Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)

When composing mail (on reply/forward/edit) we decrypt content only
in the first "content part" of the message.
pull/6841/head
Aleksander Machniak 6 years ago
parent 8b649420ff
commit de25226d31

@ -4,6 +4,7 @@ CHANGELOG Roundcube Webmail
- Managesieve: Fix so "Create filter" option does not show up when Filters menu is disabled (#6723)
- Enigma: Fix bug where revoked users/keys were not greyed out in key info
- Enigma: Fix error message when trying to encrypt with a revoked key (#6607)
- Enigma: Fix "decryption oracle" bug [CVE-2019-10740] (#6638)
- Fix bug where bmp images couldn't be displayed on some systems (#6728)
- Fix bug in parsing vCard data using PHP 7.3 due to an invalid regexp (#6744)

@ -369,17 +369,36 @@ class enigma_engine
*/
function part_structure($p, $body = null)
{
static $got_content = false;
// Prevent from "decryption oracle" [CVE-2019-10740] (#6638)
// On mail compose (edit/reply/forward) we support encrypted content only
// in the first "content part" of the message.
if ($got_content && $this->rc->task == 'mail' && $this->rc->action == 'compose') {
return;
}
// Don't be tempted to support encryption in text/html parts
// Because of EFAIL vulnerability we should never support this (#6289)
if ($p['mimetype'] == 'text/plain' || $p['mimetype'] == 'application/pgp') {
$this->parse_plain($p, $body);
$got_content = true;
}
else if ($p['mimetype'] == 'multipart/signed') {
$this->parse_signed($p, $body);
$got_content = true;
}
else if ($p['mimetype'] == 'multipart/encrypted') {
$this->parse_encrypted($p);
$got_content = true;
}
else if ($p['mimetype'] == 'application/pkcs7-mime') {
$this->parse_encrypted($p);
$got_content = true;
}
else {
$got_content = $p['structure']->type === 'content';
}
return $p;

Loading…
Cancel
Save