cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-21 13:28:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix OpenPGP payload check

Browse Source 
Replace \r\r\n in literal.eml test with \r\n
to make `test_filtermail_no_literal_packets`
actually reach `check_openpgp_payload()`
and make `check_openpgp_payload()` more strict.
This commit is contained in:
link2xt
2024-10-22 18:00:34 +00:00
parent bbf508d95e
commit 5055434e48
3 changed files with 52 additions and 54 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@@ -39,6 +39,9 @@
- add IMAP capabilities instead of overwriting them - add IMAP capabilities instead of overwriting them
([#413](https://github.com/deltachat/chatmail/pull/413)) ([#413](https://github.com/deltachat/chatmail/pull/413))
- fix OpenPGP payload check
([#435](https://github.com/deltachat/chatmail/pull/435))
## 1.4.1 2024-07-31 ## 1.4.1 2024-07-31

17
chatmaild/src/chatmaild/filtermail.py
View File

@@ -60,10 +60,11 @@ def check_openpgp_payload(payload: bytes):
i += body_len i += body_len
if i == len(payload): if i == len(payload):
if packet_type_id == 18: # Last packet should be
# Last packet should be # Symmetrically Encrypted and Integrity Protected Data Packet (SEIPD)
# Symmetrically Encrypted and Integrity Protected Data Packet (SEIPD) #
return True # This is the only place where this function may return `True`.
return packet_type_id == 18
elif packet_type_id not in [1, 3]: elif packet_type_id not in [1, 3]:
# All packets except the last one must be either # All packets except the last one must be either
# Public-Key Encrypted Session Key Packet (PKESK) # Public-Key Encrypted Session Key Packet (PKESK)
@@ -71,13 +72,7 @@ def check_openpgp_payload(payload: bytes):
# Symmetric-Key Encrypted Session Key Packet (SKESK) # Symmetric-Key Encrypted Session Key Packet (SKESK)
return False return False
if i == 0: return False
return False
if i > len(payload):
# Payload is truncated.
return False
return True
def check_armored_payload(payload: str): def check_armored_payload(payload: str):

86
chatmaild/src/chatmaild/tests/mail-data/literal.eml
View File

@@ -1,44 +1,44 @@
From: {from_addr} From: {from_addr}
To: {to_addr}
To: {to_addr} Subject: ...
Date: Sun, 15 Oct 2023 16:43:21 +0000
Subject: ... Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org>
In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
Date: Sun, 15 Oct 2023 16:43:21 +0000 References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org>
<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org>
Message-ID: <Mr.UVyJWZmkCKM.hGzNc6glBE_@c2.testrun.org> Chat-Version: 1.0
Autocrypt: addr={from_addr}; prefer-encrypt=mutual;
In-Reply-To: <Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org> keydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH
rNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID
References: <Mr.3gckbNy5bch.uK3Hd2Ws6-w@c2.testrun.org> FgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW
XQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK
<Mr.MvmCz-GQbi_.6FGRkhDf05c@c2.testrun.org> KwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ
JlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP
Chat-Version: 1.0 IXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO
MIME-Version: 1.0
Autocrypt: addr={from_addr}; prefer-encrypt=mutual; Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="YFrteb74qSXmggbOxZL9dRnhymywAi"
keydata=xjMEZSwWjhYJKwYBBAHaRw8BAQdAQBEhqeJh0GueHB6kF/DUQqYCxARNBVokg/AzT+7LqH
rNFzxiYXJiYXpAYzIudGVzdHJ1bi5vcmc+wosEEBYIADMCGQEFAmUsFo4CGwMECwkIBwYVCAkKCwID --YFrteb74qSXmggbOxZL9dRnhymywAi
Content-Description: PGP/MIME version identification
FgIBFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX9A4AEAnHWHp49eBCMHK5t66gYPiW Content-Type: application/pgp-encrypted
XQuB1mwUjzGfYWB+0RXUoA/0xcQ3FbUNlGKW7Blp6eMFfViv6Mv2d3kNSXACB6nmcMzjgEZSwWjhIK Version: 1
KwYBBAGXVQEFAQEHQBpY5L2M1XHo0uxf8SX1wNLBp/OVvidoWHQF2Jz+kJsUAwEIB8J4BBgWCAAgBQ
--YFrteb74qSXmggbOxZL9dRnhymywAi
JlLBaOAhsMFiEEFTfUNvVnY3b9F7yHnmme1PfUhX8ACgkQnmme1PfUhX/INgEA37AJaNvruYsJVanP Content-Description: OpenPGP encrypted message
Content-Disposition: inline; filename="encrypted.asc";
IXnYw4CKd55UAwl8Zcy+M2diAbkA/0fHHcGV4r78hpbbL1Os52DPOdqYQRauIeJUeG+G6bQO Content-Type: application/octet-stream; name="encrypted.asc"
MIME-Version: 1.0 -----BEGIN PGP MESSAGE-----
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; yxJiAAAAAABIZWxsbyB3b3JsZCE=
=1I/B
boundary="YFrteb74qSXmggbOxZL9dRnhymywAi" -----END PGP MESSAGE-----
--YFrteb74qSXmggbOxZL9dRnhymywAi--