[PATCH v4 2/4] util/repair: identify and repair "Mixed Up" mangled messages

David Bremner david at tethera.net
Fri Sep 13 18:58:27 PDT 2019 

Daniel Kahn Gillmor <dkg at fifthhorseman.net> writes:

> +/* see
> + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1.1 */
> +static bool
> +_notmuch_is_mixed_up_mangled (GMimeObject *part)
> +{
> +    GMimeMultipart *mpart = NULL;
> +    GMimeObject *first, *second, *third = NULL;
> +    char *prelude_string = NULL;
> +    bool prelude_is_empty;
> +
> +    if (! g_mime_content_type_is_type (g_mime_object_get_content_type (part),
> +				       "multipart", "mixed"))
> +	return false;

Can g_mime_object_get_content_type plausibly fail (and return NULL) here?

> +    if (! GMIME_IS_MULTIPART (part))
> +	return false;

I guess this happens if the mime structure does not match the content
type declaration? Not sure if this needs a comment or if it's clear
enough.

> +    mpart = GMIME_MULTIPART (part);
> +    if (mpart == NULL)
> +	return false;
> +    if (g_mime_multipart_get_count (mpart) != 3)
> +	return false;
> +    first = g_mime_multipart_get_part (mpart, 0);

there's a slight cognitive dissonance for me between the zero and one
based indexing schemes here. part0, part1, and part2? or maybe an
GMimeObject *part[3]
 
> +    if (! g_mime_content_type_is_type (g_mime_object_get_content_type (first),
> +				       "text", "plain"))
> +	return false;
> +    if (! GMIME_IS_TEXT_PART (first))
> +	return false;
> +    second = g_mime_multipart_get_part (mpart, 1);
> +    if (! g_mime_content_type_is_type (g_mime_object_get_content_type (second),
> +				       "application", "pgp-encrypted"))
> +	return false;
> +    third = g_mime_multipart_get_part (mpart, 2);
> +    if (! g_mime_content_type_is_type (g_mime_object_get_content_type (third),
> +				       "application", "octet-stream"))
> +	return false;
> +
> +    /* Is first subpart length 0? */
> +    prelude_string = g_mime_text_part_get_text (GMIME_TEXT_PART (first));
> +    prelude_is_empty = ! (strcmp ("", prelude_string));
> +    g_free (prelude_string);

It might make sense to use the EMPTY_STRING macro here, although
currently it's only accesible via notmuch-private.h

> +    if (! prelude_is_empty)
> +	return false;
> +
> +    /* FIXME: after decoding and stripping whitespace, is second
> +     * subpart just "Version: 1" ? */
> +
> +    /* FIXME: can we determine that third subpart is *only* PGP
> +     * encrypted data?  I tried g_mime_part_get_openpgp_data () but
> +     * found https://github.com/jstedfast/gmime/issues/60 */
> +
> +    return true;
> +}
> +
> +
> +/* see
> + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1.2 */
> +GMimeObject *
> +_notmuch_repair_mixed_up_mangled (GMimeObject *part)
> +{
> +    GMimeMultipart *mpart = NULL, *mpart_ret = NULL;
> +    GMimeObject *ret = NULL;
> +
> +    if (! _notmuch_is_mixed_up_mangled (part))
> +	return NULL;
> +    mpart = GMIME_MULTIPART (part);
> +    ret = GMIME_OBJECT (g_mime_multipart_encrypted_new ());
> +    if (ret == NULL)
> +	return NULL;
> +    mpart_ret = GMIME_MULTIPART (ret);
> +    if (mpart_ret == NULL) {
> +	g_object_unref (ret);
> +	return NULL;
> +    }
> +    g_mime_object_set_content_type_parameter (ret, "protocol", "application/pgp-encrypted");
> +
> +    g_mime_multipart_insert (mpart_ret, 0, g_mime_multipart_get_part (mpart, 1));
> +    g_mime_multipart_insert (mpart_ret, 1, g_mime_multipart_get_part (mpart, 2));
> +    return ret;
> +}
> diff --git a/util/repair.h b/util/repair.h
> index 9974d693..492f5a20 100644
> --- a/util/repair.h
> +++ b/util/repair.h
> @@ -25,9 +25,19 @@ extern "C" {
>   * returned object will only be released when the original part is
>   * disposed of.
>   */
> +
>  GMimeObject *
>  _notmuch_repair_crypto_payload_skip_legacy_display (GMimeObject *payload);
>  
> +/* Detecting and repairing "Mixed-Up MIME mangling". see
> + * https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00#section-4.1
> + * If this returns NULL, the message was probably not "Mixed up".  If
> + * it returns non-NULL, then there is a newly-allocated MIME part that
> + * represents the repaired version.  The caller is responsible for
> + * ensuring that any returned object is freed with g_object_unref. */
> +GMimeObject *
> +_notmuch_repair_mixed_up_mangled (GMimeObject *part);
> +
>  #ifdef __cplusplus
>  }
>  #endif
> -- 
> 2.23.0
>
> _______________________________________________
> notmuch mailing list
> notmuch at notmuchmail.org
> https://notmuchmail.org/mailman/listinfo/notmuch

More information about the notmuch mailing list