BUFRSZ too small truncating arc sig

trusteddomainproject / OpenARC

Open source ARC implementation

BSD 2-Clause "Simplified" License

132 stars 46 forks source link

BUFRSZ too small truncating arc sig #161

Open nabbi opened 1 year ago

nabbi commented 1 year ago

Senders using MS Exchange / Outlook / M365 cloud hosted mail chains many headers together

The ARC-Message-Signature body as truncating at 1024 resulting in incomplete ARC headers

 ...
 X-MS-Exchange-CrossTenant-originalarrivaltime:
 X-MS-Exchange-CrossTenant-fromentityheader:
 X-MS-Exchange-CrossTenant-id:
 X-MS-Exchange-CrossTenant-

Unclear which BUFRSZ capped so doubled them all.

futatuki commented 2 weeks ago

Even if the issue is resolved by applying this PR, I don't think the cause of the issue is the value of BUFRSZ, but the wrong size estimation of (a) specific buffer(s). There are other macros for specifying buffer size, ARC_MAXHEADER (in libopenarc/arc.h) and MAXBUFRSZ (in libopenarc/openarc-internal.h and openarc/openarc.h).

I guess at least this one should be ARC_MAXHEADER + 1.