stalwartlabs/mail-server
1
1
Fork 0
mirror of https://github.com/stalwartlabs/mail-server.git synced 2025-10-06 02:34:43 +08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Avoid double encrypting PGP parts encoded as plain text (fixes #1083)

Browse source
This commit is contained in:
mdecimus 2025-01-11 12:34:48 +01:00
parent 5af0fb4462
commit 013c580201
3 changed files with 156 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
crates/jmap/src/email/crypto.rs
View file

@ -17,7 +17,7 @@ use common::{auth::AccessToken, Server};
use directory::backend::internal::manage; use directory::backend::internal::manage;
use jmap_proto::types::{collection::Collection, property::Property}; use jmap_proto::types::{collection::Collection, property::Property};
use mail_builder::{encoders::base64::base64_encode_mime, mime::make_boundary}; use mail_builder::{encoders::base64::base64_encode_mime, mime::make_boundary};
use mail_parser::{decoders::base64::base64_decode, Message, MessageParser, MimeHeaders}; use mail_parser::{decoders::base64::base64_decode, Message, MessageParser, MimeHeaders, PartType};
use openpgp::{ use openpgp::{
parse::Parse, parse::Parse,
serialize::stream, serialize::stream,
@ -372,7 +372,7 @@ impl EncryptMessage for Message<'_> {
} }
fn is_encrypted(&self) -> bool { fn is_encrypted(&self) -> bool {
self.content_type().is_some_and(|ct| { if self.content_type().is_some_and(|ct| {
let main_type = ct.c_type.as_ref(); let main_type = ct.c_type.as_ref();
let sub_type = ct let sub_type = ct
.c_subtype .c_subtype
@ -390,7 +390,37 @@ impl EncryptMessage for Message<'_> {
})))) }))))
|| (main_type.eq_ignore_ascii_case("multipart") || (main_type.eq_ignore_ascii_case("multipart")
&& sub_type.eq_ignore_ascii_case("encrypted")) && sub_type.eq_ignore_ascii_case("encrypted"))
}) }) {
return true;
}
if self.parts.len() <= 2 {
let mut text_part = None;
let mut is_multipart = false;
for part in &self.parts {
match &part.body {
PartType::Text(text) => {
text_part = Some(text.as_ref());
}
PartType::Multipart(_) => {
is_multipart = true;
}
_ => (),
}
}
match text_part {
Some(text) if self.parts.len() == 1 || is_multipart => {
if text.trim_start().starts_with("-----BEGIN PGP MESSAGE-----") {
return true;
}
}
_ => (),
}
}
false
} }
} }

134
tests/resources/crypto/is_encrypted.txt
View file

@ -4,14 +4,14 @@ Content-Type: multipart/encrypted;
boundary="17778885806d6b28_46555a54adda6fa5_d83705f326a6b951" boundary="17778885806d6b28_46555a54adda6fa5_d83705f326a6b951"
body body
--- !!!
Subject: FALSE Subject: FALSE
Content-Type: multipart/signed; Content-Type: multipart/signed;
protocol="application/pkcs7-signature"; protocol="application/pkcs7-signature";
boundary="17778885806d6b28_46555a54adda6fa5_d83705f326a6b951" boundary="17778885806d6b28_46555a54adda6fa5_d83705f326a6b951"
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/pkcs7-mime; Content-Type: application/pkcs7-mime;
name="smime.p7m"; name="smime.p7m";
@ -21,7 +21,7 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/pkcs7-signature; Content-Type: application/pkcs7-signature;
name="smime.p7s"; smime-type="signed-data" name="smime.p7s"; smime-type="signed-data"
@ -30,7 +30,7 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/octet-stream; Content-Type: application/octet-stream;
name="smime.p7m" name="smime.p7m"
@ -39,14 +39,14 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/octet-stream; Content-Type: application/octet-stream;
name="smime.p7m" name="smime.p7m"
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/octet-stream Content-Type: application/octet-stream
Content-Disposition: attachment; Content-Disposition: attachment;
@ -54,7 +54,7 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/octet-stream Content-Type: application/octet-stream
Content-Disposition: attachment; Content-Disposition: attachment;
@ -62,7 +62,7 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/octet-stream Content-Type: application/octet-stream
Content-Disposition: attachment; Content-Disposition: attachment;
@ -70,7 +70,7 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: TRUE Subject: TRUE
Content-Type: application/octet-stream Content-Type: application/octet-stream
Content-Disposition: attachment; Content-Disposition: attachment;
@ -78,7 +78,7 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: FALSE Subject: FALSE
Content-Type: application/octet-stream Content-Type: application/octet-stream
Content-Disposition: attachment; Content-Disposition: attachment;
@ -86,16 +86,126 @@ Content-Disposition: attachment;
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: FALSE Subject: FALSE
Content-Type: application/octet-stream Content-Type: application/octet-stream
Content-Disposition: attachment Content-Disposition: attachment
Content-Transfer-Encoding: base64 Content-Transfer-Encoding: base64
body body
--- !!!
Subject: FALSE Subject: FALSE
Content-Type: multipart/mixed; Content-Type: multipart/mixed;
boundary="17778885806d6b28_46555a54adda6fa5_d83705f326a6b951" boundary="17778885806d6b28_46555a54adda6fa5_d83705f326a6b951"
body body
!!!
Subject: TRUE
Content-Type: multipart/mixed; boundary="----sinikael-?=_1-17364333937490.28304631087789"
------sinikael-?=_1-17364333937490.28304631087789
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP MESSAGE-----
Version: Mailvelope v6.0.1
Comment: https://mailvelope.com
wcFMAy3n9oegk2NSARAApgl4nuztm5uxuCe+7ISW9Ox+315/pCHZmOUibORX
xGEbUs+ZgTqKIdYMet3+zSS70ykgjZDvh+cLm1oGmD5ZzLxSMjhgLpqrA0tG
3GB3gus844irLGBjVwgTuwAKhRz/CYaqlKGOloQkvcwRwy3N8UY8KG/WqD63
g9WQKYc+8+cR4wfQ0PSzZL6HexdT2LE2mWgKxStwDbbkwZumR0qZy4OvyI6O
zFCZSaz3F3VnDGbQgo5hK8Iynf25sC54P/E0ykdG6QpJZPo/ASoWePv0XyT6
wRiqq2cx366P6lxB3CJyjn+qRCfcXz0XXYejHmuI++S6ucNS4JcIhpuoi+tv
8b7pSy/6yQEKLyUhPfUmvFLxBm10bu8E9uhsmZnpiSnBsEGkLm/l9TFbOOSd
9nK0NeEVfqfIi25bxVJtRcYryf7BpjmgEdKlmF8Efeb1RpaI8IwVc6E7AhYB
c1vz1gN6BQ5ePtlHDFKxFV3jIqBKck8h2GSFGEYOXyTT+3tgFkqv/SuAUed9
X0bCjy7v578nsNieoyy/133X1+mu7L8rdADEAHhU/WLQ9VY/xu6GhNA0vzU8
yVQfSEJ1DJ4awU9Cn1mrbVg3vD/jpQzs67Sd33gC8xMqA9ZFOmXrnR4V1wkz
Y8XobC+UY6o9qn/Oz5mEtZG8rItYJ/bPOSSlFP6kXVrBwUwD8GquMWN8AUEB
D/9IVPN/qCtuhF+9jIjrxiw+agmeqUPWBEmLLZYL6xivP7Bn5bOJb6wwgU4e
IRIoh3Q5AKLvqN26BPePM16yZ6Z6qxTP/CFT5mOQQbj+3TH6fYD1ui74FoyR
+szTfntIdUOShKqogSKoRytMXheR+4TW7/D525ohRUsz71pfdCxqYC+k/vXr
ffl7lkv/V7GkPJ5fT+CantgLqXVevCIKOMVDVBT6G92t8Zn0klqv+MfVsZ3V
6FbwcqS+GxsCNezSdT1+K2yPja0fZffQOHD6nLDyIZmcr8KrCmP1MPY5LKJw
bMVCbYz0CrRl9d6JJGZOq+yapVOc0CDxWmxhGJP3M9OiCvGoPz3l+fDdNJ0f
dmxEv8c/I5t+AELxLMBa4aPuGE3pZQj4zyzhC3gnK5n9bqFecHl2+Kz+aVsi
4B1xZXIPT+XmlXM4rgCtuMlKZ6YkGRWiAnC8jok/k4iPaN7mfKbos0xwa187
haMjKKFVP8YvXlYpGeuvP3C2/oBxwsw9WihqL2tLTEE60ZgDEKWcZ3zwVKjl
bSNeDsWXlj+vIletdDyH/AMhyDOnUDc4bTkRW7W8ntq3fi8XmpQjHzW02BEd
Wq1Y/bV7nlh97Y7d3z5zlLhQnKrrP5IyQdOkd2WGpU39cDZe6XE6arQZKGVT
upnuX3Q48Hm6oSga+cydngjShtLCFQF/MFCZVYydjhe+KtzZCYBZ8nCMRxcV
PTuACJtUqOR/z5aPgRjM14accCYDwJ0Dm51h5LuEzYFDJjcdFbVSVfvnCy5a
b9h6VBCpWieI6ubAzYKKJxGwp/OcoaQyYPjwlNQyTSb7omZPsAtFpTALNXbU
CIM2cFnD/MMvgEHCuqPZoKh0YdQxYV50p36Wa/rMvTfW+S1T2neWGD6kMDWZ
I651K+HBCQV6INrJk5ugvCt26/l8+Y75cnGEKbkyJgt+NGjULX3jjPawhvwN
0EKx8hYwASuJ3E71iAXga7oSMRemDk4ZXoz+PDngoWtcoXcdQNMiVymOt6iZ
P5ImSQXkId1XZYjS3+1t+Sk8WgUi5kvu4WP3hm1Ovjd1kXTy3lqXpfci23si
eZofjs9DLldkV5xtOwWVx/B1UkqvtD2BuwcDWgvGEm2LEn4/eXkHUTzHLs4j
T9s454HasmVfd+4/koBdD6ASDqFf5Ue14OonsXvIvLop2CgUHxDVffr1onSk
K9r0kKxe9iAFZ8KYpf2Do/FPTL8BIXjHC2vfJ05wl262xs7uNMdgWm4+NP/q
uVNOoXByZIDEPixx7jimKhlEIZx36AbsI+OB5cV1Pr5SSbO3w205ALol+xKN
TPJiaQDH8qNXX+9j4JfO8uWvDmhPUe83bm/mHg4wf/39+PNQptwmhLH9iXtC
Czqgmr1vUNd/8dLgQuqVn/R3uUbGeWmKD9cqURWcvumbq+rFWPl1N7T7VRfc
XGDnMBNBmLke2YO8XUY561lqKekfS/2fekSdz005sI2cnGmy5LLh+kPN6opz
0pA2kSskbfSQqJmEdjKQU3oGEzEgwvOXjFwT7cChevgLEmDBkQXTDuEeo3Kb
KnwaNPnodzaNXAfZh/NylEgcUFjEx6crZMN3ztl8zsvAvP4P0BPmixZ89G80
5fkw+PwLe2vPtuObvuY+ezbJGb1jV0tWZFXF
=3DaQyM
-----END PGP MESSAGE-----
------sinikael-?=_1-17364333937490.28304631087789--
!!!
Subject: TRUE
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable
-----BEGIN PGP MESSAGE-----
Version: Mailvelope v6.0.1
Comment: https://mailvelope.com
wcFMAy3n9oegk2NSARAApgl4nuztm5uxuCe+7ISW9Ox+315/pCHZmOUibORX
xGEbUs+ZgTqKIdYMet3+zSS70ykgjZDvh+cLm1oGmD5ZzLxSMjhgLpqrA0tG
3GB3gus844irLGBjVwgTuwAKhRz/CYaqlKGOloQkvcwRwy3N8UY8KG/WqD63
g9WQKYc+8+cR4wfQ0PSzZL6HexdT2LE2mWgKxStwDbbkwZumR0qZy4OvyI6O
zFCZSaz3F3VnDGbQgo5hK8Iynf25sC54P/E0ykdG6QpJZPo/ASoWePv0XyT6
wRiqq2cx366P6lxB3CJyjn+qRCfcXz0XXYejHmuI++S6ucNS4JcIhpuoi+tv
8b7pSy/6yQEKLyUhPfUmvFLxBm10bu8E9uhsmZnpiSnBsEGkLm/l9TFbOOSd
9nK0NeEVfqfIi25bxVJtRcYryf7BpjmgEdKlmF8Efeb1RpaI8IwVc6E7AhYB
c1vz1gN6BQ5ePtlHDFKxFV3jIqBKck8h2GSFGEYOXyTT+3tgFkqv/SuAUed9
X0bCjy7v578nsNieoyy/133X1+mu7L8rdADEAHhU/WLQ9VY/xu6GhNA0vzU8
yVQfSEJ1DJ4awU9Cn1mrbVg3vD/jpQzs67Sd33gC8xMqA9ZFOmXrnR4V1wkz
Y8XobC+UY6o9qn/Oz5mEtZG8rItYJ/bPOSSlFP6kXVrBwUwD8GquMWN8AUEB
D/9IVPN/qCtuhF+9jIjrxiw+agmeqUPWBEmLLZYL6xivP7Bn5bOJb6wwgU4e
IRIoh3Q5AKLvqN26BPePM16yZ6Z6qxTP/CFT5mOQQbj+3TH6fYD1ui74FoyR
+szTfntIdUOShKqogSKoRytMXheR+4TW7/D525ohRUsz71pfdCxqYC+k/vXr
ffl7lkv/V7GkPJ5fT+CantgLqXVevCIKOMVDVBT6G92t8Zn0klqv+MfVsZ3V
6FbwcqS+GxsCNezSdT1+K2yPja0fZffQOHD6nLDyIZmcr8KrCmP1MPY5LKJw
bMVCbYz0CrRl9d6JJGZOq+yapVOc0CDxWmxhGJP3M9OiCvGoPz3l+fDdNJ0f
dmxEv8c/I5t+AELxLMBa4aPuGE3pZQj4zyzhC3gnK5n9bqFecHl2+Kz+aVsi
4B1xZXIPT+XmlXM4rgCtuMlKZ6YkGRWiAnC8jok/k4iPaN7mfKbos0xwa187
haMjKKFVP8YvXlYpGeuvP3C2/oBxwsw9WihqL2tLTEE60ZgDEKWcZ3zwVKjl
bSNeDsWXlj+vIletdDyH/AMhyDOnUDc4bTkRW7W8ntq3fi8XmpQjHzW02BEd
Wq1Y/bV7nlh97Y7d3z5zlLhQnKrrP5IyQdOkd2WGpU39cDZe6XE6arQZKGVT
upnuX3Q48Hm6oSga+cydngjShtLCFQF/MFCZVYydjhe+KtzZCYBZ8nCMRxcV
PTuACJtUqOR/z5aPgRjM14accCYDwJ0Dm51h5LuEzYFDJjcdFbVSVfvnCy5a
b9h6VBCpWieI6ubAzYKKJxGwp/OcoaQyYPjwlNQyTSb7omZPsAtFpTALNXbU
CIM2cFnD/MMvgEHCuqPZoKh0YdQxYV50p36Wa/rMvTfW+S1T2neWGD6kMDWZ
I651K+HBCQV6INrJk5ugvCt26/l8+Y75cnGEKbkyJgt+NGjULX3jjPawhvwN
0EKx8hYwASuJ3E71iAXga7oSMRemDk4ZXoz+PDngoWtcoXcdQNMiVymOt6iZ
P5ImSQXkId1XZYjS3+1t+Sk8WgUi5kvu4WP3hm1Ovjd1kXTy3lqXpfci23si
eZofjs9DLldkV5xtOwWVx/B1UkqvtD2BuwcDWgvGEm2LEn4/eXkHUTzHLs4j
T9s454HasmVfd+4/koBdD6ASDqFf5Ue14OonsXvIvLop2CgUHxDVffr1onSk
K9r0kKxe9iAFZ8KYpf2Do/FPTL8BIXjHC2vfJ05wl262xs7uNMdgWm4+NP/q
uVNOoXByZIDEPixx7jimKhlEIZx36AbsI+OB5cV1Pr5SSbO3w205ALol+xKN
TPJiaQDH8qNXX+9j4JfO8uWvDmhPUe83bm/mHg4wf/39+PNQptwmhLH9iXtC
Czqgmr1vUNd/8dLgQuqVn/R3uUbGeWmKD9cqURWcvumbq+rFWPl1N7T7VRfc
XGDnMBNBmLke2YO8XUY561lqKekfS/2fekSdz005sI2cnGmy5LLh+kPN6opz
0pA2kSskbfSQqJmEdjKQU3oGEzEgwvOXjFwT7cChevgLEmDBkQXTDuEeo3Kb
KnwaNPnodzaNXAfZh/NylEgcUFjEx6crZMN3ztl8zsvAvP4P0BPmixZ89G80
5fkw+PwLe2vPtuObvuY+ezbJGb1jV0tWZFXF
=3DaQyM
-----END PGP MESSAGE-----

2
tests/src/jmap/crypto.rs
View file

@ -241,7 +241,7 @@ pub fn check_is_encrypted() {
) )
.unwrap(); .unwrap();
for raw_message in messages.split("---") { for raw_message in messages.split("!!!") {
let is_encrypted = raw_message.contains("TRUE"); let is_encrypted = raw_message.contains("TRUE");
let message = MessageParser::new() let message = MessageParser::new()
.parse(raw_message.trim().as_bytes()) .parse(raw_message.trim().as_bytes())