Thunderbird OpenPGP passes truncated data block to RNP when verifying UTF-8 clear signed text
Categories
(MailNews Core :: Security: OpenPGP, defect, P1)
Tracking
(thunderbird_esr78+ fixed, thunderbird84 affected)
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
Attachments
(1 file)
47 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-beta-
wsmwk
:
approval-comm-esr78+
|
Details | Review |
If we're processing a message that contains UTF-8 data, our conversion code from JS strings to ctypes data buffers is incorrect.
The conversion incorrectly uses the character length of the JS string, instead of the length after converting an UTF-8 string to a byte buffer.
Consequently a short data buffer is given to RNP, and the processing fails.
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/3b35e465086d
Truncated data block passed to RNP when verifying UTF-8 clear signed text. r=mkmelin
Updated•3 years ago
|
Pushed by mkmelin@iki.fi: https://hg.mozilla.org/comm-central/rev/31da0d03aa5f followup - fix linting. rs=eslint DONTBUILD
Assignee | ||
Comment 4•3 years ago
|
||
Comment on attachment 9190272 [details]
Bug 1679756 - Truncated data block passed to RNP when verifying UTF-8 clear signed text. r=mkmelin
[Approval Request Comment]
Regression caused by (bug #): no
User impact if declined: many OpenPGP messages shown with incorrect message status
Testing completed (on c-c, etc.):
Risk to taking this patch (and alternatives if risky): low
Comment 5•3 years ago
|
||
Comment on attachment 9190272 [details]
Bug 1679756 - Truncated data block passed to RNP when verifying UTF-8 clear signed text. r=mkmelin
[Triage Comment]
This won't reach beta via uplift, unfortunately.
Approved for esr78
Assignee | ||
Comment 6•3 years ago
|
||
Description
•