Closed Bug 1749391 Opened 3 years ago Closed 3 years ago

Recursion in OpenPGP password code, RNP callback

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(thunderbird_esr91 wontfix)

Status:
RESOLVED FIXED
Milestone:
98 Branch
Tracking Flags:
Tracking Status
thunderbird_esr91 --- wontfix

People

(Reporter: KaiE, Assigned: KaiE)

Details

Attachments

(1 file, 2 obsolete files)

Bug 1749391 - Fix a recursion in OpenPGP password callback (v3). r=mkmelin
48 bytes, text/x-phabricator-request
Details | Review

While running automated tests, I noticed the following JS error on the console:

 0:38.39 GECKO(28623) JavaScript error: chrome://openpgp/content/modules/RNPLib.jsm, line 578: Error: Got null OpenPGP password
 0:38.39 GECKO(28623) [init_encrypted_src() /home/user/moz/commcent/mozilla/comm/third_party/rnp/src/librepgp/stream-parse.cpp:2080] failed to obtain decrypting key or password
 0:38.39 GECKO(28623) console.debug: "rnp_op_verify_execute returned unexpected: 301989892"
 0:38.40 INFO Console message: [JavaScript Error: "Error: Got null OpenPGP password" {file: "chrome://openpgp/content/modules/RNPLib.jsm" line: 578}]
password_cb@chrome://openpgp/content/modules/RNPLib.jsm:578:15
decrypt@chrome://openpgp/content/modules/RNP.jsm:953:30
decrypt@chrome://openpgp/content/modules/cryptoAPI/RNPCryptoAPI.jsm:245:16
decryptMessage@chrome://openpgp/content/modules/decryption.jsm:310:33
messageParseCallback@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:1396:36
messageParse@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:1240:24
messageDecryptCb@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:875:20
messageDecrypt/</<@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:581:28
onData@chrome://openpgp/content/modules/mime.jsm:460:19
onStopRequest@chrome://openpgp/content/modules/streams.jsm:60:23
sync@chrome://openpgp/content/modules/cryptoAPI/interface.js:56:15
password_cb@chrome://openpgp/content/modules/RNPLib.jsm:576:23
decrypt@chrome://openpgp/content/modules/RNP.jsm:953:30
decrypt@chrome://openpgp/content/modules/cryptoAPI/RNPCryptoAPI.jsm:245:16
decryptMessage@chrome://openpgp/content/modules/decryption.jsm:310:33
messageParseCallback@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:1396:36
messageParse@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:1240:24
messageDecryptCb@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:875:20
messageDecrypt/</<@chrome://openpgp/content/ui/enigmailMessengerOverlay.js:581:28
onData@chrome://openpgp/content/modules/mime.jsm:460:19
onStopRequest@chrome://openpgp/content/modules/streams.jsm:60:23
sleep@resource://testing-common/mozmill/utils.jsm:62:12
wait_for_message_display_completion@resource://testing-common/mozmill/FolderDisplayHelpers.jsm:1951:15
open_message_from_file@resource://testing-common/mozmill/FolderDisplayHelpers.jsm:727:38

In RNPLib we provide password_cb which is called by the external RNP C library.

While processing this callback, we make a fake-sync call cApi.sync(OpenPGPMasterpass.retrieveOpenPGPPassword())

When executing this function for the first time, if the underlying data file does not yet exist, and while executing async IOUtils functions to test/create that new file, a scheduler apparently causes us to retry data processing, triggering another decryption attempt, causing us to arrive in the same function again.

I cannot yet say if this can happen in production execution, or if this scenario is limited to automated testing with FolderDisplayHelpers.

I suggest to test for the recursion in our RNP password callback, and throw an error if it happens. This can allow us to discover the failure in error console more clearly.

Assignee: nobody → kaie
Status: NEW → ASSIGNED
Keywords: checkin-needed-tb
status-thunderbird_esr91: --- → wontfix
Target Milestone: --- → 98 Branch
Keywords: checkin-needed-tb

Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/63b8aed694a6
Throw if we discover an unexpected RNP password_cb recursion. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED

This change breaks test mail/test/browser/openpgp/browser_viewMessage.js - testDecryptHtmlWithNBSP

I suggest to backout.

Status: RESOLVED → REOPENED
Resolution: FIXED → ---
Attachment #9258405 - Attachment is obsolete: true
Summary: Recursion in OpenPGP password code, RNP callback - problem in testing only? → Recursion in OpenPGP password code, RNP callback
Attachment #9258671 - Attachment is obsolete: true

Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/a8d48c8d1033
Fix a recursion in OpenPGP password callback (v3). r=mkmelin

Status: REOPENED → RESOLVED
Closed: 3 years ago3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: