From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Thu, 7 Dec 2017 20:17:16 +0000 (+0000)
Subject: [Fix] Allow oversigning in DKIM signatures
X-Git-Tag: 1.7.0~364
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1e929b744952674120545cbbd1643b6fd1910aab;p=thirdparty%2Frspamd.git

[Fix] Allow oversigning in DKIM signatures
---

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 0f296eaab5..a9c4ae66f1 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2090,7 +2090,10 @@ rspamd_dkim_canonize_header (struct rspamd_dkim_common_ctx *ctx,
 				rh_num = ar->len - count - 1;
 			}
 			else {
-				/* Absence of header is just NULL signature update */
+				/*
+				 * If DKIM has less headers requested than there are in a
+				 * message, then it's fine, it allows adding extra headers
+				 */
 				return TRUE;
 			}
 
@@ -2791,10 +2794,11 @@ rspamd_dkim_sign (struct rspamd_task *task, const gchar *selector,
 		if (g_hash_table_lookup (task->raw_headers, dh->name)) {
 			rspamd_dkim_canonize_header (&ctx->common, task, dh->name, dh->count,
 					NULL, NULL);
+		}
 
-			for (j = 0; j < dh->count + 1; j++) {
-				rspamd_printf_gstring (hdr, "%s:", dh->name);
-			}
+		/* We allow oversigning if dh->count > number of headers with this name */
+		for (j = 0; j < dh->count + 1; j++) {
+			rspamd_printf_gstring (hdr, "%s:", dh->name);
 		}
 	}