From bec6869c78d6899f6ec90678752b2293f0d28cac Mon Sep 17 00:00:00 2001
From: Scott Kitterman <scott@kitterman.com>
Date: Fri, 18 May 2018 18:17:30 -0400
Subject: [PATCH] Detect incorrect version in DKIM public key record (LP:
 #1763815)

---
 ChangeLog        | 1 +
 dkim/__init__.py | 5 +++++
 2 files changed, 6 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 702eb80..84223bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,7 @@ Unreleased Version 0.8.0
       dependencies for dkimpy (LP: #1227526)
     - Fix typo in dknewky(1) for k= tag (Thanks to Andreas Schulze for
       reporting)
+    - Detect incorrect version in DKIM public key record (LP: #1763815)
     - Indicate that ed25519-sha256 is no longer experimental
 
 2018-02-17 Version 0.7.1
diff --git a/dkim/__init__.py b/dkim/__init__.py
index 927e49d..9c71f8d 100644
--- a/dkim/__init__.py
+++ b/dkim/__init__.py
@@ -384,6 +384,11 @@ def load_pk_from_dns(name, dnsfunc=get_txt):
       pub = parse_tag_value(s)
   except InvalidTagValueList as e:
       raise KeyFormatError(e)
+  try:
+      if pub[b'v'] != b'DKIM1':
+          raise KeyFormatError("Unknown DKIM version in public key record: '{0}'".format(pub[b'v']))
+  except KeyError as e:
+      pass
   try:
       if pub[b'k'] == b'ed25519':
           pk = nacl.signing.VerifyKey(pub[b'p'], encoder=nacl.encoding.Base64Encoder)