dkimpy

DKIM.verify() can throw nacl.exceptions.ValueError

Bug #2018021 reported by Matthäus Wander
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
dkimpy
Fix Released
Medium
Scott Kitterman
dkimpy 1.1.3

Bug Description

The following exception caught me by surprise:

  File "/var/www/dkimtest/dkimtester.py", line 159, in analyze_dkim
    valid = d.verify(idx=idx)
  File "/usr/lib/python3/dist-packages/dkim/__init__.py", line 940, in verify
    return self.verify_sig(sig, include_headers, sigheaders[idx], dnsfunc)
  File "/usr/lib/python3/dist-packages/dkim/__init__.py", line 773, in verify_sig
    self.pk, self.keysize, self.ktag, self.seqtlsrpt = load_pk_from_dns(name,
  File "/usr/lib/python3/dist-packages/dkim/__init__.py", line 482, in load_pk_from_dns
    pk, keysize, ktag, seqtlsrpt = evaluate_pk(name, s)
  File "/usr/lib/python3/dist-packages/dkim/__init__.py", line 446, in evaluate_pk
    pk = nacl.signing.VerifyKey(pub[b'p'], encoder=nacl.encoding.Base64Encoder)
  File "/usr/lib/python3/dist-packages/nacl/signing.py", line 69, in __init__
    raise exc.ValueError(
nacl.exceptions.ValueError: The key must be exactly 32 bytes long

The cause is an invalid ed25519 pubkey. I was expecting that DKIM.verify() either returns False or raises a DKIMException.

Is it suppposed to pass through exceptions from nacl?

Revision history for this message
Scott Kitterman (kitterman) wrote :

That should be caught as a dkim.KeyFormatError. Thanks.

Changed in dkimpy:
assignee: nobody → Scott Kitterman (kitterman)
importance: Undecided → Medium
milestone: none → 1.1.3
status: New → Triaged
Scott Kitterman (kitterman)
Changed in dkimpy:
status: Triaged → Fix Committed
Revision history for this message
Matthäus Wander (mwander) wrote :

Thanks! Fix looks good to me.

Scott Kitterman (kitterman)
Changed in dkimpy:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.