commit 36daa2d4bbadd128a286caf4ecdf800c45c65aa3
from: Kirill A. Korinsky <kirill@korins.ky>
date: Mon Jun  2 19:56:33 2025 UTC

Never swallow an email with malformed AR header

commit - e460eef30231db889b0e8538e92f00a1efa0f191
commit + 36daa2d4bbadd128a286caf4ecdf800c45c65aa3
blob - 26c5f7a1bd0c765e5993e9fbaec66af7277add29
blob + 9b1b427984b0c93f53dfc1b7c504a78863566cdd
--- main.c
+++ main.c
@@ -155,7 +155,7 @@ void dkim_rr_resolve(struct asr_result *, void *);
 void dkim_message_verify(struct message *);
 ssize_t dkim_ar_cat(char **ar, size_t *n, size_t aroff, const char *fmt, ...)
     __attribute__((__format__ (printf, 4, 5)));
-void dkim_ar_print(struct osmtpd_ctx *, const char *);
+int dkim_ar_print(struct osmtpd_ctx *, const char *);
 int dkim_key_text_parse(struct signature *, const char *);
 
 char *authservid;
@@ -1646,7 +1646,10 @@ dkim_message_verify(struct message *msg)
 			goto fail;
 		}
 	}
-	dkim_ar_print(msg->ctx, line);
+	if (dkim_ar_print(msg->ctx, line) != 0) {
+		dkim_err(msg, "Mallformed AR header");
+		goto fail;
+	}
 
 	rewind(msg->origf);
 	while ((n = getline(&line, &linelen, msg->origf)) != -1) {
@@ -1660,7 +1663,7 @@ dkim_message_verify(struct message *msg)
 	return;
 }
 
-void
+int
 dkim_ar_print(struct osmtpd_ctx *ctx, const char *start)
 {
 	const char *scan, *checkpoint, *ncheckpoint;
@@ -1683,7 +1686,7 @@ dkim_ar_print(struct osmtpd_ctx *ctx, const char *star
 			    arlen, start);
 			start = osmtpd_ltok_skip_cfws(checkpoint, 1);
 			if (*start == '\0')
-				return;
+				return 0;
 			ncheckpoint = start;
 			scan = start;
 			arlen = 8;
@@ -1714,13 +1717,14 @@ dkim_ar_print(struct osmtpd_ctx *ctx, const char *star
 			}
 
 			if (ncheckpoint == NULL)
-				osmtpd_errx(1, "Invalid AR line: |%s", scan);
+				return -1;
 
 			if (*ncheckpoint == ';')
 				ncheckpoint++;
 		}
 	}
 	osmtpd_filter_dataline(ctx, "%s%s", first ? "" : "\t", start);
+	return 0;
 }
 
 ssize_t