Fix bug #221: Report a DKIM result of "policy" if MinimumKeyBits

or UnprotectedKey cause the signature to result in a "pass" override. Reported by Kurt Roeckx.
trusteddomainproject · Apr 29, 2015 · 166b0c5 · 166b0c5
1 parent a9f1673
commit 166b0c5
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 0 deletions.
diff --git a/RELEASE_NOTES b/RELEASE_NOTES
@@ -4,6 +4,9 @@ This listing shows the versions of the OpenDKIM package, the date of
 release, and a summary of the changes in that release.
 
 2.10.2		2015/??/??
+	Fix bug #221: Report a DKIM result of "policy" if MinimumKeyBits
+		or UnprotectedKey cause the signature to result in a "pass"
+		override.  Reported by Kurt Roeckx.
 	LIBOPENDKIM: Fix bug #226: Deal with header fields that are
 		wrpaped before there's any content.  Reported by
 		Alessandro Vesely.

diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c
@@ -10560,6 +10560,19 @@ dkimf_ar_all_sigs(char *hdr, size_t hdrlen, DKIM *dkim,
 			{
 				result = "temperror";
 			}
+			else if (sigerror == DKIM_SIGERROR_KEYTOOSMALL)
+			{
+				const char *err;
+
+				result = "policy";
+
+				err = dkim_sig_geterrorstr(dkim_sig_geterror(sigs[c]));
+				if (err != NULL)
+				{
+					snprintf(comment, sizeof comment,
+					         " reason=\"%s\"", err);
+				}
+			}
 			else if ((dkim_sig_getflags(sigs[c]) & DKIM_SIGFLAG_PROCESSED) != 0 &&
 			         ((dkim_sig_getflags(sigs[c]) & DKIM_SIGFLAG_PASSED) == 0 ||
 			          dkim_sig_getbh(sigs[c]) != DKIM_SIGBH_MATCH))
@@ -10598,6 +10611,7 @@ dkimf_ar_all_sigs(char *hdr, size_t hdrlen, DKIM *dkim,
 				if (conf->conf_unprotectedkey == DKIMF_KEYACTIONS_FAIL)
 				{
 					*status = DKIMF_STATUS_BAD;
+					result = "policy";
 				}
 				else if (conf->conf_unprotectedkey == DKIMF_KEYACTIONS_NEUTRAL)
 				{