7 -9
View File
@@ -1052,28 +1052,26 @@ class ARC(DomainSigner):
# extract, parse, filter & group AR headers
ar_headers = [res.strip() for [ar, res] in self.headers if ar == b'Authentication-Results']
grouped_headers = []
parsed_ar_headers = []
for res in ar_headers:
try: # see LP: #1884044
grouped_headers.append((res, authres.AuthenticationResultsHeader.parse('Authentication-Results: ' + res.decode('utf-8'))))
# Note: parsing headers currently strips embedded comments
parsed_ar_headers.append(authres.AuthenticationResultsHeader.parse('Authentication-Results: ' + res.decode('utf-8')))
except authres.core.SyntaxError:
# Skip over invalid AR header fields
pass
auth_headers = [res for res in grouped_headers if res[1].authserv_id == srv_id.decode('utf-8')]
auth_headers = [header for header in parsed_ar_headers if header.authserv_id == srv_id.decode('utf-8')]
if len(auth_headers) == 0:
self.logger.debug("no AR headers found, chain terminated")
return []
# consolidate headers
results_lists = [raw.replace(srv_id + b';', b'').strip() for (raw, parsed) in auth_headers]
results_lists = [tags.split(b';') for tags in results_lists]
results = [tag.strip() for sublist in results_lists for tag in sublist]
auth_results = srv_id + b'; ' + (b';' + self.linesep + b' ').join(results)
results = [res for header in auth_headers for res in header.results]
auth_results = srv_id + b''.join(b';' + self.linesep + b' ' + str(res).encode('utf-8') for res in results)
# extract cv
parsed_auth_results = authres.AuthenticationResultsHeader.parse('Authentication-Results: ' + auth_results.decode('utf-8'))
arc_results = [res for res in parsed_auth_results.results if res.method == 'arc']
arc_results = [res for res in results if res.method == 'arc']
if len(arc_results) == 0:
chain_validation_status = CV_None
elif len(arc_results) != 1: