summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2019-11-09 16:48:11 -0500
committerSean Whitton <spwhitton@spwhitton.name>2019-11-10 00:33:00 -0700
commit3de0b3a9492da7609409ecb1b652aef70d848823 (patch)
tree09383aa3545c648fbcf6e58a80e5c990c2fc36fb
parent04ae100b5f48f56443e3a99e14579c26d9811f4f (diff)
downloadmailscripts-3de0b3a9492da7609409ecb1b652aef70d848823.tar.gz
email-print-mime-structure: sanity check cryptographic payload
We want to make sure we're decrypting the thing that we expect. This typecheck should keep us honest. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> Acked-by: Sean Whitton <spwhitton@spwhitton.name>
-rwxr-xr-xemail-print-mime-structure8
1 files changed, 6 insertions, 2 deletions
diff --git a/email-print-mime-structure b/email-print-mime-structure
index 644efb1..2cbf6ed 100755
--- a/email-print-mime-structure
+++ b/email-print-mime-structure
@@ -76,16 +76,20 @@ class MimePrinter(object):
(parent.get_content_type().lower() == 'multipart/encrypted') and \
(str(parent.get_param('protocol')).lower() == 'application/pgp-encrypted') and \
(num == 2):
+ cryptopayload:Optional[Message] = None
+ ciphertext:Union[List[Message],str,bytes,None] = z.get_payload()
+ if not isinstance(ciphertext, str):
+ logging.warning('encrypted part was not a leaf mime part somehow')
+ return
if pgpy is None:
logging.warning(f'Python module pgpy is not available, not decrypting (try "apt install python3-pgpy")')
else:
- cryptopayload:Optional[Message] = None
keyname:str
for keyname in self.args.pgpkey:
try:
key:pgpy.PGPKey
key, _ = pgpy.PGPKey.from_file(keyname)
- msg:pgpy.PGPMessage = pgpy.PGPMessage.from_blob(z.get_payload())
+ msg:pgpy.PGPMessage = pgpy.PGPMessage.from_blob(ciphertext)
msg = key.decrypt(msg)
cryptopayload = email.message_from_bytes(msg.message)
break