g_mime_multipart_signed_verify and protocol mismatch

g_mime_multipart_signed_verify and protocol mismatch

[David Bremner]

I have a bug report from a notmuch user that notmuch is unable to verify
the signature on a message with the following mime structure

└┬╴multipart/signed 29717 bytes
 ├┬╴multipart/related 18125 bytes
 │├┬╴multipart/alternative 14402 bytes
 ││├─╴text/plain 2766 bytes
 ││└─╴text/html 11223 bytes
 │└─╴image/jpeg [image001.jpg] 3372 bytes
 └─╴application/pkcs7-signature attachment [smime.p7s] 6979 bytes

The problem seems to be that the outer Content-Type declares

Content-Type: multipart/signed;
	protocol="application/x-pkcs7-signature";

while the actual signature part has

Content-Type: application/pkcs7-signature;

gmime quite correctly reports this as a mismatch, but I wonder if it
should be a tolerated mismatch? I saw there is already some attempt in
gmime to alias the two content-types, but I didn't follow the scope of
that aliasing.

Unfortunately I cannot share the message in question, but if needed I
could try to make an artificial test message with the same issue.

All the best,

David

\r

RE: [EXTERNAL] [gmime-devel] g_mime_multipart_signed_verify and protocol mismatch

[Jeffrey Stedfast]

Hi David,

Yes, I believe that GMime should be fixed to handle this case. It seems reasonable to me that both mime types should be treated as the same in cases like this.

Jeff

-----Original Message-----
From: gmime-devel-list <gmime-devel-list-bounces@gnome.org> On Behalf Of David Bremner
Sent: Monday, February 7, 2022 8:36 AM
To: gmime-devel-list@gnome.org
Cc: notmuch@notmuchmail.org; Alexander Adolf <alexander.adolf@condition-alpha.com>; Daniel Kahn Gillmor <dkg@debian.org>
Subject: [EXTERNAL] [gmime-devel] g_mime_multipart_signed_verify and protocol mismatch


I have a bug report from a notmuch user that notmuch is unable to verify the signature on a message with the following mime structure

└┬╴multipart/signed 29717 bytes
 ├┬╴multipart/related 18125 bytes
 │├┬╴multipart/alternative 14402 bytes
 ││├─╴text/plain 2766 bytes
 ││└─╴text/html 11223 bytes
 │└─╴image/jpeg [image001.jpg] 3372 bytes  └─╴application/pkcs7-signature attachment [smime.p7s] 6979 bytes

The problem seems to be that the outer Content-Type declares

Content-Type: multipart/signed;
	protocol="application/x-pkcs7-signature";

while the actual signature part has

Content-Type: application/pkcs7-signature;

gmime quite correctly reports this as a mismatch, but I wonder if it should be a tolerated mismatch? I saw there is already some attempt in gmime to alias the two content-types, but I didn't follow the scope of that aliasing.

Unfortunately I cannot share the message in question, but if needed I could try to make an artificial test message with the same issue.

All the best,

David


_______________________________________________
gmime-devel-list mailing list
gmime-devel-list@gnome.org
https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmail.gnome.org%2Fmailman%2Flistinfo%2Fgmime-devel-list&amp;data=04%7C01%7Cjestedfa%40microsoft.com%7C80fc53d536d74054f3b508d9ea3ec725%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C637798378089381179%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&amp;sdata=0JzRQVHIldHJUe8dsd%2Fsx2tVsZUJScHzEw4VfQIUi0Q%3D&amp;reserved=0\r