Thunderbird OpenPGP passes truncated data block to RNP when verifying UTF-8 clear signed text
Categories
(MailNews Core :: Security: OpenPGP, defect, P1)
Tracking
(thunderbird_esr78+ fixed, thunderbird84 affected)
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
|
47 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-beta-
wsmwk
:
approval-comm-esr78+
|
Details | Review |
If we're processing a message that contains UTF-8 data, our conversion code from JS strings to ctypes data buffers is incorrect.
The conversion incorrectly uses the character length of the JS string, instead of the length after converting an UTF-8 string to a byte buffer.
Consequently a short data buffer is given to RNP, and the processing fails.
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 1•3 years ago
|
||
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/3b35e465086d
Truncated data block passed to RNP when verifying UTF-8 clear signed text. r=mkmelin
|
||
Updated•3 years ago
|
Pushed by mkmelin@iki.fi: https://hg.mozilla.org/comm-central/rev/31da0d03aa5f followup - fix linting. rs=eslint DONTBUILD
|
|
Assignee | |
Comment 4•3 years ago
|
||
Comment on attachment 9190272 [details]
Bug 1679756 - Truncated data block passed to RNP when verifying UTF-8 clear signed text. r=mkmelin
[Approval Request Comment]
Regression caused by (bug #): no
User impact if declined: many OpenPGP messages shown with incorrect message status
Testing completed (on c-c, etc.):
Risk to taking this patch (and alternatives if risky): low
|
||
Comment 5•3 years ago
|
||
Comment on attachment 9190272 [details]
Bug 1679756 - Truncated data block passed to RNP when verifying UTF-8 clear signed text. r=mkmelin
[Triage Comment]
This won't reach beta via uplift, unfortunately.
Approved for esr78
|
|
Assignee | |
Comment 6•3 years ago
|
||
Description
•