DKIM verification fails if a signature contains extra b= substring
patisson opened this issue · 2 comments
I was trying to verify a signature generated by PHPMailer 5.2.22. It includes an optional z tag with some headers for diagnostics:
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; l=396; s=abc;
t=1486398013; c=relaxed/simple;
h=From:To:Date:Subject;
d=localhost;
z=From:=20test=20<info@localhost>
|To:=20user@example.com
|Date:=20Mon,=206=20Feb=202017=2016:20:13=20+0000
|Subject:=20PHP=20Mail=20works;
bh=vo/Ux5QZQrztPdIrNC7oTdyrAIIkl072sdhCwf/rdNs=;
b=Y0EJSkW14nUSwEPWeLlUMa8xubC8zdl5OXEqWGUdEjac6zhTYQ2zoqRORIwCDF2dbPzhTEK45NTqEIhQrl/Ds+sHWnQ5FS2wIz/NG5NGusuvz5xjUJH+1qCozKEcmypVaqvirMjmis+nqdXwoGL0YnUuVTe23NERj6WEOJf1SyM=
The signature failed to verify because the Date header contained Feb= and was crippled by a regex from validate() method that matches on a pattern starting with b= before being fed to the actual verification:
https://github.com/angrychimp/php-dkim/blob/master/DKIM/Verify.php#L131
@patisson - Give this a shot. I don't have a working test environment for code changes at the moment, but I've run this through my regex validation suite and it should match nearly all test cases. One of these days I'll get around to a very specific fail message should this revised condition ever be hit by a malformed tag value.
It works for me, many thanks!