Segfault while using "Minimum 100%" in opendkim.conf

andreasschulze commented 2 months ago

The config option "Minimum" can be set to "100%". Rationale: I do not want partial signed messages. This setting worked well until someone sent a message with no body at all. Then, OpenDKIM fail.

The reason is probably this code

pct = (100 * canonlen) / bodylen;
if (pct < "100")
    status = DKIMF_STATUS_PARTIAL;

no body mean bodylen == 0 -> division by zero -> boom (but it's not verified by a debugger or stack trace)

Fortunately, the code allow other ways to express the same "I do not want partial signed messages":

"Minimum" can be set to "0+" which allow no more the 0 unsigned bytes.
"Minimum" can be set to an huge number larger then any maximum message size which require "all" must be signed

futatuki commented 2 months ago

In develop branch, the variable name pct has been changed to signpct but it contains same logic. Also I could confirm that it causes "SIGFPE, Arithmetic exception. Integer divide by zero.".

I think in the case bodylen == 0 the status should not be DKIM_STATUS_PARTIAL.

futatuki commented 2 months ago

With the patch on PR #223, I could confirm the case I tried above does not cause exception.

trusteddomainproject / OpenDKIM

Segfault while using "Minimum 100%" in opendkim.conf #222