Fix invalid ARC-Seal when email contains existing sets

abeverley · flowerysong · commit 84c0fe0b25fd · 2024-02-04T01:25:07.000Z
This fixes a bug whereby existing sets were not being included in a signature and thus the signature was invalid. This was only happening when Mode was undefined (default value) or only signing. This meant that the code to verify existing sets was never executed. This commit removes the check for running the previous-set verification function, to ensure that it is run regardless (if there are no previous sets then arc_canon_runheaders_seal() is basically a no-op anyway. trusteddomainproject/OpenARC#167
diff --git a/libopenarc/arc.c b/libopenarc/arc.c
@@ -2916,8 +2916,8 @@ arc_eoh(ARC_MESSAGE *msg)
 		return ARC_STAT_SYNTAX;
 	}
 
-	if ((msg->arc_mode & ARC_MODE_VERIFY) != 0 &&
-	    msg->arc_cstate != ARC_CHAIN_FAIL)
+	/* need to verify previous sets even if running in sign mode */
+	if (msg->arc_cstate != ARC_CHAIN_FAIL)
 	{
 		status = arc_canon_runheaders_seal(msg);
 		if (status != ARC_STAT_OK)

Original file line number	Diff line number	Diff line change
`@@ -2916,8 +2916,8 @@ arc_eoh(ARC_MESSAGE *msg)`
`2916`	`2916`	`return ARC_STAT_SYNTAX;`
`2917`	`2917`	`}`
`2918`	`2918`
`2919`		`- if ((msg->arc_mode & ARC_MODE_VERIFY) != 0 &&`
`2920`		`- msg->arc_cstate != ARC_CHAIN_FAIL)`
	`2919`	`+ /* need to verify previous sets even if running in sign mode */`
	`2920`	`+ if (msg->arc_cstate != ARC_CHAIN_FAIL)`
`2921`	`2921`	`{`
`2922`	`2922`	`status = arc_canon_runheaders_seal(msg);`
`2923`	`2923`	`if (status != ARC_STAT_OK)`