From: Vsevolod Stakhov <vsevolod@rspamd.com>
Date: Sat, 18 May 2024 14:20:47 +0000 (+0100)
Subject: [Feature] Verify sanity of l= tag in DKIM
X-Git-Tag: 3.9.0~37^2~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8e245d29b27dcba15b651b4f1eea96f8d2ba526d;p=thirdparty%2Frspamd.git

[Feature] Verify sanity of l= tag in DKIM
---

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 3134b0ecf9..cff8152b67 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2129,7 +2129,8 @@ end:
 }
 
 static gboolean
-rspamd_dkim_canonize_body(struct rspamd_dkim_common_ctx *ctx,
+rspamd_dkim_canonize_body(struct rspamd_task *task,
+						  struct rspamd_dkim_common_ctx *ctx,
 						  const char *start,
 						  const char *end,
 						  gboolean sign)
@@ -2149,7 +2150,20 @@ rspamd_dkim_canonize_body(struct rspamd_dkim_common_ctx *ctx,
 			EVP_DigestUpdate(ctx->body_hash, "", 0);
 		}
 	}
-	else {
+	else if (end > start) {
+		/* Add sanity checks for ctx->len */
+		if (ctx->len > 0) {
+			if (ctx->len < 2 && end - start > 2) {
+				msg_info_task("DKIM l tag is invalid: %d (%d actual size)", (int) ctx->len, (int) (end - start));
+				return FALSE;
+			}
+			if (ctx->len + 2 < (double) (end - start) * 0.9) {
+				msg_info_task("DKIM l tag does not cover enough of the body: %d (%d actual size)",
+							  (int) ctx->len, (int) (end - start));
+				return FALSE;
+			}
+		}
+
 		/* Strip extra ending CRLF */
 		p = rspamd_dkim_skip_empty_lines(start, end, ctx->body_canon_type,
 										 sign, &need_crlf);