Don't crash when asked to verify a badly encoded domain or selector.

dkim/__init__.py

@@ -430,8 +430,11 @@ def verify(message, logger=None, dnsfunc=dnstxt):
         return False
 
     # dnstxt wants Unicode
+    try:
         selector = sig[b's'].decode('ascii')
         domain = sig[b'd'].decode('ascii')
+    except UnicodeDecodeError:
+        return False
     name = "%s._domainkey.%s." % (selector, domain)
     s = dnsfunc(name).encode('utf-8')
     if not s:

dkim/tests/test_dkim.py

@@ -42,7 +42,7 @@ class TestFold(unittest.TestCase):
         # The function is terribly broken, not passing even this simple
         # test.
         self.assertEqual(
-            b"foo"*24 + b"\r\n foo", dkim.fold(b"foo" * 25))
+            b"foo" * 24 + b"\r\n foo", dkim.fold(b"foo" * 25))
 
 
 class TestSignAndVerify(unittest.TestCase):
@@ -68,6 +68,12 @@ class TestSignAndVerify(unittest.TestCase):
         res = dkim.verify(sig + self.message + b"foo", dnsfunc=self.dnsfunc)
         self.assertFalse(res)
 
+    def test_badly_encoded_domain_fails(self):
+        # Domains should be ASCII. Bad ASCII causes verification to fail.
+        sig = dkim.sign(self.message, b"test", b"example.com\xe9", self.key)
+        res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc)
+        self.assertFalse(res)
+
 
 def test_suite():
     from unittest import TestLoader