[Rt-commit] rt branch, 4.2/skip-asc-keys, created. rt-4.2.10-223-g4d714f4

Alex Vandiver alexmv at bestpractical.com
Wed Mar 25 19:07:16 EDT 2015 

The branch, 4.2/skip-asc-keys has been created
        at  4d714f489334832a099eb80a4f9843c8c3c355eb (commit)

- Log -----------------------------------------------------------------
commit 4d714f489334832a099eb80a4f9843c8c3c355eb
Author: Alex Vandiver <alexmv at bestpractical.com>
Date:   Wed Mar 25 18:41:17 2015 -0400

    Avoid treating attached GPG keys named *.asc as encrypted attachments
    
    RT::Crypt::GPG looks for RFC3156 parts, as well as files with matching
    .sig parts.  Any remaining attachments named .pgp or .asc are assumed to
    be attached, encrypted files.
    
    However, there is one common case which this is incorrect for --
    attached public key files, which GPG exports with .asc, by default.
    When RT attempts to "decrypt" these files, GPG responds:
    
        gpg: decrypt_message failed: Unexpected error
    
    ..or, for gpg2:
    
        gpg: decrypt_message failed: unexpected data
    
    This results in the email sender receiving a "Error: bad encrypted data"
    email, which is especially puzzling if their mail did not contain any
    encrypted parts.
    
    Skip .asc/.pgp parts which have content-type application/pgp-keys.
    While this will not reduce the false-positives entirely (for mail
    clients that do not set the content-type correctly), it is prefereable
    to have more false-positives than false negatives.  Better testing is
    impossible without examining the contents of the MIME part, which may be
    quite memory-intensive.

diff --git a/lib/RT/Crypt/GnuPG.pm b/lib/RT/Crypt/GnuPG.pm
index ddb91e4..abbf0bb 100644
--- a/lib/RT/Crypt/GnuPG.pm
+++ b/lib/RT/Crypt/GnuPG.pm
@@ -843,6 +843,8 @@ sub FindScatteredParts {
         my $fname = $part->head->recommended_filename || '';
         next unless $fname =~ /\.${RE_FILE_EXTENSIONS}$/;
 
+        next if $part->effective_type eq "application/pgp-keys";
+
         $RT::Logger->debug("Found encrypted attachment '$fname'");
 
         $args{'Skip'}{$part} = 1;

-----------------------------------------------------------------------

More information about the rt-commit mailing list