From f4dff24d6829d0365d827333698b5afd02b76a0c Mon Sep 17 00:00:00 2001
From: Scott Kitterman <scott@kitterman.com>
Date: Sun, 16 Jan 2022 18:21:10 -0500
Subject: [PATCH] Add domain validity check for ascii domains (no specials)

---
 ChangeLog        |  1 +
 dkim/__init__.py | 10 ++++++++++
 2 files changed, 11 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index fd8e9f2..3508111 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,4 +1,5 @@
 Version 1.1
+    - Add domain validity check for ascii domains (no specials)
     - Add option to specify index number of signature to verify to dkimverify
       (Thanks to Nick Baugh for the change)
     - Correct signature indexing error introduced in 1.0.0 that prevents
diff --git a/dkim/__init__.py b/dkim/__init__.py
index cc50915..acdad51 100644
--- a/dkim/__init__.py
+++ b/dkim/__init__.py
@@ -286,6 +286,16 @@ def validate_signature_fields(sig, mandatory_fields=[b'v', b'a', b'b', b'bh', b'
     if b'cv' in sig and sig[b'cv'] not in (CV_Pass, CV_Fail, CV_None):
         raise ValidationError("cv= value is not valid (%s)" % sig[b'cv'])
 
+    # Limit domain validation to ASCII domains because too hard
+    try:
+        str(sig[b'd'], 'ascii')
+        # No specials, which is close enough
+        if re.findall(b"[\(\)<>\[\]:;@\\,]", sig[b'd']):
+            raise ValidationError("d= value is not valid (%s)" % sig[b'd'])
+    except UnicodeDecodeError as e:
+        # Not an ASCII domain
+        pass
+
     # Nasty hack to support both str and bytes... check for both the
     # character and integer values.
     if not arc and b'i' in sig and (