Skip to content

Commit

Permalink
Fix invalid ARC-Seal when email contains existing sets
Browse files Browse the repository at this point in the history 
This fixes a bug whereby existing sets were not being included in a
signature and thus the signature was invalid.

This was only happening when Mode was undefined (default value) or only
signing. This meant that the code to verify existing sets was never
executed.

This commit removes the check for running the previous-set verification
function, to ensure that it is run regardless (if there are no previous
sets then arc_canon_runheaders_seal() is basically a no-op anyway.

trusteddomainproject/OpenARC#167
  • Loading branch information
@abeverley @flowerysong
abeverley authored and flowerysong committed Feb 4, 2024
1 parent 32f0c95 commit 84c0fe0
Showing 1 changed file with 2 additions and 2 deletions.
4 changes: 2 additions & 2 deletions libopenarc/arc.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2916,8 +2916,8 @@ arc_eoh(ARC_MESSAGE *msg)
return ARC_STAT_SYNTAX;
}

if ((msg->arc_mode & ARC_MODE_VERIFY) != 0 &&
msg->arc_cstate != ARC_CHAIN_FAIL)
/* need to verify previous sets even if running in sign mode */
if (msg->arc_cstate != ARC_CHAIN_FAIL)
{
status = arc_canon_runheaders_seal(msg);
if (status != ARC_STAT_OK)
Expand Down

0 comments on commit 84c0fe0

Please sign in to comment.