dkim selectors shouldn't be interpreted as idna

given they are not part of the domain name (to which idna applies).
only the part after _domainkey may be idna.
found after going through code after report about mx targets with underscores
from richard g.
This commit is contained in:
Mechiel Lukkien 2023-10-25 12:49:39 +02:00
parent 34f7e04474
commit 682f8a0904
No known key found for this signature in database
2 changed files with 5 additions and 5 deletions

View file

@ -206,12 +206,12 @@ func (p *parser) xdomainselector(isselector bool) dns.Domain {
for p.hasPrefix(".") { for p.hasPrefix(".") {
s += p.xtake(".") + p.xtakefn1(false, subdomain) s += p.xtake(".") + p.xtakefn1(false, subdomain)
} }
d, err := dns.ParseDomain(s) if isselector {
if err != nil { // Not to be interpreted as IDNA.
// ParseDomain does not allow underscore, work around it.
if strings.Contains(s, "_") && isselector && !moxvar.Pedantic {
return dns.Domain{ASCII: strings.ToLower(s)} return dns.Domain{ASCII: strings.ToLower(s)}
} }
d, err := dns.ParseDomain(s)
if err != nil {
p.xerrorf("parsing domain %q: %s", s, err) p.xerrorf("parsing domain %q: %s", s, err)
} }
return d return d

View file

@ -91,7 +91,7 @@ func TestSig(t *testing.T) {
BodyHash: xbase64("LjkN2rUhrS3zKXfH2vNgUzz5ERRJkgP9CURXBX0JP0Q="), BodyHash: xbase64("LjkN2rUhrS3zKXfH2vNgUzz5ERRJkgP9CURXBX0JP0Q="),
Domain: xdomain("xn--mx-lka.example"), // møx.example Domain: xdomain("xn--mx-lka.example"), // møx.example
SignedHeaders: []string{"from"}, SignedHeaders: []string{"from"},
Selector: xdomain("xn--tst-bma"), // tést Selector: dns.Domain{ASCII: "xn--tst-bma"},
Identity: &Identity{&ulp, xdomain("xn--tst-bma.xn--mx-lka.example")}, // tést.møx.example Identity: &Identity{&ulp, xdomain("xn--tst-bma.xn--mx-lka.example")}, // tést.møx.example
Canonicalization: "simple/simple", Canonicalization: "simple/simple",
Length: -1, Length: -1,