diff options
author | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2022-09-13 10:02:19 -0400 |
---|---|---|
committer | Konstantin Ryabitsev <konstantin@linuxfoundation.org> | 2022-09-13 10:02:19 -0400 |
commit | 7dadea51e9414806f159ceac62b7dfb05ad5ab09 (patch) | |
tree | 65bae2375310f2f706ab3d454e2903143bb8825b | |
parent | bea1ad0834d7027997621e70e7ef2532f0f1359c (diff) | |
download | b4-7dadea51e9414806f159ceac62b7dfb05ad5ab09.tar.gz |
Don't crash on DKIM resolver failures
There are many different exceptions thrown by the DKIM dns resolver, so
we can't possibly expect and catch them all cleanly. Do a blanket
try/catch for anything that bubbles up and mark DKIM as failed when that
happens.
Reported-by: Mark Brown <broonie@kernel.org>
Link: https://msgid.link/Yx8kXFRXB0chuYkL@sirena.org.uk
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>
-rw-r--r-- | b4/__init__.py | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/b4/__init__.py b/b4/__init__.py index c0e6a33..d5504c2 100644 --- a/b4/__init__.py +++ b/b4/__init__.py @@ -1192,10 +1192,17 @@ class LoreMessage: signtime = self.date self.msg._headers.append((hn, hval)) # noqa - res = dkim.verify(self.msg.as_bytes(), logger=dkimlogger) + try: + res = dkim.verify(self.msg.as_bytes(), logger=dkimlogger) + logger.debug('DKIM verify results: %s=%s', identity, res) + except Exception as ex: # noqa + # Usually, this is due to some DNS resolver failure, which we can't + # possibly cleanly try/catch. Just mark it as failed and move on. + logger.debug('DKIM attestation failed: %s', ex) + errors.append(str(ex)) + res = False attestor = LoreAttestorDKIM(res, identity, signtime, errors) - logger.debug('DKIM verify results: %s=%s', identity, res) if attestor.check_identity(self.fromemail): # use this one, regardless of any other DKIM signatures self._attestors.append(attestor) |