[PATCH] crypto: gracefully handle gmime errors

Thu Aug 31 08:17:02 PDT 2017

David Bremner <david at tethera.net> writes:

> Oh, by the way, I think this was reported already in
> id:qf5d17wzq90.fsf at google.com, but we don't have a test case.

Yep. Seems to be the same bug. Added to References.

> So if you have (or can make) a message that triggers these segfaults,
> and that you can share, that would be helpful.

The test suite has such a message already. "signature verification
(notmuch CLI)" test fails with a SIGSEGV when built with gmime-2.6.23.

T355-smime: Testing S/MIME signature verification and decryption
gpgsm: keybox '/tmp/nix-build-notmuch-0.25.drv-0/notmuch-test-8789.qe2sRf/gnupg/pubring.kbx' created
 PASS   emacs delivery of S/MIME signed message
 PASS   emacs delivery of S/MIME encrypted + signed message
 PASS   Signature verification (openssl)
 FAIL   signature verification (notmuch CLI)
	--- T355-smime.4.expected	2017-08-31 14:57:24.145052329 +0000
	+++ T355-smime.4.output	2017-08-31 14:57:24.145052329 +0000
	@@ -1,56 +1 @@
	-[
	-    [
	-        [
	-            {
	-                "body": [
	-                    {
	-                        "content": [
	-                            {
	-                                "content": "This is a test signed message.\n",
	-                                "content-type": "text/plain",
	-                                "id": 2
	-                            },
	-                            {
	-                                "content-disposition": "attachment",
	-                                "content-length": "NONZERO",
	-                                "content-transfer-encoding": "base64",
	-                                "content-type": "application/x-pkcs7-signature",
	-                                "filename": "smime.p7s",
	-                                "id": 3
	-                            }
	-                        ],
	-                        "content-type": "multipart/signed",
	-                        "id": 1,
	-                        "sigstatus": [
	-                            {
	-                                "created": 946728000,
	-                                "expires": 424242424,
	-                                "fingerprint": "616F46CD73834C63847756AF0DFB64A6E0972A47",
	-                                "status": "good"
	-                            }
	-                        ]
	-                    }
	-                ],
	-                "date_relative": "2000-01-01",
	-                "excluded": false,
	-                "filename": [
	-                    "YYYYY"
	-                ],
	-                "headers": {
	-                    "Date": "Sat, 01 Jan 2000 12:00:00 +0000",
	-                    "From": "Notmuch Test Suite <test_suite at notmuchmail.org>",
	-                    "Subject": "test signed message 001",
	-                    "To": "test_suite at notmuchmail.org"
	-                },
	-                "id": "XXXXX",
	-                "match": true,
	-                "tags": [
	-                    "inbox",
	-                    "signed"
	-                ],
	-                "timestamp": 946728000
	-            },
	-            []
	-        ]
	-    ]
	-]
	+
Failed to construct pkcs7 context.
No JSON object could be decoded
 PASS   Decryption and signature verification (openssl)

Cheers,
  Jan