Closed Bug 1725033 Opened 3 years ago Closed 3 years ago

OpenPGP key attached multiple times when message is forwarded or edited as new

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 91
Type:
defect

Tracking

(thunderbird_esr91+ fixed, thunderbird92+ wontfix)

Status:
RESOLVED FIXED
Milestone:
93 Branch
Tracking Flags:
Tracking Status
thunderbird_esr91 + fixed
thunderbird92 + wontfix

People

(Reporter: u592880, Assigned: lasana)

References

Details

Attachments

(1 file, 1 obsolete file)

Bug 1725033 - Do not duplicate public key attachment when forwarding signed messages. r=mkmelin
48 bytes, text/x-phabricator-request
wsmwk
: approval-comm-esr91+
Details | Review

User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Steps to reproduce:

  1. set up OpenPGP and use the key to sign messages (done by default).
  2. send message.
  3. go to sentbox, select message sent at step 2, and either forward or "edit as new message"

Actual results:

Whether the message is forwarded or edited as new, the OpenPGP key is automatically re-added to the message, and then added again upon sending the forwarded/new message.

Expected results:

Thunderbird should have seen that the key is already present and prevented its multiple inclusion.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core
Blocks: tb91found

The code around here should check if the same filename was already in there before adding. If it is, just skip adding it once more.
https://searchfox.org/comm-central/rev/2372e390f3b6add0f2b3530964472fa0e2e4463c/mail/extensions/openpgp/content/ui/enigmailMsgComposeOverlay.js#863

Assignee: nobody → lasana
Status: UNCONFIRMED → NEW
Ever confirmed: true

Seems like there is already a check for duplicate attachments here :
https://searchfox.org/comm-central/source/mail/components/compose/content/MsgComposeCommands.js#6692

It checks the file url which is different in this case. On my machine I see /tmp/key.asc for the new attachement and /tmp.nsmail.asc for the previous one. I vote we modify this to also check the content type, and file name instead.

Status: NEW → ASSIGNED
Attachment #9236663 - Attachment is obsolete: true
Keywords: checkin-needed-tb
Target Milestone: --- → 93 Branch

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/1902bce264de
Do not duplicate public key attachment when forwarding signed messages. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED

Time for uplift requests?

Flags: needinfo?(lasana)

Updated to latest beta version and this is still happening, with messages either forwarded or edited as new. Since this was marked as resolved before the update, I am not sure whether it should already have shipped in the latest beta.

It's not yet on beta (92) as you can see from the flags above: thunderbird92: affected

I don't think this needs to be rushed.

Flags: needinfo?(lasana)

Comment on attachment 9236679 [details]
Bug 1725033 - Do not duplicate public key attachment when forwarding signed messages. r=mkmelin

[Triage Comment]
Approved for esr91 (preemptively, since I happened to be here)

lasana, please NI rob if you don't want this uplifted yet)

Flags: needinfo?(lasana)
Attachment #9236679 - Flags: approval-comm-esr91+

Should be ok to uplift. Why not to beta first?

Flags: needinfo?(lasana)

It's already in beta now that beta is 93.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: