From 366bcd1fd8a10b6125e591f0c35cc85b10c9c950 Mon Sep 17 00:00:00 2001
From: Paul Barker <paul@pbarker.dev>
Date: Mon, 7 Jun 2021 11:02:51 +0100
Subject: Handle MIME encoded-word in DKIM-Signature headers

As recently found in patatt [1], mail gateways and archivers may mangle
headers like DKIM-Signature if they are sent as an excessively long
line. An example of this occuring was found when the DKIM-Signature
header generated by Microsoft Office 365 collided with the
header re-encoding performed by lists.sr.ht when generating mbox
archive files. This encoding causes dkim.verify() to fail.

The Python email.header module provides the decode_header() and
make_header() functions which can be used to handle MIME encoded-word
syntax or other header manglings which may occur. Fixing up the header
content using these functions before calling dkim.verify() allows the
verification to succeed.

[1]: https://lore.kernel.org/tools/20210531140539.7630-1-paul@pbarker.dev/

Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
Link: https://lore.kernel.org/r/20210607100252.8253-2-paul@pbarker.dev
---
 b4/__init__.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/b4/__init__.py b/b4/__init__.py
index a163364..168b722 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1006,6 +1006,10 @@ class LoreMessage:
 
         seenatts = list()
         for hn, hval in dkhdrs:
+            # Handle MIME encoded-word syntax or other types of header encoding if
+            # present.
+            if '?q?' in hval:
+                hval = str(email.header.make_header(email.header.decode_header(hval)))
             errors = list()
             hdata = LoreMessage.get_parts_from_header(hval)
             logger.debug('Loading DKIM attestation for d=%s, s=%s', hdata['d'], hdata['s'])
-- 
cgit v1.2.3