Message ID | 20210607100252.8253-2-paul@pbarker.dev (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
Series | Improvements to DKIM signature verification | expand |
diff --git a/b4/__init__.py b/b4/__init__.py index a163364..168b722 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -1006,6 +1006,10 @@ class LoreMessage: seenatts = list() for hn, hval in dkhdrs: + # Handle MIME encoded-word syntax or other types of header encoding if + # present. + if '?q?' in hval: + hval = str(email.header.make_header(email.header.decode_header(hval))) errors = list() hdata = LoreMessage.get_parts_from_header(hval) logger.debug('Loading DKIM attestation for d=%s, s=%s', hdata['d'], hdata['s'])
As recently found in patatt [1], mail gateways and archivers may mangle headers like DKIM-Signature if they are sent as an excessively long line. An example of this occuring was found when the DKIM-Signature header generated by Microsoft Office 365 collided with the header re-encoding performed by lists.sr.ht when generating mbox archive files. This encoding causes dkim.verify() to fail. The Python email.header module provides the decode_header() and make_header() functions which can be used to handle MIME encoded-word syntax or other header manglings which may occur. Fixing up the header content using these functions before calling dkim.verify() allows the verification to succeed. [1]: https://lore.kernel.org/tools/20210531140539.7630-1-paul@pbarker.dev/ Signed-off-by: Paul Barker <paul@pbarker.dev> --- b4/__init__.py | 4 ++++ 1 file changed, 4 insertions(+)