dkim: Make timestamp parsing more robust against overflow

The timestamp string in the t= and x= headers is an "unsigned decimal integer", but time.Unix takes an int64. Today we parse it as uint64 and then cast it, but this can cause issues with overflow and type conversion. This patch fixes that by parsing the timestamps as signed integers, and then checking they're positive.
2025-12-19 14:57:04 +00:00 · 2024-05-10 16:47:22 +01:00
parent aae0367c60
commit a1b6821ce1
2 changed files with 20 additions and 2 deletions
--- a/internal/dkim/header_test.go
+++ b/internal/dkim/header_test.go
@@ -146,6 +146,18 @@ func TestSignatureFromHeader(t *testing.T) {
 			want: nil,
 			err:  strconv.ErrSyntax,
 		},
+		{
+			// Invalid t= tag.
+			in:   "v=1; a=rsa-sha256; t=-12345",
+			want: nil,
+			err:  errNegativeTimestamp,
+		},
+		{
+			// Invalid x= tag.
+			in:   "v=1; a=rsa-sha256; x=-1234",
+			want: nil,
+			err:  errNegativeTimestamp,
+		},
 		{
 			// Unknown hash algorithm.
 			in:   "v=1; a=rsa-sxa666",