GNU bug report logs - #40397
28.0.50; epg decrypt does not verify signed content in smime encrypted and signed message

Previous Next

Packages: gnus, emacs;

Reported by: Sebastian Fieber <sebastian.fieber <at> web.de>

Date: Thu, 2 Apr 2020 23:38:03 UTC

Severity: normal

Tags: patch

Found in version 28.0.50

Fixed in version 29.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #32 received at 40397 <at> debbugs.gnu.org (full text, mbox):

From: Noam Postavsky <npostavs <at> gmail.com>
To: Sebastian Fieber <sebastian.fieber <at> web.de>
Cc: 40397 <at> debbugs.gnu.org
Subject: Re: bug#40397: 28.0.50;
 epg decrypt does not verify signed content in smime
Date: Sun, 19 Apr 2020 08:16:10 -0400

As I mentioned previously, I'm not really familiar enough with the code
to give a proper review, but I have a couple of minor comments.

Sebastian Fieber <sebastian.fieber <at> web.de> writes:

> +               (setq intermediate-result (cons (car ctl) (list intermediate-result))))

Or just

    (setq intermediate-result (list (car ctl) intermediate-result))

> @@ -1672,17 +1701,27 @@ mm-possibly-verify-or-decrypt
> -      (with-temp-buffer
> -	(when (and (cond
> -		    ((eq mm-decrypt-option 'never) nil)
> -		    ((eq mm-decrypt-option 'always) t)
> -		    ((eq mm-decrypt-option 'known) t)
> -		    (t (y-or-n-p
> -			(format "Decrypt (S/MIME) part? "))))
> -		   (mm-view-pkcs7 parts from))
> -	  (goto-char (point-min))
> -	  (insert "Content-type: text/plain\n\n")
> -	  (setq parts (mm-dissect-buffer t)))))
> +      (add-text-properties 0 (length (car ctl))
> +			   (list 'buffer (car parts))
> +			   (car ctl))
> +      (let* ((smime-type (cdr (assoc 'smime-type ctl)))
> +             (envelope-p (string= smime-type "enveloped-data"))
> +             (decrypt-or-sign-option (if envelope-p
> +                                         mm-decrypt-option
> +                                       mm-verify-option))
> +             (question (if envelope-p
> +                           "Decrypt (S/MIME) part? "
> +                         "Verify signed (S/MIME) part? ")))
> +        (with-temp-buffer
> +	  (when (and (cond
> +		      ((eq decrypt-or-sign-option 'never) nil)
> +		      ((eq decrypt-or-sign-option 'always) t)
> +		      ((eq decrypt-or-sign-option 'known) t)
> +		      (t (y-or-n-p
> +			  (format question)))))
> +	    (mm-view-pkcs7 parts from)
> +	    (goto-char (point-min))
> +	    (setq parts (mm-dissect-buffer t))))))

You moved the 'mm-view-pkcs7' call out of the condition.  If that was on
purpose, then you should remove the 'and', since it's now redundant.
This bug report was last modified 3 years and 208 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.