Package: python-dkim
Version: 0.5.3-1
Severity: important
Tags: patch
Hi,
it seems that python-dkim handles folded headers incorrectly.
In partitular, attached tstmail-1 verifies correctly while tstmail-2
does not.
The diff between these is:
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:sender:from:date:x-google-sender-auth:message-id
:subject:to:content-type;
bh=NRDGmXYX648Rm6cs06aAQIE77gu68nsSHYB4kAMm7QQ=;
b=VaN3KmNPlU1uSNproy8wF+6qwTUKEcyzanoPSo/u8P0p8rtHgQpOW5/nJ+/ExQ9jKN
FWTyZ9PLecg/0De0QYV18GQovYb3PVUCDHS7dYzfWp072lFPAhISUancFc30amzRPXcy
J2lnvgoPcFuqDh5tLPchz8LdeIL0hMr2Xt+xEibHftqYT0JRXX4LXkZdO/b/i825qMtL
W51wBB0V6L1ZU156A9cZWQWvwnQ/lV7PV7AwRqGbIESguRLfCbM+UIAGoCR8QtTO0lkY
- bGqPQucn+1eZZUNsEJAWFI6eo2MmxY/FABEURGYAukaTg13UC9W+O6kGPH5iS5aRpAAT
- eKbQ==
+ bGqPQucn+1eZZUNsEJAWFI6eo2MmxY/FABEURGYAukaTg13UC9W+O6kGPH5iS5aRpAAT
eKbQ==
} weasel@valiant:~/tmp/dkimpy-0.5.3$ ./dkimverify.py < ~/tmp/tstmail-1
} signature ok
} weasel@valiant:~/tmp/dkimpy-0.5.3$ ./dkimverify.py < ~/tmp/tstmail-2
} signature verification failed
I think the problem is due to an incorrect regex for FWS in
dkim/__init__.py. The followed patch fixes ti:
--- dkim/__init__.py.orig 2013-06-09 12:44:56.036635416 +0200
+++ dkim/__init__.py 2013-06-09 12:46:36.396127067 +0200
@@ -118,7 +118,8 @@
lastindex[h] = i
return sign_headers
-FWS = r'(?:\r?\n\s+)?'
+# FWS = ([*WSP CRLF] 1*WSP) / obs-FWS ; Folding white space [RFC5322]
+FWS = r'(?:(?:\s*\r?\n)?\s+)?'
RE_BTAG =
re.compile(r'([;\s]b'+FWS+r'=)(?:'+FWS+r'[a-zA-Z0-9+/=])*(?:\r?\n\Z)?')
def hash_headers(hasher, canonicalize_headers, headers, include_headers,
That is, FWS is one or more whitespaces with one *optional* linebreak.
Maybe this could even be fixed in Debian stable?
Cheers,
weasel
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:sender:from:date:x-google-sender-auth:message-id
:subject:to:content-type;
bh=NRDGmXYX648Rm6cs06aAQIE77gu68nsSHYB4kAMm7QQ=;
b=VaN3KmNPlU1uSNproy8wF+6qwTUKEcyzanoPSo/u8P0p8rtHgQpOW5/nJ+/ExQ9jKN
FWTyZ9PLecg/0De0QYV18GQovYb3PVUCDHS7dYzfWp072lFPAhISUancFc30amzRPXcy
J2lnvgoPcFuqDh5tLPchz8LdeIL0hMr2Xt+xEibHftqYT0JRXX4LXkZdO/b/i825qMtL
W51wBB0V6L1ZU156A9cZWQWvwnQ/lV7PV7AwRqGbIESguRLfCbM+UIAGoCR8QtTO0lkY
bGqPQucn+1eZZUNsEJAWFI6eo2MmxY/FABEURGYAukaTg13UC9W+O6kGPH5iS5aRpAAT
eKbQ==
MIME-Version: 1.0
Sender: kaner.m...@gmail.com
Received: by 10.42.92.137 with HTTP; Sun, 9 Jun 2013 02:37:02 -0700 (PDT)
From: Christian Fromme <c...@strace.org>
Date: Sun, 9 Jun 2013 11:37:02 +0200
X-Google-Sender-Auth: ZkDaYkXZHozJZyNGgvWFlv78IRY
Message-ID: <cabop5ezogosxqxv1puhczdf-w3xpofpsbsm8o8lx5crx-eq...@mail.gmail.com>
Subject: DKIM test mail #1
To: get...@gettor.torproject.org
Content-Type: text/plain; charset=ISO-8859-1
Hello, DKIM
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:sender:from:date:x-google-sender-auth:message-id
:subject:to:content-type;
bh=NRDGmXYX648Rm6cs06aAQIE77gu68nsSHYB4kAMm7QQ=;
b=VaN3KmNPlU1uSNproy8wF+6qwTUKEcyzanoPSo/u8P0p8rtHgQpOW5/nJ+/ExQ9jKN
FWTyZ9PLecg/0De0QYV18GQovYb3PVUCDHS7dYzfWp072lFPAhISUancFc30amzRPXcy
J2lnvgoPcFuqDh5tLPchz8LdeIL0hMr2Xt+xEibHftqYT0JRXX4LXkZdO/b/i825qMtL
W51wBB0V6L1ZU156A9cZWQWvwnQ/lV7PV7AwRqGbIESguRLfCbM+UIAGoCR8QtTO0lkY
bGqPQucn+1eZZUNsEJAWFI6eo2MmxY/FABEURGYAukaTg13UC9W+O6kGPH5iS5aRpAAT
eKbQ==
MIME-Version: 1.0
Sender: kaner.m...@gmail.com
Received: by 10.42.92.137 with HTTP; Sun, 9 Jun 2013 02:37:02 -0700 (PDT)
From: Christian Fromme <c...@strace.org>
Date: Sun, 9 Jun 2013 11:37:02 +0200
X-Google-Sender-Auth: ZkDaYkXZHozJZyNGgvWFlv78IRY
Message-ID: <cabop5ezogosxqxv1puhczdf-w3xpofpsbsm8o8lx5crx-eq...@mail.gmail.com>
Subject: DKIM test mail #1
To: get...@gettor.torproject.org
Content-Type: text/plain; charset=ISO-8859-1
Hello, DKIM
