From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 17A6D6DE025C for ; Sun, 8 Sep 2019 20:27:37 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -1.331 X-Spam-Level: X-Spam-Status: No, score=-1.331 tagged_above=-999 required=5 tests=[AWL=1.170, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qRYq1Db2kMvp for ; Sun, 8 Sep 2019 20:27:36 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id BB7746DE0946 for ; Sun, 8 Sep 2019 20:27:34 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1567999653; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=hM8GEbpDNDmx54EUqPbV8v8wg5+vA/A99BxtM4t2IkQ=; b=Zo0IwOxUVElz+5/R9SgaWe+gFlSYfwzCJvPVxMXsgKy9feDKn3OWXwB1 aPUaNOIvXy0htgs/il+jAf/yygMvCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1567999653; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=hM8GEbpDNDmx54EUqPbV8v8wg5+vA/A99BxtM4t2IkQ=; b=ZiHBp1LrA9dOcQRUbBUCUmgwXI1Wn4lxkhhJ55qClXZrkIpZcP98/uGH FQrfrnwIJBKS2ehczXOXOAXQuzuCnL05mBjw46QxLt0u+AD8nU5BkCam2F 2JTZDOJcoplXV50j5u2MVsd5hRiR6NaqnV7E5ZbZxrtePCjXHeleFuT/gN TwOWncdMXOY+ibehciHE0noirChx3GFti2V0cohuKl7Hl9/xeK2OrbfyBm 8n3CJi0MF0UoomatiIvt+UCqv8XbbMQFFvwI75g8Ioy6KRZqHAHng2WV/I vC9TNBG41UCLdxtRjcOM6C0vo2ZcFGzp9vdgFPVHCv0hNygAtz8HxA== Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 6C4B3F9A6 for ; Sun, 8 Sep 2019 23:27:33 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 0CE67203DC; Sun, 8 Sep 2019 23:27:29 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH v4 2/4] util/repair: identify and repair "Mixed Up" mangled messages Date: Sun, 8 Sep 2019 23:27:24 -0400 Message-Id: <20190909032726.8931-3-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.23.0 In-Reply-To: <20190909032726.8931-1-dkg@fifthhorseman.net> References: <20190909032726.8931-1-dkg@fifthhorseman.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 09 Sep 2019 03:27:37 -0000 This patch implements a functional identification and repair process for "Mixed Up" MIME messages as described in https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1 The detection test is not entirely complete, in that it does not verify the contents of the latter two message subparts, but this is probably safe to skip, because those two parts are unlikely to be readable anyway, and the only part we are effectively omitting (the first subpart) is guaranteed to be empty anyway, so its removal can be reversed if you want to do so. I've left FIXMEs in the code so that anyone excited about adding these additional checks can see where to put them in. I'll use this functionality in the next two patches. Signed-off-by: Daniel Kahn Gillmor --- util/repair.c | 79 +++++++++++++++++++++++++++++++++++++++++++++++++++ util/repair.h | 10 +++++++ 2 files changed, 89 insertions(+) diff --git a/util/repair.c b/util/repair.c index 629e6f23..829b166a 100644 --- a/util/repair.c +++ b/util/repair.c @@ -120,3 +120,82 @@ _notmuch_repair_crypto_payload_skip_legacy_display (GMimeObject *payload) return payload; } } + +/* see + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1.1 */ +static bool +_notmuch_is_mixed_up_mangled (GMimeObject *part) +{ + GMimeMultipart *mpart = NULL; + GMimeObject *first, *second, *third = NULL; + char *prelude_string = NULL; + bool prelude_is_empty; + + if (! g_mime_content_type_is_type (g_mime_object_get_content_type (part), + "multipart", "mixed")) + return false; + if (! GMIME_IS_MULTIPART (part)) + return false; + mpart = GMIME_MULTIPART (part); + if (mpart == NULL) + return false; + if (g_mime_multipart_get_count (mpart) != 3) + return false; + first = g_mime_multipart_get_part (mpart, 0); + if (! g_mime_content_type_is_type (g_mime_object_get_content_type (first), + "text", "plain")) + return false; + if (! GMIME_IS_TEXT_PART (first)) + return false; + second = g_mime_multipart_get_part (mpart, 1); + if (! g_mime_content_type_is_type (g_mime_object_get_content_type (second), + "application", "pgp-encrypted")) + return false; + third = g_mime_multipart_get_part (mpart, 2); + if (! g_mime_content_type_is_type (g_mime_object_get_content_type (third), + "application", "octet-stream")) + return false; + + /* Is first subpart length 0? */ + prelude_string = g_mime_text_part_get_text (GMIME_TEXT_PART (first)); + prelude_is_empty = ! (strcmp ("", prelude_string)); + g_free (prelude_string); + if (! prelude_is_empty) + return false; + + /* FIXME: after decoding and stripping whitespace, is second + * subpart just "Version: 1" ? */ + + /* FIXME: can we determine that third subpart is *only* PGP + * encrypted data? I tried g_mime_part_get_openpgp_data () but + * found https://github.com/jstedfast/gmime/issues/60 */ + + return true; +} + + +/* see + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1.2 */ +GMimeObject * +_notmuch_repair_mixed_up_mangled (GMimeObject *part) +{ + GMimeMultipart *mpart = NULL, *mpart_ret = NULL; + GMimeObject *ret = NULL; + + if (! _notmuch_is_mixed_up_mangled (part)) + return NULL; + mpart = GMIME_MULTIPART (part); + ret = GMIME_OBJECT (g_mime_multipart_encrypted_new ()); + if (ret == NULL) + return NULL; + mpart_ret = GMIME_MULTIPART (ret); + if (mpart_ret == NULL) { + g_object_unref (ret); + return NULL; + } + g_mime_object_set_content_type_parameter (ret, "protocol", "application/pgp-encrypted"); + + g_mime_multipart_insert (mpart_ret, 0, g_mime_multipart_get_part (mpart, 1)); + g_mime_multipart_insert (mpart_ret, 1, g_mime_multipart_get_part (mpart, 2)); + return ret; +} diff --git a/util/repair.h b/util/repair.h index 9974d693..492f5a20 100644 --- a/util/repair.h +++ b/util/repair.h @@ -25,9 +25,19 @@ extern "C" { * returned object will only be released when the original part is * disposed of. */ + GMimeObject * _notmuch_repair_crypto_payload_skip_legacy_display (GMimeObject *payload); +/* Detecting and repairing "Mixed-Up MIME mangling". see + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1 + * If this returns NULL, the message was probably not "Mixed up". If + * it returns non-NULL, then there is a newly-allocated MIME part that + * represents the repaired version. The caller is responsible for + * ensuring that any returned object is freed with g_object_unref. */ +GMimeObject * +_notmuch_repair_mixed_up_mangled (GMimeObject *part); + #ifdef __cplusplus } #endif -- 2.23.0