From 7346d20343b9fa8b192c9a5294b26efac9186c4f Mon Sep 17 00:00:00 2001 From: Koni Marti Date: Fri, 23 Aug 2024 20:12:56 +0200 Subject: gpg: fix signed message encoding Fix the content encoding for GPG-signed messages. To remove the Mime-Version header field for the signed message part, the raw message is parsed with go-message. go-message.Read(), however, decodes the message body as well (i.e. from quoted-printable to UTF8 depending on the Content-Transfer-Encoding header). This means that the msg.Body field now contains the decoded message (it is no longer encoded as quoted-printable). We never encode the message back to the proper Content-Transfer-Encoding. To fix this, use net/mail.ReadMessage() to parse the headers and to not decode the message body. To verify the issue, send a signed message with the following text: "19+1=20!" The message will be properly signed, but the text is wrong; it shows "19+1 !"; instead it should read "19+1=3D20!". Fixes: 5e443bce ("gpg: fix mime-version header position") References: https://todo.sr.ht/~rjarry/aerc/79 Signed-off-by: Koni Marti Tested-by: Jens Grassel Acked-by: Robin Jarry --- lib/crypto/gpg/writer.go | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'lib') diff --git a/lib/crypto/gpg/writer.go b/lib/crypto/gpg/writer.go index caae56bf..c879bc7f 100644 --- a/lib/crypto/gpg/writer.go +++ b/lib/crypto/gpg/writer.go @@ -8,6 +8,7 @@ import ( "fmt" "io" "mime" + "net/mail" "git.sr.ht/~rjarry/aerc/lib/crypto/gpg/gpgbin" "github.com/emersion/go-message" @@ -51,10 +52,11 @@ func (s *Signer) Write(p []byte) (int, error) { } func (s *Signer) Close() (err error) { - msg, err := message.Read(&s.signedMsg) + msg, err := mail.ReadMessage(&s.signedMsg) if err != nil { return err } + header := message.HeaderFromMap(msg.Header) // Make sure that MIME-Version is *not* set on the signed part header. // It must be set *only* on the top level header. // @@ -64,10 +66,10 @@ func (s *Signer) Close() (err error) { // // Since the signature is computed on the whole part, including its // header, changing the case can cause the signature to become invalid. - msg.Header.Del("Mime-Version") + header.Del("Mime-Version") var buf bytes.Buffer - _ = textproto.WriteHeader(&buf, msg.Header.Header) + _ = textproto.WriteHeader(&buf, header.Header) _, _ = io.Copy(&buf, msg.Body) sig, micalg, err := gpgbin.Sign(bytes.NewReader(buf.Bytes()), s.from) -- cgit