Page MenuHome GnuPG

GpgOL: 3.1.0 Beta might send unencrypted mail even if crypto was selcted
Closed, ResolvedPublic

Description

As described in T3769 with the log

GpgOL can send unencrypted mail even if crypto was selected. This needs to be fixed before the release.

Relevant log part is:

15:18:19/3948/cryptcontroller.cpp:update_mail_mapi: Inline mail. No MAPI update.
15:18:19/3948/mail.cpp:do_crypt: crypto thread for 040614A8 finished
15:18:19/3948/cryptcontroller.cpp:~CryptController:040614A8
15:18:19/3948/overlay.cpp:~Overlay: Stopping overlay.
15:18:19/8164/windowmessages.cpp:do_async: Do async with type 1107
15:18:19/3948/mail.cpp:update_crypt_oom: Update crypt oom for 040614A8
15:18:19/3948/ERROR/mail.cpp:inline_body_to_body: No crypter.
15:18:19/3948/mail.cpp:update_crypt_oom: Inline body to body failed 040614A8.
15:18:19/3948/mail.cpp:wipe: Removing plaintext from mailitem: 0E6667D0.
15:18:19/3948/mailitem-events.cpp:Invoke: Message 0E6667D0 - No GpgOL Message class after encryption. cls is: 'IPM.Note'
15:18:19/3948/mailitem-events.cpp:Invoke: Message 0E6667D0 - Activating T3656 Workaround

It seems to be a combination of the T3656 workaround together with an inline mail.

Details

Version
3.1.0-beta38

Event Timeline

It's two bugs working hand in hand here.

  1. When sending a PGP/Inline mail the cryptcontroller is removed too early. This results in an error when replacing the plaintext of a a mail with the encrypted content.
  1. Then the necessity for the T35656 workaround is wrongly detected. This workaround should only be enabled with PGP MIME mails. As this codepath should only be triggered when a PGP/MIME (or S/MIME) encryption happend it bypasses our saveguards to check for plaintext in the sent mail and results in the plaintext beeing sent.

I will fix it in a way that even if 1 and 2 happen as they are now happening the error would be detected. Then I will fix both 1 and 2.

aheinecke changed the task status from Open to Testing.Mar 26 2018, 6:04 PM

rO4c5eed308829 fixes this.

I've also added some additional error handling code and safeguards to prevent this in the future.

Worst case a message box should pop that informs the user that a Bug or Error occured in GpgOL but the unencrypted mail should not be sent under any circumstance.

3.1.0 is released and this issue is to our knowledge fixed.