[Rt-commit] rt branch, 4.2/gnupg-end-of-line, created. rt-4.2.10-238-gccbf51e

Alex Vandiver alexmv at bestpractical.com
Tue Apr 28 15:52:17 EDT 2015 

The branch, 4.2/gnupg-end-of-line has been created
        at  ccbf51e6a6a32eebab507c92c9e976715969fcb9 (commit)

- Log -----------------------------------------------------------------
commit ccbf51e6a6a32eebab507c92c9e976715969fcb9
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Tue Apr 28 15:48:53 2015 -0400

    Anchor inline GPG regular expressions, to prevent false-positives
    
    Only anchoring the regular expressions at the start of the line, and not
    the end, allows for false-positives if they are included, say, in HTML
    email.  Per RFC4880:
    
       Note that all these Armor Header Lines are to consist of a complete
       line.  That is to say, there is always a line ending preceding the
       starting five dashes, and following the ending five dashes.  The
       header lines, therefore, MUST start at the beginning of a line, and
       MUST NOT have text other than whitespace following them on the same
       line.
    
    Fixes: I#30372

diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index ddb91e4..1b2e9be 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -911,10 +911,10 @@ sub _CheckIfProtectedInline {
     }
 
     while ( defined($_ = $io->getline) ) {
-        if ( /^-----BEGIN PGP (SIGNED )?MESSAGE-----/ ) {
+        if ( /^-----BEGIN PGP (SIGNED )?MESSAGE-----\s*$/ ) {
             return $1? 'signed': 'encrypted';
         }
-        elsif ( $check_for_signature && !/^-----BEGIN PGP SIGNATURE-----/ ) {
+        elsif ( $check_for_signature && !/^-----BEGIN PGP SIGNATURE-----\s*$/ ) {
             return 'signature';
         }
     }
@@ -1092,7 +1092,7 @@ sub DecryptInline {
     binmode $block_fh, ':raw';
 
     while ( defined(my $str = $io->getline) ) {
-        if ( $in_block && $str =~ /^-----END PGP (?:MESSAGE|SIGNATURE)-----/ ) {
+        if ( $in_block && $str =~ /^-----END PGP (?:MESSAGE|SIGNATURE)-----\s*$/ ) {
             print $block_fh $str;
             $in_block--;
             next if $in_block > 0;
@@ -1116,7 +1116,7 @@ sub DecryptInline {
             binmode $block_fh, ':raw';
             $in_block = 0;
         }
-        elsif ( $str =~ /^-----BEGIN PGP (SIGNED )?MESSAGE-----/ ) {
+        elsif ( $str =~ /^-----BEGIN PGP (SIGNED )?MESSAGE-----\s*$/ ) {
             $in_block++;
             print $block_fh $str;
         }

-----------------------------------------------------------------------

More information about the rt-commit mailing list