From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id C7E8A6DE0C3B for ; Sun, 15 Sep 2019 00:38:56 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -1.636 X-Spam-Level: X-Spam-Status: No, score=-1.636 tagged_above=-999 required=5 tests=[AWL=0.865, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8zKK9ALAKjuC for ; Sun, 15 Sep 2019 00:38:54 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 95E8A6DE09ED for ; Sun, 15 Sep 2019 00:38:54 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1568533132; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=4I9/19/t+Y+uxJjwJzsqc1aeJl5CkfLHRilLPCTtvdM=; b=d8jXNzeZ3RKE7d/ZCmnId+FgrjqblvfTD1Y5e8pYijPpiDoP3SLiHma7 CZzUpaBxQXyRIpUL9iogHkKUI53kDw== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1568533132; h=from : to : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding : from; bh=4I9/19/t+Y+uxJjwJzsqc1aeJl5CkfLHRilLPCTtvdM=; b=LFvMTMRfnjVo6oP+anOwqXR9Nc1OkNbHh9nt1dCrEkUmSYFeJxnYbPaA VA8XHXC233U/jSVOnMxg7bZoCSALe3tIlMg2g1/scx2QzN0mSKNKBRR8bh h7mvEaA9L7nkUercgAcNbs3iAA2tt6vGqcXimB9FRGzwUr/5VCjAEhUhA/ e/S81ja0pNIirLDxVLhQ4hfpARoZ8ETLlwpDyHCHuj8199ACnPaG1/2jr7 66cIr9WNjSeVtHJjwat7XDVoFZ4M0BeiUiB8BC+AQAbvCyFbhg1a1emjTw CO/n9wlSul1KKdIAR9b4IyiS4FYQTglcnlmzjevkt4d1zRZ/QmKA/w== Received: from fifthhorseman.net (unknown [IPv6:2001:470:1f07:60d:c41:39ff:fef3:974f]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 75CD7F9A8 for ; Sun, 15 Sep 2019 03:38:52 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id C3CA020736; Sun, 15 Sep 2019 03:38:45 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH v5 2/4] util/repair: identify and repair "Mixed Up" mangled messages Date: Sun, 15 Sep 2019 03:38:45 -0400 Message-Id: <20190915073845.12868-1-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.23.0 In-Reply-To: <87ftky104a.fsf@fifthhorseman.net> References: <87ftky104a.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Sep 2019 07:38:56 -0000 This patch implements a functional identification and repair process for "Mixed Up" MIME messages as described in https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1 The detection test is not entirely complete, in that it does not verify the contents of the latter two message subparts, but this is probably safe to skip, because those two parts are unlikely to be readable anyway, and the only part we are effectively omitting (the first subpart) is guaranteed to be empty anyway, so its removal can be reversed if you want to do so. I've left FIXMEs in the code so that anyone excited about adding these additional checks can see where to put them in. I'll use this functionality in the next two patches. Signed-off-by: Daniel Kahn Gillmor --- util/repair.c | 84 +++++++++++++++++++++++++++++++++++++++++++++++++++ util/repair.h | 10 ++++++ 2 files changed, 94 insertions(+) diff --git a/util/repair.c b/util/repair.c index 629e6f23..9fba97b7 100644 --- a/util/repair.c +++ b/util/repair.c @@ -120,3 +120,87 @@ _notmuch_repair_crypto_payload_skip_legacy_display (GMimeObject *payload) return payload; } } + +/* see + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1.1 */ +static bool +_notmuch_is_mixed_up_mangled (GMimeObject *part) +{ + GMimeMultipart *mpart = NULL; + GMimeObject *parts[3] = {NULL, NULL, NULL}; + GMimeContentType *type = NULL; + char *prelude_string = NULL; + bool prelude_is_empty; + + if (part == NULL) + return false; + type = g_mime_object_get_content_type (part); + if (type == NULL) + return false; + if (! g_mime_content_type_is_type (type, "multipart", "mixed")) + return false; + if (! GMIME_IS_MULTIPART (part)) /* probably impossible */ + return false; + mpart = GMIME_MULTIPART (part); + if (mpart == NULL) + return false; + if (g_mime_multipart_get_count (mpart) != 3) + return false; + parts[0] = g_mime_multipart_get_part (mpart, 0); + if (! g_mime_content_type_is_type (g_mime_object_get_content_type (parts[0]), + "text", "plain")) + return false; + if (! GMIME_IS_TEXT_PART (parts[0])) + return false; + parts[1] = g_mime_multipart_get_part (mpart, 1); + if (! g_mime_content_type_is_type (g_mime_object_get_content_type (parts[1]), + "application", "pgp-encrypted")) + return false; + parts[2] = g_mime_multipart_get_part (mpart, 2); + if (! g_mime_content_type_is_type (g_mime_object_get_content_type (parts[2]), + "application", "octet-stream")) + return false; + + /* Is parts[0] length 0? */ + prelude_string = g_mime_text_part_get_text (GMIME_TEXT_PART (parts[0])); + prelude_is_empty = (prelude_string[0] == '\0'); + g_free (prelude_string); + if (! prelude_is_empty) + return false; + + /* FIXME: after decoding and stripping whitespace, is parts[1] + * subpart just "Version: 1" ? */ + + /* FIXME: can we determine that parts[2] subpart is *only* PGP + * encrypted data? I tried g_mime_part_get_openpgp_data () but + * found https://github.com/jstedfast/gmime/issues/60 */ + + return true; +} + + +/* see + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1.2 */ +GMimeObject * +_notmuch_repair_mixed_up_mangled (GMimeObject *part) +{ + GMimeMultipart *mpart = NULL, *mpart_ret = NULL; + GMimeObject *ret = NULL; + + if (! _notmuch_is_mixed_up_mangled (part)) + return NULL; + mpart = GMIME_MULTIPART (part); + ret = GMIME_OBJECT (g_mime_multipart_encrypted_new ()); + if (ret == NULL) + return NULL; + mpart_ret = GMIME_MULTIPART (ret); + if (mpart_ret == NULL) { + g_object_unref (ret); + return NULL; + } + g_mime_object_set_content_type_parameter (ret, "protocol", "application/pgp-encrypted"); + + g_mime_multipart_insert (mpart_ret, 0, g_mime_multipart_get_part (mpart, 1)); + g_mime_multipart_insert (mpart_ret, 1, g_mime_multipart_get_part (mpart, 2)); + return ret; +} diff --git a/util/repair.h b/util/repair.h index 9974d693..492f5a20 100644 --- a/util/repair.h +++ b/util/repair.h @@ -25,9 +25,19 @@ extern "C" { * returned object will only be released when the original part is * disposed of. */ + GMimeObject * _notmuch_repair_crypto_payload_skip_legacy_display (GMimeObject *payload); +/* Detecting and repairing "Mixed-Up MIME mangling". see + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1 + * If this returns NULL, the message was probably not "Mixed up". If + * it returns non-NULL, then there is a newly-allocated MIME part that + * represents the repaired version. The caller is responsible for + * ensuring that any returned object is freed with g_object_unref. */ +GMimeObject * +_notmuch_repair_mixed_up_mangled (GMimeObject *part); + #ifdef __cplusplus } #endif -- 2.23.0