banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)

Browse Source
pull/6072/head
Aleksander Machniak 7 years ago
parent ae35ccd2af
commit 4829e2849f
3 changed files with 14 additions and 4 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG
Unescape Escape View File

@ -24,6 +24,7 @@ RELEASE 1.3.1
- Fix bug where messages count was not updated after delete when imap_cache is set (#5872) - Fix bug where messages count was not updated after delete when imap_cache is set (#5872)
- Fix potential XSS vulnerability with malformed HTML message markup - Fix potential XSS vulnerability with malformed HTML message markup
- Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823) - Bring back double-click behavior on the message list which was removed in 1.3.0 (#5823)
- Enigma: Fix decrypting an encrypted+signed message when signature verification fails (#5914)
RELEASE 1.3.0 RELEASE 1.3.0
------------- -------------

4
plugins/enigma/lib/enigma_driver_gnupg.php
Unescape Escape View File

@ -153,7 +153,7 @@ class enigma_driver_gnupg extends enigma_driver
$this->gpg->addDecryptKey($key, $password); $this->gpg->addDecryptKey($key, $password);
} }
$result = $this->gpg->decryptAndVerify($text); $result = $this->gpg->decryptAndVerify($text, true);
if (!empty($result['signatures'])) { if (!empty($result['signatures'])) {
$signature = $this->parse_signature($result['signatures'][0]); $signature = $this->parse_signature($result['signatures'][0]);
@ -463,7 +463,7 @@ class enigma_driver_gnupg extends enigma_driver
{ {
$data = new enigma_signature(); $data = new enigma_signature();
$data->id = $sig->getId(); $data->id = $sig->getId() ?: $sig->getKeyId();
$data->valid = $sig->isValid(); $data->valid = $sig->isValid();
$data->fingerprint = $sig->getKeyFingerprint(); $data->fingerprint = $sig->getKeyFingerprint();
$data->created = $sig->getCreationDate(); $data->created = $sig->getCreationDate();

11
plugins/enigma/lib/enigma_ui.php
Unescape Escape View File

@ -919,7 +919,10 @@ class enigma_ui
$attrib['id'] = 'enigma-message'; $attrib['id'] = 'enigma-message';
if ($sig instanceof enigma_signature) { if ($sig instanceof enigma_signature) {
$sender = ($sig->name ? $sig->name . ' ' : '') . '<' . $sig->email . '>'; $sender = $sig->name ?: '';
if ($sig->email) {
$sender .= ' <' . $sig->email . '>';
}
if ($sig->valid === enigma_error::UNVERIFIED) { if ($sig->valid === enigma_error::UNVERIFIED) {
$attrib['class'] = 'enigmawarning'; $attrib['class'] = 'enigmawarning';
@ -934,8 +937,14 @@ class enigma_ui
} }
else { else {
$attrib['class'] = 'enigmawarning'; $attrib['class'] = 'enigmawarning';
if ($sender) {
$msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('siginvalid'))); $msg = rcube::Q(str_replace('$sender', $sender, $this->enigma->gettext('siginvalid')));
} }
else {
$msg = rcube::Q(str_replace('$keyid', enigma_key::format_id($sig->id),
$this->enigma->gettext('signokey')));
}
}
} }
else if ($sig && $sig->getCode() == enigma_error::KEYNOTFOUND) { else if ($sig && $sig->getCode() == enigma_error::KEYNOTFOUND) {
$attrib['class'] = 'enigmawarning'; $attrib['class'] = 'enigmawarning';

Write Preview
Loading…
Cancel
Save