From 3de0b3a9492da7609409ecb1b652aef70d848823 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Sat, 9 Nov 2019 16:48:11 -0500
Subject: email-print-mime-structure: sanity check cryptographic payload

We want to make sure we're decrypting the thing that we expect.  This
typecheck should keep us honest.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Acked-by: Sean Whitton <spwhitton@spwhitton.name>
---
 email-print-mime-structure | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/email-print-mime-structure b/email-print-mime-structure
index 644efb1..2cbf6ed 100755
--- a/email-print-mime-structure
+++ b/email-print-mime-structure
@@ -76,16 +76,20 @@ class MimePrinter(object):
            (parent.get_content_type().lower() == 'multipart/encrypted') and \
            (str(parent.get_param('protocol')).lower() == 'application/pgp-encrypted') and \
            (num == 2):
+            cryptopayload:Optional[Message] = None
+            ciphertext:Union[List[Message],str,bytes,None] = z.get_payload()
+            if not isinstance(ciphertext, str):
+                logging.warning('encrypted part was not a leaf mime part somehow')
+                return
             if pgpy is None:
                 logging.warning(f'Python module pgpy is not available, not decrypting (try "apt install python3-pgpy")')
             else:
-                cryptopayload:Optional[Message] = None
                 keyname:str
                 for keyname in self.args.pgpkey:
                     try:
                         key:pgpy.PGPKey
                         key, _ = pgpy.PGPKey.from_file(keyname)
-                        msg:pgpy.PGPMessage = pgpy.PGPMessage.from_blob(z.get_payload())
+                        msg:pgpy.PGPMessage = pgpy.PGPMessage.from_blob(ciphertext)
                         msg = key.decrypt(msg)
                         cryptopayload = email.message_from_bytes(msg.message)
                         break
-- 
cgit v1.2.3