Page MenuHome GnuPG
Create Task
Maniphest T1251

GPGOL creates broken attachments in Outlook 2007
Closed, ResolvedPublic
Actions

Description

[This might be a duplicate of Issue1110 but I found no way to add a comment]

I'm using the latest Gpg4win featuring GPGOL 1.1.1. Outlook is from Office 2007
Professional, Operatingsystem is Windows XP.

Issue:
Attachments encrypted using GPGOL 1.1.1 are broken.

Steps to reproduce:

  1. Create a file test.txt, add line "testcontent", use 7zip to create a

test.txt.zip file.

  1. Use Outlook to send this file to yourself using GPGOL.
  2. Decrypt and save attachment
  3. The original file and the received attachment are different.

Additional Details:

Original file dump:
PK^C^D
^@^@^@^@^@!<A1><ED><^D<D0>/
<90>^K^@^@^@^K^@^@^@^H^@^@^@test.txttestcontentPK^A^B^T^@
^@^@^@^@^@!<A1><ED><^D<D0>/<90>^K^@^@^@^K^@^@^@^H^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@test.txtPK^E^F^@^@^@^@^A^@^A^@6^@^@^@1^@^@^@^@^@

Decrypted file dump:
PK^CPK^C^D
^@^@^@^@^@!<A1><ED><^D<D0>/
<90>^K^@^@^@^K^@^@^@^H^@^@^@test.txttestcontentPK^A^B^T^@
^@^@^@^@^@!<A1><ED><^D<D0>/<90>^K^@^@^@^K^@^@^@^H^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@test.txtPK^E^F^@^@^@^@^A^@^A^@6^@^@^@1^@^@^@^@^@

Additional characters are added to the first line. In another test using a 3 MB
file other characters had been added close to the end of the file (at byte
position -780).

In both cases 3 bytes. Looks like it just repeated these bytes:

Example from above:

Original : PK^C    ^D
Decrypted: PK^CPK^C^D
"PK^C" is repeated

Other test with 3 MB zip-file:

Original : PK^A^B^T^@^T      ^@^@^@^H
Decrypted: PK^A^B^T^@^T^T^@^T^@^@^@^H
"^T^@^T" is repeated

More observations:

  • Attachments decrypted using Linux/mutt/gnupg are broken too (this is the

reason why I believe the encryption is broken, rather than the decryption!).

  • Outlook 2007 Prof on Windows 7 crashes on receiving these attachments (at

least once), on XP it doesn't.

  • The attachment from the email in my sent folder is broken, too.
  • Non-binary files don't seem to be affected (10k ascii public key file)
  • Sending multiple attachments using the same file affects each the same way
  • Other files (1 MB Word-file, 600k zip-file) weren't affected (I see no

pattern in what is and what is not affected).

Cheers,
Christoph

Details

Version
1.1.1

Related Objects

Event Timeline

christoph added projects: gpgol, Bug Report.Jul 13 2010, 9:20 PM
christoph set Version to 1.1.1.
christoph added a subscriber: christoph.
bernhard mentioned this in T1110: Outlook2007 crashes after opening attachments of an encrypted message.Mar 30 2017, 7:11 PM
bernhard added a subscriber: bernhard.Jul 26 2010, 9:50 AM

I believe we have two seperate issues
here, though of course they might be caused by the same defect.

However T1110 even crashes on correct attachements created by Kmail
and T1251 leads to attachments that even mutt cannot decrypt.

bernhard assigned this task to werner.Jul 26 2010, 9:50 AM
bernhard added subscribers: emanuel, werner.
werner removed werner as the assignee of this task.Aug 2 2010, 10:47 AM
werner added a comment.Dec 23 2011, 4:51 PM

issue1110 is now used to track the second problems (Outlook crashes).

werner added a comment.Dec 23 2011, 8:21 PM

commit 9373fd75 fixes this data corruption during encryption and signing.

That extra write was plainly wrong. I have no idea, how it slipped
in. The error comes up with attachments of certain lengths. For
example with a file length of 13859 bytes.

  • src/mimemaker.c (write_b64): Remove a stupid buffer write of 4

bytes.

werner added a project: In Progress.Dec 23 2011, 8:21 PM
werner closed this task as Resolved.Dec 27 2011, 3:49 PM
werner claimed this task.

A new release has been made.

The new gpgol DLL is available at
ftp://ftp.g10code.com/g10code/gpgol/gpgol-1.1.3.dll
and a signature for that file at
ftp://ftp.g10code.com/g10code/gpgol/gpgol-1.1.3.dll.sig

Please download them, check with gpg that the signature is correct and
replace the gpgol.dll in the GNU/GnuPG installation directory with the
new DLL. You need to rename the new DLL to gpgol.dll .

Source tarballs are available as well; the GIT repo is at
http://git.gnupg.org/cgi-bin/gitweb.cgi?p=gpgol.git .

werner removed a project: In Progress.Dec 27 2011, 3:49 PM
bernhard added a comment.Jun 24 2013, 2:44 PM

For completeness, this fix has been published as part of the regular Gpg4win
releases since 2.1.1-beta1. It is also included in 2.1.1. There is no need to
download the dll directly, just move to the recent Gpg4win version.

bernhard reopened this task as Open.Jun 24 2013, 2:44 PM
bernhard closed this task as Resolved.