From 39aad478fc61fec1945d3fdb6d01a3f2e937b57e Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Fri, 5 Jan 2024 10:36:41 +0100
Subject: [PATCH] dkim: remove "v" requirement for TXT records, require single
 record

Closes: https://github.com/emersion/go-msgauth/issues/62
---
 dkim/query.go | 18 ++++++++++--------
 1 file changed, 10 insertions(+), 8 deletions(-)

diff --git a/dkim/query.go b/dkim/query.go
index 9555e7e..33f8556 100644
--- a/dkim/query.go
+++ b/dkim/query.go
@@ -84,15 +84,17 @@ func queryDNSTXT(domain, selector string, txtLookup txtLookupFunc) (*queryResult
 	// net.LookupTXT will concatenate strings contained in a single TXT record.
 	// In other words, net.LookupTXT returns one entry per TXT record, even if
 	// a record contains multiple strings.
-	for _, txt := range txts {
-		// RFC 7489 section 6.6.3 says records not starting with "v=" should be
-		// ignored
-		if strings.HasPrefix(txt, "v=") {
-			return parsePublicKey(txt)
-		}
+	//
+	// RFC 6376 section 3.6.2.2 says multiple TXT records lead to undefined
+	// behavior, so reject that.
+	switch len(txts) {
+	case 0:
+		return nil, permFailError("no valid key found")
+	case 1:
+		return parsePublicKey(txts[0])
+	default:
+		return nil, permFailError("multiple TXT records found for key")
 	}
-
-	return nil, permFailError("no valid key found")
 }
 
 func parsePublicKey(s string) (*queryResult, error) {