From 0a67cedde8b9babb6923c32e13ded3ca787086cd Mon Sep 17 00:00:00 2001
From: Shulhan <ms@kilabit.info>
Date: Fri, 8 Feb 2019 08:52:35 +0700
Subject: email/dkim: handle invalid characters when parsing tag value with
 base64

---
 lib/email/dkim/tag.go | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

(limited to 'lib')

diff --git a/lib/email/dkim/tag.go b/lib/email/dkim/tag.go
index 3120aa06..858f8d77 100644
--- a/lib/email/dkim/tag.go
+++ b/lib/email/dkim/tag.go
@@ -131,16 +131,33 @@ func (t *tag) setValue(val []byte) (err error) {
 	if len(val) == 0 {
 		return nil
 	}
+	var (
+		isBase64 bool
+		b64      = make([]byte, 0, len(val))
+	)
+	if t.key == tagSignature || t.key == tagBodyHash || t.key == tagDNSPublicKey {
+		isBase64 = true
+	}
 	for x := 0; x < len(val); x++ {
-		if libbytes.IsSpace(val[x]) {
+		switch {
+		case libbytes.IsSpace(val[x]):
 			continue
-		}
-		if val[x] < 0x21 || val[x] == 0x3B || val[x] > 0x7E {
-			return fmt.Errorf("dkim: invalid value: '%s'", val)
+		case val[x] < 0x21 || val[x] == 0x3B || val[x] > 0x7E:
+			if !isBase64 {
+				return fmt.Errorf("dkim: invalid value: '%s'", val)
+			}
+		default:
+			if isBase64 {
+				b64 = append(b64, val[x])
+			}
 		}
 	}
 
-	t.value = val
+	if isBase64 {
+		t.value = b64
+	} else {
+		t.value = val
+	}
 
 	return nil
 }
-- 
cgit v1.3-6-g1900