Bug 1106 - % in dkim signature logged to paniclog
% in dkim signature logged to paniclog
Status: RESOLVED FIXED
Product: Exim
Classification: Unclassified
Component: DKIM
4.72
Other Linux
: medium bug
: Exim 4.77
Assigned To: Tom Kistner
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-04-29 16:01 UTC by Suresh Ramasubramanian
Modified: 2023-01-01 10:00 UTC (History)
3 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Suresh Ramasubramanian 2011-04-29 16:01:39 UTC
Email from John Levine below - says it all I think.

thanks
--srs

-------- Original Message --------
Subject: Re: dkim plugin in exim 4.72 doesnt seem to like your signature ..
Date: 29 Apr 2011 10:50:50 -0400
From: John R. Levine <johnl@iecc.com>
To: Suresh Ramasubramanian <suresh@hserus.net>

It's a buglet in exim, which seems to be misinterpreting percent signs as printf codes or something.

In DKIM signatures, percent signs aren't special.


On Fri, 29 Apr 2011, Suresh Ramasubramanian wrote:

> 2011-04-29 02:34:28 1QFk5k-0003Ry-NL string_format: unsupported type in
> "%i" in "DKIM: d=iecc.com s=4330.4db9faa9.k1104 c=simple/simple
> a=rsa-sha256 i=spamfighter%iecc.com@submit.iecc.com [verification
> succeeded]"
> 2011-04-29 03:06:34 1QFkao-0003VB-Lv string_format: unsupported type in
> "%i" in "DKIM: d=iecc.com s=4330.4db9faa9.k1104 c=simple/simple
> a=rsa-sha256 i=spamfighter%iecc.com@submit.iecc.com [verification
> succeeded]"
> 2011-04-29 03:37:32 1QFl4m-0003Xa-C0 string_format: unsupported type in
> "%i" in "DKIM: d=iecc.com s=4330.4db9faa9.k1104 c=simple/simple
> a=rsa-sha256 i=spamfighter%iecc.com@submit.iecc.com [verification
> succeeded]"
>
> etc
>
>

Regards,
John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. http://jl.ly
Comment 1 Tom Kistner 2011-04-30 13:21:53 UTC
Thanks Suresh, fix is pushed.
Comment 2 Git Commit 2011-04-30 14:17:05 UTC
Git commit: http://git.exim.org/exim.git/commitdiff/337e3505b0e6cd4309db6bf6062b33fa56e06cf8

commit 337e3505b0e6cd4309db6bf6062b33fa56e06cf8
Author:     Tom Kistner <tom@tahini.csx.cam.ac.uk>
AuthorDate: Sat Apr 30 13:20:17 2011 +0100
Commit:     Tom Kistner <tom@tahini.csx.cam.ac.uk>
CommitDate: Sat Apr 30 13:20:17 2011 +0100

    Bugzilla #1106: Don't pass DKIM compound log line as format string
---
 src/src/dkim.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/src/dkim.c b/src/src/dkim.c
index e25ff8c..2318cc3 100644
--- a/src/src/dkim.c
+++ b/src/src/dkim.c
@@ -108,7 +108,7 @@ void dkim_exim_verify_finish(void) {
     /* Log a line for each signature */
     uschar *logmsg = string_append(NULL, &size, &ptr, 5,
 
-      string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ",
+      string_sprintf( "d=%s s=%s c=%s/%s a=%s ",
                       sig->domain,
                       sig->selector,
                       (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed",
@@ -176,7 +176,7 @@ void dkim_exim_verify_finish(void) {
     }
 
     logmsg[ptr] = '\0';
-    log_write(0, LOG_MAIN, (char *)logmsg);
+    log_write(0, LOG_MAIN, "DKIM: %s", logmsg);
 
     /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */
     dkim_signers = string_append(dkim_signers,
Comment 3 M. Lenk 2011-05-10 12:40:49 UTC
Just for the records: This bug is CVE-2011-1764
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1764