From: Sebastian Fieber <sebastian.fieber@web.de>
To: 40397@debbugs.gnu.org
Subject: bug#40397: 28.0.50; epg decrypt does not verify signed content in smime
Date: Sat, 04 Apr 2020 01:22:06 +0200 [thread overview]
Message-ID: <87r1x4dujl.fsf@web.de> (raw)
In-Reply-To: <87imih5am2.fsf@web.de> (Sebastian Fieber's message of "Fri, 03 Apr 2020 08:47:33 +0200")
[-- Attachment #1: Type: text/plain, Size: 1716 bytes --]
Hey,
Just forget my last mail. I just dug a bit deeper and found the culprit
I think.
With commit 84ef1ea8b524f8998fc8674b99cf8069e38dce4f these lines were
added:
--8<---------------cut here---------------start------------->8---
modified lisp/gnus/mm-decode.el
@@ -1672,6 +1672,8 @@ If RECURSIVE, search recursively."
(t (y-or-n-p
(format "Decrypt (S/MIME) part? "))))
(mm-view-pkcs7 parts from))
+ (goto-char (point-min))
+ (insert "Content-type: text/plain\n\n")
(setq parts (mm-dissect-buffer t)))))
((equal subtype "signed")
(unless (and (setq protocol
@@ -1739,6 +1741,7 @@ If RECURSIVE, search recursively."
--8<---------------cut here---------------end--------------->8---
I don't quite know why the content-type is forced here to text/plain. So
if this line is removed the mm-dissect-buffer call does it's thing and
returns correctly whats inside the envelope (the real content-type
header in the decrypted envelope is parsed). Well almost...
I wrote in my last mail that I had to adjust mm-copy-to-buffer:
> and also mm-copy-to-buffer to check for carriage returns like this:
>
> (search-forward-regexp "^\r\n" nil 'move)
>
> (can't send the carriage return properly so \r it is here instead of ^M)
This is still needed as the decrypted content may still have carriage
returns in it. One could also remove the carriage returns in
mm-view-pkcs7-decrypt function of course. I'm not quite sure which is
the better approach.
In such a case the "Decrypt (S/MIME) part?" is asked too times. But hey
that isn't too bad I think.
I have attached a patch with the explained fix.
Best regards
Sebastian
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-fix-bug-40397.patch --]
[-- Type: text/x-patch, Size: 1447 bytes --]
From ee7ff9a8a083860d39d011c7e4df30cb63490fb9 Mon Sep 17 00:00:00 2001
From: fallchildren <sebastian.fieber@web.de>
Date: Sat, 4 Apr 2020 01:16:12 +0200
Subject: [PATCH] fix bug #40397
This fixes S/MIME encrypted AND signed mails where in the encrypted
pkcs7 envelope is a signed pkcs7 structure.
- don't insert Content-type header in front of decrypted content for
smime decryption using mm-view-pkcs7
- also check for carriage return in mm-copy-to-buffer
---
lisp/gnus/mm-decode.el | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/lisp/gnus/mm-decode.el b/lisp/gnus/mm-decode.el
index 96695aabfd..d321fbeaaa 100644
--- a/lisp/gnus/mm-decode.el
+++ b/lisp/gnus/mm-decode.el
@@ -759,7 +759,7 @@ MIME-Version header before proceeding."
(mb enable-multibyte-characters)
beg)
(goto-char (point-min))
- (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
+ (search-forward-regexp "^\r?\n" nil 'move) ;; There might be no body.
(setq beg (point))
(with-current-buffer
(generate-new-buffer " *mm*")
@@ -1681,7 +1681,6 @@ If RECURSIVE, search recursively."
(format "Decrypt (S/MIME) part? "))))
(mm-view-pkcs7 parts from))
(goto-char (point-min))
- (insert "Content-type: text/plain\n\n")
(setq parts (mm-dissect-buffer t)))))
((equal subtype "signed")
(unless (and (setq protocol
--
2.25.2
next prev parent reply other threads:[~2020-04-03 23:22 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 23:37 bug#40397: 28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message Sebastian Fieber
2020-04-03 6:47 ` bug#40397: 28.0.50; epg decrypt does not verify signed content in smime Sebastian Fieber
2020-04-03 23:22 ` Sebastian Fieber [this message]
2020-04-05 0:37 ` Sebastian Fieber
2020-04-06 0:04 ` Sebastian Fieber
2020-04-06 1:17 ` Noam Postavsky
2020-04-06 7:01 ` Sebastian Fieber
2020-04-06 16:32 ` Noam Postavsky
2020-04-07 19:22 ` Sebastian Fieber
2020-04-19 12:16 ` Noam Postavsky
2020-08-02 6:02 ` Lars Ingebrigtsen
2020-08-02 20:11 ` Sebastian Fieber
2020-08-03 2:26 ` Eli Zaretskii
2020-08-03 6:06 ` Lars Ingebrigtsen
2021-07-21 15:41 ` bug#40397: 28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message Lars Ingebrigtsen
2021-07-21 18:07 ` Sebastian Fieber
2021-07-21 22:02 ` Lars Ingebrigtsen
2021-12-21 19:39 ` Sebastian Fieber
2021-12-22 12:44 ` Lars Ingebrigtsen
2021-12-23 18:14 ` Sebastian Fieber
2021-12-23 18:17 ` Sebastian Fieber
2021-12-23 18:25 ` Sebastian Fieber
2021-12-23 21:06 ` Sebastian Fieber
2021-12-24 9:44 ` Lars Ingebrigtsen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r1x4dujl.fsf@web.de \
--to=sebastian.fieber@web.de \
--cc=40397@debbugs.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).