Bugzilla – Bug 1106
% in dkim signature logged to paniclog
Last modified: 2023-01-01 10:00:44 UTC
Email from John Levine below - says it all I think. thanks --srs -------- Original Message -------- Subject: Re: dkim plugin in exim 4.72 doesnt seem to like your signature .. Date: 29 Apr 2011 10:50:50 -0400 From: John R. Levine <johnl@iecc.com> To: Suresh Ramasubramanian <suresh@hserus.net> It's a buglet in exim, which seems to be misinterpreting percent signs as printf codes or something. In DKIM signatures, percent signs aren't special. On Fri, 29 Apr 2011, Suresh Ramasubramanian wrote: > 2011-04-29 02:34:28 1QFk5k-0003Ry-NL string_format: unsupported type in > "%i" in "DKIM: d=iecc.com s=4330.4db9faa9.k1104 c=simple/simple > a=rsa-sha256 i=spamfighter%iecc.com@submit.iecc.com [verification > succeeded]" > 2011-04-29 03:06:34 1QFkao-0003VB-Lv string_format: unsupported type in > "%i" in "DKIM: d=iecc.com s=4330.4db9faa9.k1104 c=simple/simple > a=rsa-sha256 i=spamfighter%iecc.com@submit.iecc.com [verification > succeeded]" > 2011-04-29 03:37:32 1QFl4m-0003Xa-C0 string_format: unsupported type in > "%i" in "DKIM: d=iecc.com s=4330.4db9faa9.k1104 c=simple/simple > a=rsa-sha256 i=spamfighter%iecc.com@submit.iecc.com [verification > succeeded]" > > etc > > Regards, John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. http://jl.ly
Thanks Suresh, fix is pushed.
Git commit: http://git.exim.org/exim.git/commitdiff/337e3505b0e6cd4309db6bf6062b33fa56e06cf8 commit 337e3505b0e6cd4309db6bf6062b33fa56e06cf8 Author: Tom Kistner <tom@tahini.csx.cam.ac.uk> AuthorDate: Sat Apr 30 13:20:17 2011 +0100 Commit: Tom Kistner <tom@tahini.csx.cam.ac.uk> CommitDate: Sat Apr 30 13:20:17 2011 +0100 Bugzilla #1106: Don't pass DKIM compound log line as format string --- src/src/dkim.c | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/src/dkim.c b/src/src/dkim.c index e25ff8c..2318cc3 100644 --- a/src/src/dkim.c +++ b/src/src/dkim.c @@ -108,7 +108,7 @@ void dkim_exim_verify_finish(void) { /* Log a line for each signature */ uschar *logmsg = string_append(NULL, &size, &ptr, 5, - string_sprintf( "DKIM: d=%s s=%s c=%s/%s a=%s ", + string_sprintf( "d=%s s=%s c=%s/%s a=%s ", sig->domain, sig->selector, (sig->canon_headers == PDKIM_CANON_SIMPLE)?"simple":"relaxed", @@ -176,7 +176,7 @@ void dkim_exim_verify_finish(void) { } logmsg[ptr] = '\0'; - log_write(0, LOG_MAIN, (char *)logmsg); + log_write(0, LOG_MAIN, "DKIM: %s", logmsg); /* Build a colon-separated list of signing domains (and identities, if present) in dkim_signers */ dkim_signers = string_append(dkim_signers,
Just for the records: This bug is CVE-2011-1764 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2011-1764