lysann/passforios-gopenpgp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #197 from ProtonMail/fix/non-utf8-strings

Browse source 
Sanitize non utf8 strings before returning them to iOS apps
This commit is contained in:
marinthiercelin 2022-11-03 13:24:20 +01:00 committed by GitHub
commit 7cedddc40d
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
CHANGELOG.md
View file

@ -5,10 +5,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## Unreleased ## Unreleased
### Changed ### Changed
- Updated `github.com/ProtonMail/go-mime` to latest versions, which cleans up uneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings. - Updated `github.com/ProtonMail/go-mime` to latest versions, which cleans up uneeded dependencies. And fix an issue with PGP/MIME messages with non standard encodings.
- Sanitize strings returned in `MIMECallbacks.OnBody()` and `PlainMessage.GetString()`. Strings that have non utf8 characters will be sanitized to have the "character unknown" character : <20> instead.
## [2.4.10] 2022-08-22 ## [2.4.10] 2022-08-22
### Changed ### Changed

2
crypto/message.go
View file

@ -202,7 +202,7 @@ func (msg *PlainMessage) GetBinary() []byte {
// GetString returns the content of the message as a string. // GetString returns the content of the message as a string.
func (msg *PlainMessage) GetString() string { func (msg *PlainMessage) GetString() string {
return strings.ReplaceAll(string(msg.Data), "\r\n", "\n") return sanitizeString(strings.ReplaceAll(string(msg.Data), "\r\n", "\n"))
} }
// GetBase64 returns the base-64 encoded binary content of the message as a // GetBase64 returns the base-64 encoded binary content of the message as a

8
crypto/message_test.go
View file

@ -5,6 +5,7 @@ import (
"encoding/base64" "encoding/base64"
"errors" "errors"
"io" "io"
"io/ioutil"
"testing" "testing"
"time" "time"
@ -83,7 +84,12 @@ func TestTextMixedMessageDecryptionWithPassword(t *testing.T) {
t.Fatal("Expected no error when decrypting, got:", err) t.Fatal("Expected no error when decrypting, got:", err)
} }
assert.Exactly(t, readTestFile("message_mixedPasswordPublicExpected", true), decrypted.GetString()) expected, err := ioutil.ReadFile("testdata/message_mixedPasswordPublicExpected")
if err != nil {
panic(err)
}
assert.Exactly(t, expected, decrypted.GetBinary())
} }
func TestTextMessageEncryption(t *testing.T) { func TestTextMessageEncryption(t *testing.T) {

3
crypto/mime.go
View file

@ -49,7 +49,8 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
callbacks.OnVerified(constants.SIGNATURE_OK) callbacks.OnVerified(constants.SIGNATURE_OK)
} }
bodyContent, bodyMimeType := body.GetBody() bodyContent, bodyMimeType := body.GetBody()
callbacks.OnBody(bodyContent, bodyMimeType) bodyContentSanitized := sanitizeString(bodyContent)
callbacks.OnBody(bodyContentSanitized, bodyMimeType)
for i := 0; i < len(attachments); i++ { for i := 0; i < len(attachments); i++ {
callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i])) callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
} }

7
crypto/sanitize_string.go Normal file
View file

@ -0,0 +1,7 @@
package crypto
import "strings"
func sanitizeString(input string) string {
return strings.ToValidUTF8(input, "\ufffd")
}