search

fastmail / mail-dkim

Mail::DKIM Perl module, forked from svn://svn.code.sf.net/p/dkimproxy/code/Mail-DKIM/trunk
8 stars 6 forks source link

Verifier accepts tag duplicates #13

Open dlucredativ opened 3 years ago

dlucredativ commented 3 years ago

https://tools.ietf.org/html/rfc6376#section-3.2 states:

Tags with duplicate names MUST NOT occur within a single tag-list; if a tag name does occur more than once, the entire tag-list is invalid.

Suggestion:

diff --git a/lib/Mail/DKIM/KeyValueList.pm b/lib/Mail/DKIM/KeyValueList.pm
index 0d98574..1c33fe9 100644
--- a/lib/Mail/DKIM/KeyValueList.pm
+++ b/lib/Mail/DKIM/KeyValueList.pm
@@ -50 +50,6 @@ sub parse {
-        $self->{tags_by_name}->{$tagname} = $tag;
+        if (defined $self->{tags_by_name}->{$tagname}) {
+            # https://tools.ietf.org/html/rfc6376#section-3.2
+            croak 'reused tag name';
+        } else {
+            $self->{tags_by_name}->{$tagname} = $tag;
+        }
dlucredativ commented 2 years ago

Any ETA when this might be resolved? Will it help if I created a pull request?

marcbradshaw commented 2 years ago

yes, please create a pull request. Thanks.