From 698c0957d7f7ad6a4461120853102b38a76d0780 Mon Sep 17 00:00:00 2001 From: Koni Marti Date: Fri, 22 Apr 2022 13:38:41 +0200 Subject: [PATCH] pgp: ensure CRLF line endings in pgpmail reader Ensure CRLF line endings in the pgpmail reader. Fix the pgp signature verification for maildir and notmuch. These backends do not return the full message body with CRLF line endings. But the accepted OpenPGP convention is for signed data to end with a sequence (see RFC3156). If this is not the case the signed and transmitted data are considered not the same and thus signature verification fails. Link: https://datatracker.ietf.org/doc/html/rfc3156 Reported-by: Tim Culverhouse Signed-off-by: Koni Marti Tested-by: Tim Culverhouse --- lib/messageview.go | 2 +- worker/lib/parse.go | 11 +++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/lib/messageview.go b/lib/messageview.go index 8db7994..f221fb2 100644 --- a/lib/messageview.go +++ b/lib/messageview.go @@ -69,7 +69,7 @@ func NewMessageStoreView(messageInfo *models.MessageInfo, if usePGP(messageInfo.BodyStructure) { store.FetchFull([]uint32{messageInfo.Uid}, func(fm *types.FullMessage) { - reader := fm.Content.Reader + reader := lib.NewCRLFReader(fm.Content.Reader) pgpReader, err := pgpmail.Read(reader, Keyring, decryptKeys, nil) if err != nil { cb(nil, err) diff --git a/worker/lib/parse.go b/worker/lib/parse.go index 1c0e413..5d95046 100644 --- a/worker/lib/parse.go +++ b/worker/lib/parse.go @@ -1,6 +1,7 @@ package lib import ( + "bufio" "bytes" "errors" "fmt" @@ -271,3 +272,13 @@ func MessageInfo(raw RawMessage) (*models.MessageInfo, error) { Error: parseErr, }, nil } + +// NewCRLFReader returns a reader with CRLF line endings +func NewCRLFReader(r io.Reader) io.Reader { + var buf bytes.Buffer + scanner := bufio.NewScanner(r) + for scanner.Scan() { + buf.WriteString(scanner.Text() + "\r\n") + } + return &buf +}