Fix revoked DKIM key being treated as ill-formed

lieser · Sep 25, 2022 · bf53899 · bf53899
1 parent 21bddf3
commit bf53899
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ All notable changes to this project will be documented in this file.
 
 - Fixed extension not working for attached or external messages (#216).
   Requires Thunderbird 106 or later.
+- Fixed revoked DKIM key being treated as ill-formed.
 
 ### Other
 

diff --git a/modules/rfcParser.mjs.js b/modules/rfcParser.mjs.js
@@ -120,7 +120,7 @@ export default class RfcParser {
 			const tmp = elem.match(new RegExp(
 				`^${this.FWS}?(${tagName})${this.FWS}?=${this.FWS}?(${tagValue})${this.FWS}?$`
 			));
-			if (tmp === null || !tmp[1] || !tmp[2]) {
+			if (tmp === null || !tmp[1] || tmp[2] === undefined) {
 				return RfcParser.TAG_PARSE_ERROR.ILL_FORMED;
 			}
 			const name = tmp[1];

diff --git a/test/unittest/verifierSpec.mjs.js b/test/unittest/verifierSpec.mjs.js
@@ -12,20 +12,21 @@
 
 import "../helpers/initWebExtensions.mjs.js";
 import Verifier, * as VerifierModule from "../../modules/dkim/verifier.mjs.js";
+import { createTxtQueryCallback, queryDnsTxt } from "../helpers/dnsStub.mjs.js";
 import prefs, { BasePreferences } from "../../modules/preferences.mjs.js";
 import KeyStore from "../../modules/dkim/keyStore.mjs.js";
 import MsgParser from "../../modules/msgParser.mjs.js";
 import expect from "../helpers/chaiUtils.mjs.js";
-import { queryDnsTxt } from "../helpers/dnsStub.mjs.js";
 import { readTestFile } from "../helpers/testUtils.mjs.js";
 
 /**
  * Verify DKIM for the given eml file.
  *
  * @param {string} file - path to file relative to test data directory
+ * @param {Map<string, string>} [dnsEntries]
  * @returns {Promise<VerifierModule.dkimResultV2>}
  */
-async function verifyEmlFile(file) {
+async function verifyEmlFile(file, dnsEntries) {
 	const msgPlain = await readTestFile(file);
 	const msgParsed = MsgParser.parseMsg(msgPlain);
 	const from = msgParsed.headers.get("from");
@@ -37,7 +38,8 @@ async function verifyEmlFile(file) {
 		bodyPlain: msgParsed.body,
 		from: MsgParser.parseFromHeader(from[0]),
 	};
-	const verifier = new Verifier(new KeyStore(queryDnsTxt));
+	const queryFunktion = dnsEntries ? createTxtQueryCallback(dnsEntries) : queryDnsTxt;
+	const verifier = new Verifier(new KeyStore(queryFunktion));
 	return verifier.verify(msg);
 }
 
@@ -84,7 +86,15 @@ describe("DKIM Verifier [unittest]", function () {
 			expect(res.signatures[0]?.sdid).to.be.undefined;
 		});
 	});
-	describe("Mismatches between signature and key", function () {
+	describe("General errors", function () {
+		it("Revoked key", async function () {
+			const res = await verifyEmlFile("rfc6376-A.2.eml", new Map([
+				["brisbane._domainkey.example.com", "v=DKIM1; p="]
+			]));
+			expect(res.signatures.length).to.be.equal(1);
+			expect(res.signatures[0]?.result).to.be.equal("PERMFAIL");
+			expect(res.signatures[0]?.errorType).to.be.equal("DKIM_SIGERROR_KEY_REVOKED");
+		});
 		it("Wrong key signature algorithm", async function () {
 			const res = await verifyEmlFile("rfc8463-A.3-key_algo_mismatch.eml");
 			expect(res.signatures.length).to.be.equal(2);