[Minor] Dkim: Use IDNA translation in DKIM checks as well

5 years ago · cddc9021de
3 changed files with 49 additions and 8 deletions
--- a/src/libserver/dkim.c
+++ b/src/libserver/dkim.c
@ -130,6 +130,7 @@ enum rspamd_arc_seal_cv {
 struct rspamd_dkim_context_s {
 	struct rspamd_dkim_common_ctx common;
 	rspamd_mempool_t *pool;
+	struct rspamd_dns_resolver *resolver;
 	gsize blen;
 	gsize bhlen;
 	gint sig_alg;
@ -333,8 +334,25 @@ rspamd_dkim_parse_domain (rspamd_dkim_context_t * ctx,
 	gsize len,
 	GError **err)
 {
-	ctx->domain = rspamd_mempool_alloc (ctx->pool, len + 1);
-	rspamd_strlcpy (ctx->domain, param, len + 1);
+	if (!rspamd_str_has_8bit (param, len)) {
+		ctx->domain = rspamd_mempool_alloc (ctx->pool, len + 1);
+		rspamd_strlcpy (ctx->domain, param, len + 1);
+	}
+	else {
+		ctx->domain = rspamd_dns_resolver_idna_convert_utf8 (ctx->resolver,
+				ctx->pool, param, len, NULL);
+
+		if (!ctx->domain) {
+			g_set_error (err,
+					DKIM_ERROR,
+					DKIM_SIGERROR_INVALID_H,
+					"invalid dkim domain tag %*.s: idna failed",
+					(int)len, param);
+
+			return FALSE;
+		}
+	}
+
 	return TRUE;
 }

@ -416,8 +434,26 @@ rspamd_dkim_parse_selector (rspamd_dkim_context_t * ctx,
 	gsize len,
 	GError **err)
 {
-	ctx->selector = rspamd_mempool_alloc (ctx->pool, len + 1);
-	rspamd_strlcpy (ctx->selector, param, len + 1);
+
+	if (!rspamd_str_has_8bit (param, len)) {
+		ctx->selector = rspamd_mempool_alloc (ctx->pool, len + 1);
+		rspamd_strlcpy (ctx->selector, param, len + 1);
+	}
+	else {
+		ctx->selector = rspamd_dns_resolver_idna_convert_utf8 (ctx->resolver,
+				ctx->pool, param, len, NULL);
+
+		if (!ctx->selector) {
+			g_set_error (err,
+					DKIM_ERROR,
+					DKIM_SIGERROR_INVALID_H,
+					"invalid dkim selector tag %*.s: idna failed",
+					(int)len, param);
+
+			return FALSE;
+		}
+	}
+
 	return TRUE;
 }

@ -758,10 +794,11 @@ rspamd_dkim_add_arc_seal_headers (rspamd_mempool_t *pool,
 */
 rspamd_dkim_context_t *
 rspamd_create_dkim_context (const gchar *sig,
-		rspamd_mempool_t *pool,
-		guint time_jitter,
-		enum rspamd_dkim_type type,
-		GError **err)
+							rspamd_mempool_t *pool,
+							struct rspamd_dns_resolver *resolver,
+							guint time_jitter,
+							enum rspamd_dkim_type type,
+							GError **err)
 {
 	const gchar *p, *c, *tag = NULL, *end;
 	gsize taglen;
@ -788,6 +825,7 @@ rspamd_create_dkim_context (const gchar *sig,

 	ctx = rspamd_mempool_alloc0 (pool, sizeof (rspamd_dkim_context_t));
 	ctx->pool = pool;
+	ctx->resolver = resolver;

 	if (type == RSPAMD_DKIM_ARC_SEAL) {
 		ctx->common.header_canon_type = DKIM_CANON_RELAXED;
--- a/src/libserver/dkim.h
+++ b/src/libserver/dkim.h
@ -166,6 +166,7 @@ typedef void (*dkim_key_handler_f) (rspamd_dkim_key_t *key, gsize keylen,
 */
 rspamd_dkim_context_t *rspamd_create_dkim_context (const gchar *sig,
 												   rspamd_mempool_t *pool,
+												   struct rspamd_dns_resolver *resolver,
 												   guint time_jitter,
 												   enum rspamd_dkim_type type,
 												   GError **err);
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@ -1187,6 +1187,7 @@ dkim_symbol_callback (struct rspamd_task *task,

 			ctx = rspamd_create_dkim_context (rh_cur->decoded,
 					task->task_pool,
+					task->resolver,
 					dkim_module_ctx->time_jitter,
 					RSPAMD_DKIM_NORMAL,
 					&err);
@ -1508,6 +1509,7 @@ lua_dkim_verify_handler (lua_State *L)

 		ctx = rspamd_create_dkim_context (sig,
 				task->task_pool,
+				task->resolver,
 				dkim_module_ctx->time_jitter,
 				type,
 				&err);