From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.ciao.gmane.io!not-for-mail
From: Noam Postavsky <npostavs@gmail.com>
Newsgroups: gmane.emacs.bugs
Subject: bug#40397: 28.0.50;
 epg decrypt does not verify signed content in smime
Date: Sun, 19 Apr 2020 08:16:10 -0400
Message-ID: <86blnn8yd1.fsf@gmail.com>
References: <87imih5am2.fsf@web.de> <87r1x4dujl.fsf@web.de>
 <87lfna22eh.fsf@web.de> <874ktxtr6d.fsf@web.de> <87d08lh0qa.fsf@gmail.com>
 <87wo6tayhy.fsf@web.de> <85r1x0mv6q.fsf@gmail.com> <87h7xv9k3x.fsf@web.de>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="ciao.gmane.io:159.69.161.202";
	logging-data="78253"; mail-complaints-to="usenet@ciao.gmane.io"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.3 (windows-nt)
Cc: 40397@debbugs.gnu.org
To: Sebastian Fieber <sebastian.fieber@web.de>
Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Sun Apr 19 14:17:20 2020
Return-path: <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1jQ8sy-000KHf-CC
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 19 Apr 2020 14:17:20 +0200
Original-Received: from localhost ([::1]:41304 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>)
	id 1jQ8sx-0003aG-EQ
	for geb-bug-gnu-emacs@m.gmane-mx.org; Sun, 19 Apr 2020 08:17:19 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:57820)
 by lists.gnu.org with esmtp (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jQ8sh-0003ID-0E
 for bug-gnu-emacs@gnu.org; Sun, 19 Apr 2020 08:17:03 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.90_1)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>) id 1jQ8sg-0005sq-78
 for bug-gnu-emacs@gnu.org; Sun, 19 Apr 2020 08:17:02 -0400
Original-Received: from debbugs.gnu.org ([209.51.188.43]:60892)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.90_1) (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jQ8sf-0005rV-QN
 for bug-gnu-emacs@gnu.org; Sun, 19 Apr 2020 08:17:01 -0400
Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2)
 (envelope-from <Debian-debbugs@debbugs.gnu.org>)
 id 1jQ8sf-0004XW-JU; Sun, 19 Apr 2020 08:17:01 -0400
X-Loop: help-debbugs@gnu.org
Resent-From: Noam Postavsky <npostavs@gmail.com>
Original-Sender: "Debbugs-submit" <debbugs-submit-bounces@debbugs.gnu.org>
Resent-CC: bug-gnu-emacs@gnu.org, bugs@gnus.org
Resent-Date: Sun, 19 Apr 2020 12:17:01 +0000
Resent-Message-ID: <handler.40397.B40397.158729858317402@debbugs.gnu.org>
Resent-Sender: help-debbugs@gnu.org
X-GNU-PR-Message: followup 40397
X-GNU-PR-Package: emacs,gnus
Original-Received: via spool by 40397-submit@debbugs.gnu.org id=B40397.158729858317402
 (code B ref 40397); Sun, 19 Apr 2020 12:17:01 +0000
Original-Received: (at 40397) by debbugs.gnu.org; 19 Apr 2020 12:16:23 +0000
Original-Received: from localhost ([127.0.0.1]:44204 helo=debbugs.gnu.org)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <debbugs-submit-bounces@debbugs.gnu.org>)
 id 1jQ8s3-0004Wb-AO
 for submit@debbugs.gnu.org; Sun, 19 Apr 2020 08:16:23 -0400
Original-Received: from mail-qv1-f44.google.com ([209.85.219.44]:42669)
 by debbugs.gnu.org with esmtp (Exim 4.84_2)
 (envelope-from <npostavs@gmail.com>) id 1jQ8s1-0004WP-Df
 for 40397@debbugs.gnu.org; Sun, 19 Apr 2020 08:16:21 -0400
Original-Received: by mail-qv1-f44.google.com with SMTP id v18so3273132qvx.9
 for <40397@debbugs.gnu.org>; Sun, 19 Apr 2020 05:16:21 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; 
 h=from:to:cc:subject:in-reply-to:references:user-agent:date
 :message-id:mime-version;
 bh=XbglJOAEdQJH/ueEuB478HdJ97dM+KKKoPcRiUd9SJo=;
 b=axtbh2twAQAGsnmVjWor+4b4XXOKuqaOX+TzdQPt+MI9vI5xUrQFI+2mVI2Ywy5mcL
 g/YlHCLt3cOJxnGhOCRsbL1YOgzFb2JbpzGV9wJfstmVWjV+veRJrns3VZinMJuT1z59
 24kTvjmG6GgqM1xYG2PgXrU2h++Ja8SZsTigLu8WVVXobSRAE8Joi/v3ksOkBJKx5DuY
 FTiHkp4z+TkUEUo4PaxGYgwnUVNj9Eift/pV4Fhqmgx44V/ciSOV8vEHiyYBBweP+3+S
 L83pAjbg3q5PQnJgTqyfAZwGiaHh3g3Hq0cElTKUX2flXVjRzRf/2z5578YdejPsvGNK
 GTsA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:in-reply-to:references
 :user-agent:date:message-id:mime-version;
 bh=XbglJOAEdQJH/ueEuB478HdJ97dM+KKKoPcRiUd9SJo=;
 b=jGqRnYe1hPev1nE6QKwsrvyGl4u4U43/KGVOZn9vIB2ae5BNbkxsbJ96G37mMPXKuC
 bHzzOlGph64l2MpMyZokxPva4oPzrYSkNUZyC/O59jEZxsTpLLD8UG6WjvpLUtqTUFDV
 9/+ZQerbAlaceqix4mCEuR1ZpyYMbGumdZxyg7j5aoHuhJFRYMgHRWztvAGM6saTGNxV
 7ffz3RmpPk3fD8+mHt64HKmMkErQufe9/8X0kRIRm3/TW3mIeaOij/AGwC24+qI7bzh4
 4bZ97/vqTrvnMj47Y6HgYUu11VgJkz4yEPJMnMI56hiGO63eixRLAHj6J6ojS5X7BUDg
 BHxg==
X-Gm-Message-State: AGi0PuYP6T862eF8RZXwnpp4rTCplmCRZwiaXApZTaWm/E9OVPQl8pym
 AWek5ZM7PqFM56TMvsH06HgrdadM
X-Google-Smtp-Source: APiQypLZKpdJFVprSSqQsUTUTE6o2fT+S7Fx4UQd+4tFPny7Koef4VqK5x39JmCfeWWPbbzQdBH+WQ==
X-Received: by 2002:ad4:4f0e:: with SMTP id fb14mr7915337qvb.160.1587298575789; 
 Sun, 19 Apr 2020 05:16:15 -0700 (PDT)
Original-Received: from LAPTOP-5NDQIUP9 (cbl-45-2-119-47.yyz.frontiernetworks.ca.
 [45.2.119.47])
 by smtp.gmail.com with ESMTPSA id u190sm8572257qkb.102.2020.04.19.05.16.14
 (version=TLS1_2 cipher=ECDHE-ECDSA-CHACHA20-POLY1305 bits=256/256);
 Sun, 19 Apr 2020 05:16:15 -0700 (PDT)
In-Reply-To: <87h7xv9k3x.fsf@web.de> (Sebastian Fieber's message of "Tue, 07
 Apr 2020 21:22:26 +0200")
X-BeenThere: debbugs-submit@debbugs.gnu.org
X-Mailman-Version: 2.1.18
Precedence: list
X-Received-From: 209.51.188.43
X-BeenThere: bug-gnu-emacs@gnu.org
List-Id: "Bug reports for GNU Emacs,
 the Swiss army knife of text editors" <bug-gnu-emacs.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/bug-gnu-emacs>
List-Post: <mailto:bug-gnu-emacs@gnu.org>
List-Help: <mailto:bug-gnu-emacs-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/bug-gnu-emacs>,
 <mailto:bug-gnu-emacs-request@gnu.org?subject=subscribe>
Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org
Original-Sender: "bug-gnu-emacs"
 <bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org>
Xref: news.gmane.io gmane.emacs.bugs:178629
Archived-At: <http://permalink.gmane.org/gmane.emacs.bugs/178629>

As I mentioned previously, I'm not really familiar enough with the code
to give a proper review, but I have a couple of minor comments.

Sebastian Fieber <sebastian.fieber@web.de> writes:

> +               (setq intermediate-result (cons (car ctl) (list intermediate-result))))

Or just

    (setq intermediate-result (list (car ctl) intermediate-result))

> @@ -1672,17 +1701,27 @@ mm-possibly-verify-or-decrypt
> -      (with-temp-buffer
> -	(when (and (cond
> -		    ((eq mm-decrypt-option 'never) nil)
> -		    ((eq mm-decrypt-option 'always) t)
> -		    ((eq mm-decrypt-option 'known) t)
> -		    (t (y-or-n-p
> -			(format "Decrypt (S/MIME) part? "))))
> -		   (mm-view-pkcs7 parts from))
> -	  (goto-char (point-min))
> -	  (insert "Content-type: text/plain\n\n")
> -	  (setq parts (mm-dissect-buffer t)))))
> +      (add-text-properties 0 (length (car ctl))
> +			   (list 'buffer (car parts))
> +			   (car ctl))
> +      (let* ((smime-type (cdr (assoc 'smime-type ctl)))
> +             (envelope-p (string= smime-type "enveloped-data"))
> +             (decrypt-or-sign-option (if envelope-p
> +                                         mm-decrypt-option
> +                                       mm-verify-option))
> +             (question (if envelope-p
> +                           "Decrypt (S/MIME) part? "
> +                         "Verify signed (S/MIME) part? ")))
> +        (with-temp-buffer
> +	  (when (and (cond
> +		      ((eq decrypt-or-sign-option 'never) nil)
> +		      ((eq decrypt-or-sign-option 'always) t)
> +		      ((eq decrypt-or-sign-option 'known) t)
> +		      (t (y-or-n-p
> +			  (format question)))))
> +	    (mm-view-pkcs7 parts from)
> +	    (goto-char (point-min))
> +	    (setq parts (mm-dissect-buffer t))))))

You moved the 'mm-view-pkcs7' call out of the condition.  If that was on
purpose, then you should remove the 'and', since it's now redundant.