From: Vsevolod Stakhov <vsevolod@highsecure.ru>
Date: Mon, 2 Oct 2017 19:49:25 +0000 (+0100)
Subject: [Fix] Fix DKIM forgeries via multiple headers
X-Git-Tag: 1.7.0~590
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=56ef361fe2a1a3b8d12f4cc2ef404c29b39b7c48;p=thirdparty%2Frspamd.git

[Fix] Fix DKIM forgeries via multiple headers

MFH: rspamd-1.6
URL: http://noxxi.de/research/breaking-dkim-on-purpose-and-by-chance.html
---

diff --git a/src/libserver/dkim.c b/src/libserver/dkim.c
index 29cb30fb9c..2a2e7a7a76 100644
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@@ -2062,6 +2062,22 @@ rspamd_dkim_canonize_header (struct rspamd_dkim_common_ctx *ctx,
 		ar = g_hash_table_lookup (task->raw_headers, header_name);
 
 		if (ar) {
+			/* Check uniqueness of the header */
+			rh = g_ptr_array_index (ar, 0);
+			if ((rh->type & RSPAMD_HEADER_UNIQUE) && ar->len > 1) {
+				guint64 random_cookie = ottery_rand_uint64 ();
+
+				msg_warn_dkim ("header %s is intended to be unique by"
+						" email standards, but we have %d headers of this"
+						" type, artificially break DKIM check", header_name,
+						ar->len);
+				rspamd_dkim_hash_update (ctx->headers_hash,
+						(const gchar *)&random_cookie,
+						sizeof (random_cookie));
+
+				return FALSE;
+			}
+
 			if (ar->len > count) {
 				/* Set skip count */
 				rh_num = ar->len - count - 1;