Incorrect signature in ARC-Seal on LF as linesep
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
dkimpy |
Fix Released
|
Medium
|
Scott Kitterman |
Bug Description
With linesep=b'\n' the generated ARC-Seal header may include a broken b= signature. This happens when the generated ARC-Authenticat
This can be checked by running dkim.arcverify over the ARC-signed mail. It fails for such mail with an error like:
...
DEBUG:
DEBUG:dkimpy:as valid: False
arc verification: cv=b'fail' ARC-Seal[1] did not validate
...
The issue is also confirmed by failed validation at both Gmail and <email address hidden>.
Library version: dkimpy==1.1.5
The following patch can be used to address the issue. This change ensures that self.headers stays canonicalized (regardless of the line separator used) for any newly added headers. The patch also assumes other related bugs are fixed, specifically https:/
--- dkim/canonicali
+++ dkim/canonicali
@@ -58,7 +58,7 @@
return content[:end]
def unfold_
- return re.sub(b"\r\n", b"", content)
+ return re.sub(b"\r?\n", b"", content)
def correct_
--- dkim/__
+++ dkim/__init__.py 2024-02-08 18:01:02.383014187 +0200
@@ -1120,13 +1120,13 @@
# Compute ARC-Authenticat
aar_value = ("i=%d; " % instance)
+ canon_policy = Canonicalizatio
+
new_
- self.headers.
arc_
+ self.headers = canon_policy.
# Compute bh=
- canon_policy = Canonicalizatio
-
self.hasher = HASH_ALGORITHMS
h = HashThrough(
h.
@@ -1154,8 +1154,8 @@
new_
- self.headers.
arc_
+ self.headers = canon_policy.
# Compute ARC-Seal
as_fields = [x for x in [
@@ -1183,8 +1183,8 @@
new_
- self.headers.
arc_
+ self.headers = canon_policy.
new_
Changed in dkimpy: | |
status: | New → Fix Committed |
importance: | Undecided → Medium |
assignee: | nobody → Scott Kitterman (kitterman) |
milestone: | none → 1.1.7 |
Changed in dkimpy: | |
status: | Fix Committed → Fix Released |