[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mutt-dev
Subject:    Re: [PATCH] Incorrect handling of pgp decryption
From:       "Kevin J. McCarthy" <kevin () 8t8 ! us>
Date:       2020-07-29 18:42:22
Message-ID: 20200729184222.GF148859 () afu ! lan
[Download RAW message or body]


On Wed, Jul 29, 2020 at 07:22:24PM +0200, sachamutt@s0c4.net wrote:
> today, after a great desperation with my PGP setup and pgp_decrypt_command, I have \
> noticed bug(?) in pgp.c when handling return value of pgp_check_decryption_okay(). 
> From the mentioned function comments, and from usage on line 564, I think we are \
> good for rc=-2 and above, yet on line 1011 we are considering the function failed \
> for rc<0. With my one-line patch, mutt is again decrypting messages as expected.

I'm not officially here, but a quick NAK on this patch.

The 564 checks are for inline "BEGIN PGP MESSAGE" blocks, and display a 
status message if the MESSAGE is in fact not an encrypted block.  The 
comments there explain this pretty clearly.

The 1011 checks are for PGP/MIME, and they protect against spoofing.

Use the contrib/gpg.rc file.  If you don't use that, or don't care about 
spoofed encryption then feel free to unset 
$pgp_check_gpg_decrypt_status_fd and the fallback $pgp_decryption_okay; 
but the patch is incorrect.

-- 
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C  5308 ADEF 7684 8031 6BDA


["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]