Closed Bug 1943021 Opened 10 months ago Closed 9 months ago

forwarded OpenPGP-signed message (.eml) does not open

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 128
Type:
defect

Tracking

(thunderbird_esr128 affected, thunderbird136 affected)

Status:
RESOLVED FIXED
Milestone:
137 Branch
Tracking Flags:
Tracking Status
thunderbird_esr128 --- affected
thunderbird136 --- affected

People

(Reporter: pmenzel+bugzilla.mozilla.org, Assigned: KaiE)

References

Details

Attachments

(3 files)

Fwd: [oss-security] issue with stuck Mitre CVE requests - Donald Buczek <buczek@molgen.mpg.de> - 2025-01-22 1142.eml
9.52 KB, message/rfc822
Details
test message with simpler structure
1.88 KB, message/rfc822
Details
Bug 1943021 - Fix viewing of attached signed OpenPGP messages. r=mkmelin
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:136.0) Gecko/20100101 Firefox/136.0

Steps to reproduce:

Debian sid/unstable with thunderbird 1:128.6.0esr-1

Try to view the forwarded message in the attached message in Thunderbird 128. (Note, that opening it using Thunderbirds dialog mangles up the message content leading to the confusion in bug 1933439 URL. Open the attached message is source view to verify.)

Actual results:

The message is not rendered.

Expected results:

The message should have been rendered.

Component: Untriaged → Security: OpenPGP
Product: Thunderbird → MailNews Core

The attachment doesn't display for me using nightly build on mac

With Display Attachments Inline, the message shows (inline).
But I can confirm double click to open does nothing. "Open And Show" button in the notification also does nothing.

Summary: PGP-signed message not shown → forwarded OpenPGP-signed message (.eml) does not open

I can reproduce also using fresh, minimal messages that I created.
Removing the signature causes it load fine.
Removing the protected headers wrapper doesn't have an effect.

I'll attach a smaller sample that has the protected headers layer removed, and which still can be used to reproduce the bug.

Assignee: nobody → kaie
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true

As I do not see a commit message and out of curiosity: What was the problem?

(In reply to Paul Menzel from comment #6)

As I do not see a commit message and out of curiosity: What was the problem?

To view the attached message, our code will attempt to extract that message in a first step, and then it will request the display of the extracted message in a second step.

Extracting or displaying a message runs through the same code, based on the MIME type. There are some parameters given to the processing code, that inform about the intention of the processing.

The code that handles an multipart/signed MIME part with with OpenPGP protocol wasn't yet able to perform the raw extraction. Instead, it tried to perform the usual "analytic" processing, in which it removed the signature part, and ran through the decision logic about the signature status of that MIME part (which was ignored, because that part wasn't yet used as the top level of a window, when going through the first extraction step).

As a result of the above, the extracted message had an invalid structure. It looked like this:

Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="------------37y3af86ecPgBEzVTDXuXNnx"

Content-Type: multipart/mixed; boundary="------------JqOOnYJ5YcXdPiMJ6jiOvgJS"
Content-Disposition: inline

--------------JqOOnYJ5YcXdPiMJ6jiOvgJS
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: base64

c2lnbmVkIG1lc3NhZ2UNCg0K

--------------JqOOnYJ5YcXdPiMJ6jiOvgJS--

That was the input that was given to the second step. That couldn't work. The outer part still claimed it was a signed message. But the rest of the structure didn't meet the expectation of the code. There was no second outer MIME part containing the signature. Because of the wrong format, the code processing the MIME part ran into an error condition and decided to stop processing it without a result text, and therefore no text was displayed.

The fix enhances the processing of the multipart/signed type to notice the request to return a raw message (as requested by the first step). When the modified code detects that scenario, it will skip all analytic processing, and just return the whole MIME part. When that MIME part is then passed to rendering, it will run again through the same MIME type handler, but this time it's a complete MIME message with a correct structure, and the processing code sees the expected structure and can complete without failure.

Thank you. Now even I understood it. Thank you for the analysis and fix.

Duplicate of this bug: 1933439
See Also: → 1926607
See Also: → 1926608
Keywords: checkin-needed-tb

Pushed by john@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/2b46b7764bc3
Fix viewing of attached signed OpenPGP messages. r=mkmelin

Status: ASSIGNED → RESOLVED
Closed: 9 months ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED
status-thunderbird136: --- → affected
status-thunderbird_esr128: --- → affected
Target Milestone: --- → 137 Branch
See Also: → 1953098
Duplicate of this bug: 1787408
Duplicate of this bug: 1993851
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: