Diffusion PIM: Message Library 8f9b85b664be

Make unexpected data leak harder via reply.
8f9b85b664be
Actions

Authored by knauss on Apr 25 2019, 12:10 PM.

Description

Make unexpected data leak harder via reply.

ObjectTreeParser.htmlContent/plainTextContent may concats different encrypted parts
without the user noticing it. That would lead to a Decryption oracle. We have already
a logic to find the topleveltextNode in MimeTreeParser, this does not take HTML nodes
into account nor that TEXT nodes may have several PGP Inline blocks.

That plaintextContent for HtmlMessagePart is not return QString(), that bubbled up by
testing the stuff.

BUG: 404698

Details

Committed

knauss

May 12 2019, 8:37 PM

Parents

R94:676893d23d56: Rename convertedHtmlContent-> convertedHtmlContent for reply_Plain

Branches

Unknown

Tags

Unknown

knauss committed R94:8f9b85b664be: Make unexpected data leak harder via reply. (authored by knauss).May 12 2019, 8:37 PM

Changes (6)

				Path	Packages
	M			mimetreeparser/src/messagepart.cpp
	M			mimetreeparser/src/messagepart.h
	A			templateparser/autotests/data/openpgp-inline-space.mbox
	A			templateparser/autotests/data/openpgp-inline-space.mbox.html.reply
	A			templateparser/autotests/data/openpgp-inline-space.mbox.plain.reply
	M			templateparser/src/templateparserjob.cpp