pgp: ensure CRLF line endings in pgpmail reader

Ensure CRLF line endings in the pgpmail reader. Fix the pgp signature
verification for maildir and notmuch.

These backends do not return the full message body with CRLF
line endings. But the accepted OpenPGP convention is for signed data to
end with a <CR><LF> sequence (see RFC3156).

If this is not the case the signed and transmitted data are considered
not the same and thus signature verification fails.

Link: https://datatracker.ietf.org/doc/html/rfc3156

Reported-by: Tim Culverhouse <tim@timculverhouse.com>
Signed-off-by: Koni Marti <koni.marti@gmail.com>
Tested-by: Tim Culverhouse <tim@timculverhouse.com>
This commit is contained in:
Koni Marti 2022-04-22 13:38:41 +02:00 committed by Robin Jarry
parent 5e5d5a0d1f
commit 698c0957d7
2 changed files with 12 additions and 1 deletions

View File

@ -69,7 +69,7 @@ func NewMessageStoreView(messageInfo *models.MessageInfo,
if usePGP(messageInfo.BodyStructure) { if usePGP(messageInfo.BodyStructure) {
store.FetchFull([]uint32{messageInfo.Uid}, func(fm *types.FullMessage) { store.FetchFull([]uint32{messageInfo.Uid}, func(fm *types.FullMessage) {
reader := fm.Content.Reader reader := lib.NewCRLFReader(fm.Content.Reader)
pgpReader, err := pgpmail.Read(reader, Keyring, decryptKeys, nil) pgpReader, err := pgpmail.Read(reader, Keyring, decryptKeys, nil)
if err != nil { if err != nil {
cb(nil, err) cb(nil, err)

View File

@ -1,6 +1,7 @@
package lib package lib
import ( import (
"bufio"
"bytes" "bytes"
"errors" "errors"
"fmt" "fmt"
@ -271,3 +272,13 @@ func MessageInfo(raw RawMessage) (*models.MessageInfo, error) {
Error: parseErr, Error: parseErr,
}, nil }, nil
} }
// NewCRLFReader returns a reader with CRLF line endings
func NewCRLFReader(r io.Reader) io.Reader {
var buf bytes.Buffer
scanner := bufio.NewScanner(r)
for scanner.Scan() {
buf.WriteString(scanner.Text() + "\r\n")
}
return &buf
}