Open Bug 1952934 Opened 15 days ago Updated 14 days ago

Empty reply text / attachments with GPG encrypted-then-signed mail (TypeError: mimeSvc.mailChannel.smimeSink is null)

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Version:
Thunderbird 128
Type:
defect

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: mozilla.org, Unassigned)

Details

Attachments

(4 files)

repro.py
4.37 KB, text/x-python
Details
enc-sign-decrypted.eml
456 bytes, message/rfc822
Details
enc-sign.eml, triggers the bug
3.04 KB, message/rfc822
Details
sign-enc.eml
2.82 KB, message/rfc822
Details
Attached file repro.py

Steps to reproduce:

Viewing a message written with Dodo[1], which:

  • Is GPG signed
  • Is GPG encrypted
  • Has attachments

What's special about the message is that Dodo apparently first encrypts, then signs the message, which (while untypical) seems to be allowed[2].

[1] https://github.com/akissinger/dodo/
[2] https://superuser.com/questions/979070/sign-encrypt-vs-encrypt-sign-what-does-gpg-do/979071#979071

Actual results:

Thunderbird shows the attachments with the correct size in the UI, but saving them results in an empty file. When clicking "Reply" for the mail, the original text is not quoted, only a dummy line:

On 01/01/1970 01.00, me@the-compiler.org wrote:

Looking at the devtools reveals: TypeError: can't access property "ignoreStatusFrom", mimeSvc.mailChannel.smimeSink is null

From here:
https://hg.mozilla.org/comm-central/file/cff6a5fd4227a8f9126f7d0cbe11671b93864dca/mail/extensions/openpgp/content/modules/mimeDecrypt.sys.mjs#l146

Reproduced with Thunderbird 128.7.1 as well as the current nightly, 138.0a1.20250310.

After running gpg --decrypt over the file (and ignoring the detached signature), the resulting decrypted mail is handled fine by Thunderbird.

Attached is:

  • enc-sign.eml (the file triggering the bug)
  • enc-sign-decrypted.eml (the result of gpg --decrypt on the above; works fine)
  • sign-enc.eml (Dodo after swapping sign/encrypt, works fine)
  • repro.py (Python script with some code extracted from Dodo, to create the files above with your own key)

Expected results:

Ideally saving the attachments and replying to the mail should work normally. If the format produced by Dodo is indeed somehow invalid, that should be handled in some more explicit way.

Attached file enc-sign-decrypted.eml
Attached file sign-enc.eml

For context, Dodo PR to sign before encryption, which makes things work with Thunderbird: https://github.com/akissinger/dodo/pull/100

Right, sign as the outer layer is not allowed (IIRC after Efail).

Version: Thunderbird 138 → Thunderbird 128
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: