lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20240408-stalwart-tomato-sloth-bddbae@lemur>
Date: Mon, 8 Apr 2024 11:29:26 -0400
From: Konstantin Ryabitsev <konstantin@...uxfoundation.org>
To: Haifeng Xu <haifeng.xu@...pee.com>
Cc: Reinette Chatre <reinette.chatre@...el.com>, james.morse@....com, 
	fenghua.yu@...el.com, babu.moger@....com, bp@...en8.de, tglx@...utronix.de, 
	mingo@...hat.com, dave.hansen@...ux.intel.com, hpa@...or.com, 
	peternewman@...gle.com, x86@...nel.org, linux-kernel@...r.kernel.org, corbet@....net, 
	linux-doc@...r.kernel.org
Subject: Re: [PATCH v6 0/2] x86/resctrl: Track llc_occupancy of RMIDs in
 limbo list

On Mon, Apr 08, 2024 at 03:44:00PM +0800, Haifeng Xu wrote:
> I can also reproduced it. After digging into it, I found that our DKIM signature header
> has 't' and 'x' flags. They are recommended as a means to help identify spam.
> 
> t= is the DKIM signature timestamp.
> x= is the DKIM signature expiration time.
> 
> The source code of DKIM Validation can be seen in dkim/__init__.py(line 351), I paste it
> here.
> 
>  343     if b'x' in sig:
>  344         if re.match(br"\d+$", sig[b'x']) is None:
>  345             raise ValidationError(
>  346               "x= value is not a decimal integer (%s)" % sig[b'x'])
>  347         x_sign = int(sig[b'x'])
>  348         now = int(time.time())
>  349         slop = 36000 # 10H leeway for mailers with inaccurate clocks
>  350         if x_sign < now - slop:
>  351             raise ValidationError(
>  352                 "x= value is past (%s)" % sig[b'x'])
>  353             if x_sign < t_sign:
>  354                 raise ValidationError(
>  355                     "x= value is less than t= value (x=%s t=%s)" %
>  356                     (sig[b'x'], sig[b't']))
> 
> The expiry time is less than the time point you download the patch, so the validation
> fails. If I comment out these lines, this series can be successfully downloaded.

FWIW, I've requested ability to ignore the x= flag when validating signatures:
https://bugs.launchpad.net/dkimpy/+bug/2047054

-K

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ