Tickets :: [#10809] Bug in decrypting PGP-messages in imp

6.0.0-beta1

7/15/25

Summary	Bug in decrypting PGP-messages in imp
Queue	IMP
Queue Version	5.0.15
Type	Bug
State	Resolved
Priority	2. Medium
Owners	slusarz (at) horde (dot) org
Requester	stephan (at) admin (dot) nabira (dot) de
Created	11/29/2011 (4977 days ago)
Due
Updated	12/07/2011 (4969 days ago)
Assigned	11/30/2011 (4976 days ago)
Resolved	12/07/2011 (4969 days ago)
Github Issue Link
Github Pull Request
Milestone
Patch	No

12/07/2011 01:54:22 PM	stephan (at) admin (dot) nabira (dot) de	Comment #14	Reply to this comment
[Show Quoted Text - 9 lines][Hide Quoted Text] Two problems here. First, the MIME structure of the embedded signed part was causing an off-by-one error with our MIME parsing code, so it was skipping the first part. This has been fixed. Second, Claws Mail sends broken embedded signed data - it mixes the line endings which will confusing MIME parsing. Workaround this issue by normalizing to CRLF endings at parse time. Thank you very much for the quick response und resolution!

12/07/2011 02:59:54 AM	Michael Slusarz	Comment #13 Assigned to Michael Slusarz State ⇒ Resolved	Reply to this comment
Two problems here. First, the MIME structure of the embedded signed part was causing an off-by-one error with our MIME parsing code, so it was skipping the first part. This has been fixed. Second, Claws Mail sends broken embedded signed data - it mixes the line endings which will confusing MIME parsing. Workaround this issue by normalizing to CRLF endings at parse time.

12/07/2011 02:57:33 AM	Git Commit	Comment #12	Reply to this comment
Changes have been made in Git for this ticket: [mms] Workaround broken PGP signed data contained within encrypted parts (~~Bug #10809~~). This is significant enough to warrant bumping Horde_Mime dependency to the latest version. 2 files changed, 5 insertions(+), 1 deletions(-) http://git.horde.org/horde-git/-/commit/4bea0d28348935429544066ab2c03ba0d03ac41a

12/07/2011 02:57:30 AM	Git Commit	Comment #11	Reply to this comment
Changes have been made in Git for this ticket: [mms] Workaround incoming message data to Horde_Mime_Part::getRawPartText() that contains varying EOL characters (~~Bug #10809~~). 2 files changed, 8 insertions(+), 0 deletions(-) http://git.horde.org/horde-git/-/commit/1ddfb442e3eeb4bb2c357b07f9ab0873228b19ad

12/07/2011 02:57:24 AM	Git Commit	Comment #10	Reply to this comment
Changes have been made in Git for this ticket: [mms] Fix detection of MIME boundaries at beginning of string (~~Bug #10809~~). 2 files changed, 10 insertions(+), 2 deletions(-) http://git.horde.org/horde-git/-/commit/6dc3d20b5c4f96e0ec5a266719753f2032469c20

12/06/2011 09:56:21 PM	stephan (at) admin (dot) nabira (dot) de	Comment #9 New Attachment: horde_debug.txt	Reply to this comment
I can't be sure until you provide the message source of the decrypted message. Easiest way is to do this on line 283 of imp/lib/Mime/Viewer/Pgp.php: Horde::debug($decrypted_data->message); And post the output here (redacting any sensitive data). Here it comes. Anything else you need? I have similar (but slightly different since the error message is: "Die Daten in diesem Nachrichtenteil wurden mit PGP digital signiert. gpg: verify signatures failed: Unerwartete Daten") problems with all messages I created via enigmail 1.3.3 with Thunderbird 8.0. I didn't test other clients, but the message I reported about originally and this debug is correlated to is from another client. Thanks for your help.

12/06/2011 08:14:02 AM	Michael Slusarz	Comment #8	Reply to this comment
The error becomes manifest on line 378 in file imp/lib/Mime/Viewer/Pgp.php where getMetadata() fails since the variable the should be a Horde_Mime_Part is NULL. This is the case since $this->getConfigParam('imp_contents')->getMIMEPart($sig_id); results NULL a few lines before. Here's what I see. You have a PGP encrypted message. It looks like this: (0) multipart/encrypted 1 application/pgp-encrypted 2 application/octet-stream So far, so good. IMP correctly decrypts the data. When we do this, we create a "virtual" MIME part - Part ID 3. We need to do this because the encrypted data is itself a MIME part, and we need to send this data through our viewing system to be parsed. Sure enough, the encrypted part is PGP signed. So our message now (should) look like this: (0) multipart/encrypted 1 application/pgp-encrypted 2 application/octet-stream (3) multipart/signed (3.1) [Message Data] (3.2) application/pgp-signature BUT the problem with your message is that it appears that (3.1) is completely missing. In other words, multipart/signed requires 2 parts but your message only contains one. So that's why part ID 3.2 can't be found - it doesn't exist. And if it doesn't exist, that means that your PGP message is broken (it looks like your message contains pgp-signature data but no message data). I can't be sure until you provide the message source of the decrypted message. Easiest way is to do this on line 283 of imp/lib/Mime/Viewer/Pgp.php: Horde::debug($decrypted_data->message); And post the output here (redacting any sensitive data). --- Horde::debug() documentation: http://wiki.horde.org/Doc/Dev/DebugH4

12/05/2011 10:36:49 AM	stephan (at) admin (dot) nabira (dot) de	Comment #7	Reply to this comment
I had not as much time as I would have liked to investigate, but at least I know this by now: The error becomes manifest on line 378 in file imp/lib/Mime/Viewer/Pgp.php where getMetadata() fails since the variable the should be a Horde_Mime_Part is NULL. This is the case since $this->getConfigParam('imp_contents')->getMIMEPart($sig_id); results NULL a few lines before. I inserted the following line for more information about the object involved: Horde::logMessage('Variable: ' . $sig_id . ' - ' . var_export( $this->getConfigParam('imp_contents')->getTree() , true ) , Horde_Log::NOTICE); This logs as follows: 2011-12-04T23:20:42+00:00 NOTICE: HORDE [imp] Variable: 3.2 - Horde_Core_Tree_Html::__set_state(array( '_images' => array ( 'line' => 1, 'blank' => '', 'join' => 2, 'join_bottom' => 4, 'join_top' => 3, 'plus' => 10, 'plus_bottom' => 11, 'plus_only' => 12, 'minus' => 6, 'minus_bottom' => 7, 'minus_only' => 8, 'null_only' => 13, 'folder' => 14, 'folderopen' => 15, 'leaf' => 16, ), '_node_pos' => array ( ), '_dropline' => array ( ), '_altCount' => 0, '_allowed' => array ( 0 => 'class', 1 => 'icon', 2 => 'iconalt', 3 => 'iconopen', 4 => 'url', 5 => 'urlclass', 6 => 'title', 7 => 'target', ), '_instance' => 'mime-44', '_header' => array ( ), '_nodes' => array ( 0 => array ( 'label' => 'Encrypted-Nachrichtenteil (4 KB) ', 'expanded' => true, 'class' => 'partsTreeDiv', 'icon' => '/horde/themes/silver/graphics/mime/encryption.png', 'children' => array ( 0 => '1', 1 => '2', 2 => '3', ), ), 1 => array ( 'label' => 'Pgp-encrypted-Nachrichtenteil (1 KB) <a href="/horde/services/download/?module=imp&actionID=download_attach&id=1&uid=44&mailbox=SU5CT1guWjpLZWVw&fn=%2F" class="iconImg downloadAtc" target="view_c5a5646e66de90e04d5d253f906b4fce" title="Herunterladen"></a>', 'expanded' => true, 'class' => 'partsTreeDiv', 'icon' => '/horde/themes/silver/graphics/mime/encryption.png', ), 2 => array ( 'label' => '<a onclick="void(Horde.popup(\'%7B%22url%22%3A%22%5C%2Fhorde%5C%2Fimp%5C%2Fview.php%22%2C%22menu%22%3A1%2C%22params%22%3A%22autodetect%3D1%26actionID%3Dview_attach%26id%3D2%26uid%3D44%26mailbox%3DSU5CT1guWjpLZWVw%22%7D\'));" title="Octet-stream-Nachrichtenteil anzeigen">Octet-stream-Nachrichtenteil</a> (3 KB) <a href="/horde/services/download/?module=imp&actionID=download_attach&id=2&uid=44&mailbox=SU5CT1guWjpLZWVw&fn=%2F" class="iconImg downloadAtc" target="view_810784d836d921f732433c9718a05812" title="Herunterladen"></a>', 'expanded' => true, 'class' => 'partsTreeDiv', 'icon' => '/horde/themes/silver/graphics/mime/binary.png', ), 3 => array ( 'label' => 'Signed-Nachrichtenteil (1 KB) ', 'expanded' => true, 'class' => 'partsTreeDiv', 'icon' => '/horde/themes/silver/graphics/mime/encryption.png', 'children' => array ( 0 => '3.1', ), ), '3.1' => array ( 'label' => 'signature.asc (1 KB) <a href="/horde/services/download/?module=imp&actionID=download_attach&id=3.1&uid=44&mailbox=SU5CT1guWjpLZWVw&fn=%2Fsignature.asc" class="iconImg downloadAtc" target="view_8b128f6be45facb705df7d8b586fa4af" title="Herunterladen"></a>', 'expanded' => true, 'class' => 'partsTreeDiv', 'icon' => '/horde/themes/silver/graphics/mime/encryption.png', ), ), '_root_nodes' => array ( 0 => '0', ), '_colsLeft' => 0, '_colsRight' => 0, '_options' => array ( 'lines' => true, 'nosession' => true, ), '_sortCriteria' => NULL, '_static' => false, )) Do you have any idea why the MIMEpart may not exist? Here the source of the message for reference: Return-Path: <bjoern.wiedersheim@uni-ulm.de> Received: ... by poseidon (Cyrus v2.3.14) with LMTPA; Wed, 20 Oct 2010 12:30:41 +0200 X-Sieve: CMU Sieve 2.3 Received: from stella ... by ... (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT) for <stephan.kleber@... Date: Wed, 20 Oct 2010 12:30:35 +0200 From: ... To: Stephan Kleber <stephan.kleber@... Subject: ... Message-ID: <20101020123035.19c23241@stella> Organization: =?ISO-8859-1?B?VW5pdmVyc2l05HQ=?= Ulm X-Mailer: Claws Mail 3.7.4 (GTK+ 2.20.1; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/encrypted; boundary="Encrypt_/tBF.7GiOGOrrodg9BGSUSXM"; protocol="application/pgp-encrypted" X-DCC-dmv.com-Metrics: poseidon 1181; Body=1 Fuz1=1 X-Virus-Scanned: by amavisd-new --Encrypt_/tBF.7GiOGOrrodg9BGSUSXM Content-Type: application/pgp-encrypted Version: 1 --Encrypt_/tBF.7GiOGOrrodg9BGSUSXM Content-Type: application/octet-stream -----BEGIN PGP MESSAGE----- Version: GnuPG v1.4.10 (GNU/Linux) ... -----END PGP MESSAGE----- --Encrypt_/tBF.7GiOGOrrodg9BGSUSXM--

12/02/2011 09:31:51 PM	Michael Slusarz	Comment #6	Reply to this comment
That sounds more constructive. It will take until the weekend before I will have the time to investigate, but I am willing and able - I think - to debug, at least to a certain degree. I certainly will need your expertise to solve the issue, though. This is always the case. If a developer can't reproduce the issue, the understanding is that the original reporter needs to provide, at a minimum, detailed instructions to reproduce or, better yet, debugging to the point where you can point to a developer exactly why the code is breaking. We are not asking for a full patch. But if a developer can't reproduce, they are never going to look at the ticket again. It is extremely difficult to fix something that isn't broken.

12/01/2011 01:26:07 AM	stephan (at) admin (dot) nabira (dot) de	Comment #5	Reply to this comment
... relies on the original reporter. If you are unable/unwilling to do this, we will have to close the ticket since, as mentioned, a developer can not reproduce. That sounds more constructive. It will take until the weekend before I will have the time to investigate, but I am willing and able - I think - to debug, at least to a certain degree. I certainly will need your expertise to solve the issue, though. I appreciate your work and help, but I have to admit, sometimes I have the impression you are a bit aggravated on seamingly minor issues. I hope we can solve this together.

11/30/2011 05:17:59 PM	Jan Schneider	State ⇒ Feedback

11/29/2011 09:25:19 PM	Michael Slusarz	Comment #4	Reply to this comment
How can I help track down the issue? You need to debug the code and determine where it is failing. PGP encrypted messages are notoriously difficult for developers to debug since we can not debug a copy of the message source. It really relies on the original reporter. If you are unable/unwilling to do this, we will have to close the ticket since, as mentioned, a developer can not reproduce.

11/29/2011 10:05:21 AM	stephan (at) admin (dot) nabira (dot) de	Comment #3	Reply to this comment
Can't reproduce. I believe you. Nevertheless is this comment not helpful. Do you suggest I phantasize? How can I help track down the issue?

11/29/2011 08:40:34 AM	Michael Slusarz	Comment #2	Reply to this comment
Can't reproduce.

11/29/2011 03:47:31 AM	stephan (at) admin (dot) nabira (dot) de	Comment #1 Priority ⇒ 2. Medium State ⇒ Unconfirmed Patch ⇒ No Milestone ⇒ Queue ⇒ IMP Summary ⇒ Bug in decrypting PGP-messages in imp Type ⇒ Bug	Reply to this comment
I noticed that I get an error when trying to decrypt a PGP-encrypted message. In imp-dynamic when clicking on "Sie müssen das Passwort für Ihren privaten PGP-Schlüssel angeben, um diese Nachricht lesen zu können." I get a red notification saying "Fehler während der Kommunikation mit dem Server." Sometimes - indeterminately - not even any error message is displayed or logged, but the AJAX-Loading-Circle is showing forever. In imp-traditional I get a completely empty page and either way the following log entry in php-error-log (no entry in horde log): [29-Nov-2011 04:23:38] PHP Fatal error: Call to a member function getMetadata() on a non-object in /var/www-ssl/horde4/imp/lib/Mime/Viewer/Pgp.php on line 378