diff --git a/RELEASE_NOTES b/RELEASE_NOTES index 17d27b8a..88b6134d 100644 --- a/RELEASE_NOTES +++ b/RELEASE_NOTES @@ -4,6 +4,9 @@ This listing shows the versions of the OpenDKIM package, the date of release, and a summary of the changes in that release. 2.10.2 2015/??/?? + Fix bug #221: Report a DKIM result of "policy" if MinimumKeyBits + or UnprotectedKey cause the signature to result in a "pass" + override. Reported by Kurt Roeckx. LIBOPENDKIM: Fix bug #226: Deal with header fields that are wrpaped before there's any content. Reported by Alessandro Vesely. diff --git a/opendkim/opendkim.c b/opendkim/opendkim.c index 657d16b1..358b5029 100644 --- a/opendkim/opendkim.c +++ b/opendkim/opendkim.c @@ -10560,6 +10560,19 @@ dkimf_ar_all_sigs(char *hdr, size_t hdrlen, DKIM *dkim, { result = "temperror"; } + else if (sigerror == DKIM_SIGERROR_KEYTOOSMALL) + { + const char *err; + + result = "policy"; + + err = dkim_sig_geterrorstr(dkim_sig_geterror(sigs[c])); + if (err != NULL) + { + snprintf(comment, sizeof comment, + " reason=\"%s\"", err); + } + } else if ((dkim_sig_getflags(sigs[c]) & DKIM_SIGFLAG_PROCESSED) != 0 && ((dkim_sig_getflags(sigs[c]) & DKIM_SIGFLAG_PASSED) == 0 || dkim_sig_getbh(sigs[c]) != DKIM_SIGBH_MATCH)) @@ -10598,6 +10611,7 @@ dkimf_ar_all_sigs(char *hdr, size_t hdrlen, DKIM *dkim, if (conf->conf_unprotectedkey == DKIMF_KEYACTIONS_FAIL) { *status = DKIMF_STATUS_BAD; + result = "policy"; } else if (conf->conf_unprotectedkey == DKIMF_KEYACTIONS_NEUTRAL) {