Merge pull request #197 from ProtonMail/fix/non-utf8-strings

Sanitize non utf8 strings before returning them to iOS apps
2022-11-03 13:24:20 +01:00 · 2022-11-03 13:24:20 +01:00 · 7cedddc40d
commit 7cedddc40d
parent 6021e54d03 4971d78a53
5 changed files with 18 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -5,10 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

 ## Unreleased
-
 ### Changed
-
 - Updated `github.com/ProtonMail/go-mime` to latest versions, which cleans up uneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings.
+- Sanitize strings returned in `MIMECallbacks.OnBody()` and `PlainMessage.GetString()`. Strings that have non utf8 characters will be sanitized to have the "character unknown" character : <20> instead.

 ## [2.4.10] 2022-08-22
 ### Changed
--- a/crypto/message.go
+++ b/crypto/message.go
@ -202,7 +202,7 @@ func (msg *PlainMessage) GetBinary() []byte {

 // GetString returns the content of the message as a string.
 func (msg *PlainMessage) GetString() string {
-	return strings.ReplaceAll(string(msg.Data), "\r\n", "\n")
+	return sanitizeString(strings.ReplaceAll(string(msg.Data), "\r\n", "\n"))
 }

 // GetBase64 returns the base-64 encoded binary content of the message as a
--- a/crypto/message_test.go
+++ b/crypto/message_test.go
@ -5,6 +5,7 @@ import (
 	"encoding/base64"
 	"errors"
 	"io"
+	"io/ioutil"
 	"testing"
 	"time"

@ -83,7 +84,12 @@ func TestTextMixedMessageDecryptionWithPassword(t *testing.T) {
 		t.Fatal("Expected no error when decrypting, got:", err)
 	}

-	assert.Exactly(t, readTestFile("message_mixedPasswordPublicExpected", true), decrypted.GetString())
+	expected, err := ioutil.ReadFile("testdata/message_mixedPasswordPublicExpected")
+	if err != nil {
+		panic(err)
+	}
+
+	assert.Exactly(t, expected, decrypted.GetBinary())
 }

 func TestTextMessageEncryption(t *testing.T) {
--- a/crypto/mime.go
+++ b/crypto/mime.go
@ -49,7 +49,8 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
 		callbacks.OnVerified(constants.SIGNATURE_OK)
 	}
 	bodyContent, bodyMimeType := body.GetBody()
-	callbacks.OnBody(bodyContent, bodyMimeType)
+	bodyContentSanitized := sanitizeString(bodyContent)
+	callbacks.OnBody(bodyContentSanitized, bodyMimeType)
 	for i := 0; i < len(attachments); i++ {
 		callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
 	}
--- a/crypto/sanitize_string.go
+++ b/crypto/sanitize_string.go
@ -0,0 +1,7 @@
+package crypto
+
+import "strings"
+
+func sanitizeString(input string) string {
+	return strings.ToValidUTF8(input, "\ufffd")
+}