https://bugs.exim.org/show_bug.cgi?id=3056
Simon Arlott <[email protected]> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID |--- --- Comment #3 from Simon Arlott <[email protected]> --- Re-reading pdkim_parse_sig_header(), it just ignores everything other than [a-z=] which is wrong because it should only be skipping consecutive whitespace before/after the tag name. It will parse things like "12d34=..." as if it were "d=..." and "b h=..." as if it were "bh=...". It does however appear to check the length of the tag, so it shouldn't be parsing "darn=" as "d=". The parsing in pdkim_parse_pubkey_record() is definitely wrong in multiple ways: 1. It is only using the first character even if the tag name is longer and is only performing Exim-like string list handling, which won't support whitespace after the tag name or before the tag value. 2. It's using string_nextinlist() for parsing so it will support doubling of the separator (e.g. ";;"). The RFC does not state how to handle this but Exim will handle it by merging two tags together. I would expect implementations to ignore the empty tag-spec instead. -- You are receiving this mail because: You are on the CC list for the bug. -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-dev.lists.exim.org/ ## unsubscribe (doesn't require an account): ## [email protected] ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
