diff options
author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2019-11-09 16:48:11 -0500 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2019-11-10 00:33:00 -0700 |
commit | 3de0b3a9492da7609409ecb1b652aef70d848823 (patch) | |
tree | 09383aa3545c648fbcf6e58a80e5c990c2fc36fb | |
parent | 04ae100b5f48f56443e3a99e14579c26d9811f4f (diff) | |
download | mailscripts-3de0b3a9492da7609409ecb1b652aef70d848823.tar.gz |
email-print-mime-structure: sanity check cryptographic payload
We want to make sure we're decrypting the thing that we expect. This
typecheck should keep us honest.
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
-rwxr-xr-x | email-print-mime-structure | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/email-print-mime-structure b/email-print-mime-structure index 644efb1..2cbf6ed 100755 --- a/email-print-mime-structure +++ b/email-print-mime-structure @@ -76,16 +76,20 @@ class MimePrinter(object): (parent.get_content_type().lower() == 'multipart/encrypted') and \ (str(parent.get_param('protocol')).lower() == 'application/pgp-encrypted') and \ (num == 2): + cryptopayload:Optional[Message] = None + ciphertext:Union[List[Message],str,bytes,None] = z.get_payload() + if not isinstance(ciphertext, str): + logging.warning('encrypted part was not a leaf mime part somehow') + return if pgpy is None: logging.warning(f'Python module pgpy is not available, not decrypting (try "apt install python3-pgpy")') else: - cryptopayload:Optional[Message] = None keyname:str for keyname in self.args.pgpkey: try: key:pgpy.PGPKey key, _ = pgpy.PGPKey.from_file(keyname) - msg:pgpy.PGPMessage = pgpy.PGPMessage.from_blob(z.get_payload()) + msg:pgpy.PGPMessage = pgpy.PGPMessage.from_blob(ciphertext) msg = key.decrypt(msg) cryptopayload = email.message_from_bytes(msg.message) break |