Don't crash on DKIM resolver failures

There are many different exceptions thrown by the DKIM dns resolver, so
we can't possibly expect and catch them all cleanly. Do a blanket
try/catch for anything that bubbles up and mark DKIM as failed when that
happens.

Reported-by: Mark Brown <broonie@kernel.org>
Link: https://msgid.link/Yx8kXFRXB0chuYkL@sirena.org.uk
Signed-off-by: Konstantin Ryabitsev <konstantin@linuxfoundation.org>

1 files changed, 9 insertions, 2 deletions

diff --git a/b4/__init__.py b/b4/__init__.py
index c0e6a33..d5504c2 100644
--- a/b4/__init__.py
+++ b/b4/__init__.py
@@ -1192,10 +1192,17 @@ class LoreMessage:
                     signtime = self.date
 
             self.msg._headers.append((hn, hval))  # noqa
-            res = dkim.verify(self.msg.as_bytes(), logger=dkimlogger)
+            try:
+                res = dkim.verify(self.msg.as_bytes(), logger=dkimlogger)
+                logger.debug('DKIM verify results: %s=%s', identity, res)
+            except Exception as ex:  # noqa
+                # Usually, this is due to some DNS resolver failure, which we can't
+                # possibly cleanly try/catch. Just mark it as failed and move on.
+                logger.debug('DKIM attestation failed: %s', ex)
+                errors.append(str(ex))
+                res = False
 
             attestor = LoreAttestorDKIM(res, identity, signtime, errors)
-            logger.debug('DKIM verify results: %s=%s', identity, res)
             if attestor.check_identity(self.fromemail):
                 # use this one, regardless of any other DKIM signatures
                 self._attestors.append(attestor)