dkimpy

internally catch binascii errors

Bug #1854477 reported by lukn on 2019-11-29

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	dkimpy	Fix Released	Medium	Scott Kitterman	dkimpy 1.0.0

Bug Description

File "/whatever/is/my/funny/project.py", line xxx, in functionname
    valid = d.verify()
  File "/usr/lib/python3.6/site-packages/dkim/__init__.py", line 879, in verify
    return self.verify_sig(sig, include_headers, sigheaders[idx], dnsfunc)
  File "/usr/lib/python3.6/site-packages/dkim/__init__.py", line 674, in verify_sig
    pk, self.keysize, ktag = load_pk_from_dns(name, dnsfunc)
  File "/usr/lib/python3.6/site-packages/dkim/__init__.py", line 447, in load_pk_from_dns
    pk = parse_public_key(base64.b64decode(pub[b'p']))
  File "/usr/lib64/python3.6/base64.py", line 87, in b64decode
    return binascii.a2b_base64(s)
binascii.Error: Incorrect padding

such errors occur due to broken public keys in DNS records. as there is not much that could be done about this, such binascii errors should be caught internally and just logged.

I guess verification should be considered as failed in such cases...

Scott Kitterman (kitterman) on 2019-12-04

Changed in dkimpy:
importance:	Undecided → Medium
milestone:	none → 1.0.0
status:	New → Triaged

Scott Kitterman (kitterman) on 2019-12-08

Changed in dkimpy:
assignee:	nobody → Scott Kitterman (kitterman)

Revision history for this message

Scott Kitterman (kitterman) wrote on 2019-12-08:

Catch binascii related key format errors (LP: #1854477)

Changed in dkimpy:
assignee:	Scott Kitterman (kitterman) → nobody
status:	Triaged → Fix Committed

Revision history for this message

Scott Kitterman (kitterman) wrote on 2019-12-09:

It's now treated like other key errors. You'll get a keyerror if there is a logger.

Changed in dkimpy:
assignee:	nobody → Scott Kitterman (kitterman)

Revision history for this message

Scott Kitterman (kitterman) wrote on 2019-12-09:

2019-12-09 Version 1.0.0
    - Add support for RFC 8460 tlsrpt DKIM signature processing (LP: #1847020)
    - Add async support with aiodns for DKIM verification (ARC not supported)
      (LP: #1847002)
    - Add new timeout parameter to enable DNS lookup timeouts to be adjusted
    - Add new DKIM.present function to allow applications to test if a DKIM
      signature is present without doing validation (LP: #1851141)
    - Support signature verification with RSAPublicKey formatted keys
      since, although rare, they are RFC 6376 specified (LP: #1851862)
    - Drop usage of pymilter Milter.dns in dnsplug since it doesn't support
      havine a timeout passed to it
    - Catch binascii related key format errors (LP: #1854477)

Changed in dkimpy:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.