Page MenuHome GnuPG
Create Task
Maniphest T3863

GpgOL: 3.1.0 Beta might send unencrypted mail even if crypto was selcted
Closed, ResolvedPublic
Actions

Description

As described in T3769 with the log

gpgol-3.1.0 beta38.log20 KBDownload
GpgOL can send unencrypted mail even if crypto was selected. This needs to be fixed before the release.

Relevant log part is:

15:18:19/3948/cryptcontroller.cpp:update_mail_mapi: Inline mail. No MAPI update.
15:18:19/3948/mail.cpp:do_crypt: crypto thread for 040614A8 finished
15:18:19/3948/cryptcontroller.cpp:~CryptController:040614A8
15:18:19/3948/overlay.cpp:~Overlay: Stopping overlay.
15:18:19/8164/windowmessages.cpp:do_async: Do async with type 1107
15:18:19/3948/mail.cpp:update_crypt_oom: Update crypt oom for 040614A8
15:18:19/3948/ERROR/mail.cpp:inline_body_to_body: No crypter.
15:18:19/3948/mail.cpp:update_crypt_oom: Inline body to body failed 040614A8.
15:18:19/3948/mail.cpp:wipe: Removing plaintext from mailitem: 0E6667D0.
15:18:19/3948/mailitem-events.cpp:Invoke: Message 0E6667D0 - No GpgOL Message class after encryption. cls is: 'IPM.Note'
15:18:19/3948/mailitem-events.cpp:Invoke: Message 0E6667D0 - Activating T3656 Workaround

It seems to be a combination of the T3656 workaround together with an inline mail.

Details

Version
3.1.0-beta38

Revisions and Commits

rO GpgOL
rOe67c03636889 Add bug error if body_to_body failed
rO4c5eed308829 Fix sending PGP/Inline synchronously
rO9d10ff22928a Add safety check to prevent unencrypted send
rOa80c7502c45b Don't carry around inline crypt state twice

Related Objects
Search...

Event Timeline

aheinecke created this task.Mar 26 2018, 8:22 AM
aheinecke mentioned this in T3769: GPG messages with empty content / not decrypted in Outlook 2010.
aheinecke added a comment.Mar 26 2018, 10:51 AM

It's two bugs working hand in hand here.

  1. When sending a PGP/Inline mail the cryptcontroller is removed too early. This results in an error when replacing the plaintext of a a mail with the encrypted content.
  1. Then the necessity for the T35656 workaround is wrongly detected. This workaround should only be enabled with PGP MIME mails. As this codepath should only be triggered when a PGP/MIME (or S/MIME) encryption happend it bypasses our saveguards to check for plaintext in the sent mail and results in the plaintext beeing sent.

I will fix it in a way that even if 1 and 2 happen as they are now happening the error would be detected. Then I will fix both 1 and 2.

aheinecke added a parent task: T3742: Gpg4win 3.1.0.Mar 26 2018, 10:52 AM
aheinecke added a parent task: T3864: Gpg4win-3.1.0 Release blocker.Mar 26 2018, 10:55 AM
aheinecke added a commit: rOa80c7502c45b: Don't carry around inline crypt state twice.Mar 26 2018, 5:58 PM
aheinecke added a commit: rO9d10ff22928a: Add safety check to prevent unencrypted send.
aheinecke added a commit: rOe67c03636889: Add bug error if body_to_body failed.
aheinecke added a commit: rO4c5eed308829: Fix sending PGP/Inline synchronously.
aheinecke changed the task status from Open to Testing.Mar 26 2018, 6:04 PM

rO4c5eed308829 fixes this.

I've also added some additional error handling code and safeguards to prevent this in the future.

Worst case a message box should pop that informs the user that a Bug or Error occured in GpgOL but the unencrypted mail should not be sent under any circumstance.

aheinecke mentioned this in T3875: Sending signed mail fails repeatedly.Apr 4 2018, 9:31 AM
aheinecke added a comment.Apr 13 2018, 11:20 AM

3.1.0 is released and this issue is to our knowledge fixed.

aheinecke closed this task as Resolved.Apr 13 2018, 11:20 AM