From 2093e7a80c0b6298a6790076b045c101ac2e92b0 Mon Sep 17 00:00:00 2001 From: Andy Beverley Date: Sat, 3 Feb 2024 10:03:29 +0000 Subject: [PATCH] Fix invalid ARC-Seal when email contains existing sets This fixes a bug whereby existing sets were not being included in a signature and thus the signature was invalid. This was only happening when Mode was undefined (default value) or only signing. This meant that the code to verify existing sets was never executed. This commit removes the check for running the previous-set verification function, to ensure that it is run regardless (if there are no previous sets then arc_canon_runheaders_seal() is basically a no-op anyway. --- libopenarc/arc.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/libopenarc/arc.c b/libopenarc/arc.c index 1c6c9ded..da1124dd 100644 --- a/libopenarc/arc.c +++ b/libopenarc/arc.c @@ -2912,8 +2912,8 @@ arc_eoh(ARC_MESSAGE *msg) return ARC_STAT_SYNTAX; } - if ((msg->arc_mode & ARC_MODE_VERIFY) != 0 && - msg->arc_cstate != ARC_CHAIN_FAIL) + /* need to verify previous sets even if running in sign mode */ + if (msg->arc_cstate != ARC_CHAIN_FAIL) { status = arc_canon_runheaders_seal(msg); if (status != ARC_STAT_OK)