diff options
| author | Kevin McCarthy <kevin@8t8.us> | 2015-12-01 18:20:27 -0800 |
|---|---|---|
| committer | Kevin McCarthy <kevin@8t8.us> | 2015-12-01 18:20:27 -0800 |
| commit | caf9a8e47adbc274c83ca07adde7a03f6b98e54d (patch) | |
| tree | aa48cd61a9651f97034bd36bcd7775bb5d9f30da /crypt.c | |
| parent | dc8373ad4fbbfacf8baf2cf59a74eaa46943b672 (diff) | |
Loosen mutt_signed_handler() protocol value consistency check. (closes #3639)
Apparently, for S/MIME, some MUAs mismatch the protocol value of
the multipart/signed and the content-type of the signature: putting
"pkcs7-signature" in one and "x-pkcs7-signature" in the other.
Change mutt_signed_handler() to independently verify the values of the
protocol and the content-type. This still checks for correct values but
doesn't ensure they match between the two (for S/MIME).
Diffstat (limited to 'crypt.c')
| -rw-r--r-- | crypt.c | 79 |
1 files changed, 36 insertions, 43 deletions
@@ -879,9 +879,8 @@ static void crypt_fetch_signatures (BODY ***signatures, BODY *a, int *n) int mutt_signed_handler (BODY *a, STATE *s) { char tempfile[_POSIX_PATH_MAX]; - char *protocol; - int protocol_major = TYPEOTHER; - char *protocol_minor = NULL; + int signed_type; + int inconsistent = 0; BODY *b = a; BODY **signatures = NULL; @@ -893,29 +892,44 @@ int mutt_signed_handler (BODY *a, STATE *s) if (!WithCrypto) return -1; - protocol = mutt_get_parameter ("protocol", a->parameter); a = a->parts; - - /* extract the protocol information */ - - if (protocol) + signed_type = mutt_is_multipart_signed (b); + if (!signed_type) { - char major[STRING]; - char *t; - - if ((protocol_minor = strchr (protocol, '/'))) protocol_minor++; - - strfcpy (major, protocol, sizeof(major)); - if((t = strchr(major, '/'))) - *t = '\0'; - - protocol_major = mutt_check_mime_type (major); + /* A null protocol value is already checked for in mutt_body_handler() */ + state_printf (s, _("[-- Error: " + "Unknown multipart/signed protocol %s! --]\n\n"), + mutt_get_parameter ("protocol", b->parameter)); + return mutt_body_handler (a, s); } - /* consistency check */ - - if (!(a && a->next && a->next->type == protocol_major && - !mutt_strcasecmp (a->next->subtype, protocol_minor))) + if (!(a && a->next)) + inconsistent = 1; + else + { + switch (signed_type) + { + case SIGN: + if (a->next->type != TYPEMULTIPART || + ascii_strcasecmp (a->next->subtype, "mixed")) + inconsistent = 1; + break; + case PGPSIGN: + if (a->next->type != TYPEAPPLICATION || + ascii_strcasecmp (a->next->subtype, "pgp-signature")) + inconsistent = 1; + break; + case SMIMESIGN: + if (a->next->type != TYPEAPPLICATION || + (ascii_strcasecmp (a->next->subtype, "x-pkcs7-signature") && + ascii_strcasecmp (a->next->subtype, "pkcs7-signature"))) + inconsistent = 1; + break; + default: + inconsistent = 1; + } + } + if (inconsistent) { state_attach_puts (_("[-- Error: " "Inconsistent multipart/signed structure! --]\n\n"), @@ -923,27 +937,6 @@ int mutt_signed_handler (BODY *a, STATE *s) return mutt_body_handler (a, s); } - - if ((WithCrypto & APPLICATION_PGP) - && protocol_major == TYPEAPPLICATION - && !ascii_strcasecmp (protocol_minor, "pgp-signature")) - ; - else if ((WithCrypto & APPLICATION_SMIME) - && protocol_major == TYPEAPPLICATION - && !(ascii_strcasecmp (protocol_minor, "x-pkcs7-signature") - && ascii_strcasecmp (protocol_minor, "pkcs7-signature"))) - ; - else if (protocol_major == TYPEMULTIPART - && !ascii_strcasecmp (protocol_minor, "mixed")) - ; - else - { - state_printf (s, _("[-- Error: " - "Unknown multipart/signed protocol %s! --]\n\n"), - protocol); - return mutt_body_handler (a, s); - } - if (s->flags & M_DISPLAY) { |