From a2fd1c6a3b868ee5502f5deae8cfe877a988a982 Mon Sep 17 00:00:00 2001
From: "M. Thiercelin" <marin.thiercelin@proton.ch>
Date: Mon, 31 Oct 2022 15:18:24 +0100
Subject: [PATCH] Sanitize non utf8 strings before returning them to iOS apps

In swift, strings must be strictly utf8, and when golang
returns a string with non utf8 characters, it gets translated to
an empty string for utf8.
To avoid this situation, we sanitize strings before returning them.
This behavior is only enabled when building with the "ios" build tag.
---
 crypto/message.go             |  2 +-
 crypto/mime.go                |  3 ++-
 crypto/sanitize_string.go     |  8 ++++++++
 crypto/sanitize_string_ios.go | 10 ++++++++++
 4 files changed, 21 insertions(+), 2 deletions(-)
 create mode 100644 crypto/sanitize_string.go
 create mode 100644 crypto/sanitize_string_ios.go

diff --git a/crypto/message.go b/crypto/message.go
index ccdb5d3..d6072fe 100644
--- a/crypto/message.go
+++ b/crypto/message.go
@@ -202,7 +202,7 @@ func (msg *PlainMessage) GetBinary() []byte {
 
 // GetString returns the content of the message as a string.
 func (msg *PlainMessage) GetString() string {
-	return strings.ReplaceAll(string(msg.Data), "\r\n", "\n")
+	return sanitizeString(strings.ReplaceAll(string(msg.Data), "\r\n", "\n"))
 }
 
 // GetBase64 returns the base-64 encoded binary content of the message as a
diff --git a/crypto/mime.go b/crypto/mime.go
index 4d55cd0..d756dfc 100644
--- a/crypto/mime.go
+++ b/crypto/mime.go
@@ -49,7 +49,8 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
 		callbacks.OnVerified(constants.SIGNATURE_OK)
 	}
 	bodyContent, bodyMimeType := body.GetBody()
-	callbacks.OnBody(bodyContent, bodyMimeType)
+	bodyContentSanitized := sanitizeString(bodyContent)
+	callbacks.OnBody(bodyContentSanitized, bodyMimeType)
 	for i := 0; i < len(attachments); i++ {
 		callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
 	}
diff --git a/crypto/sanitize_string.go b/crypto/sanitize_string.go
new file mode 100644
index 0000000..94aa81c
--- /dev/null
+++ b/crypto/sanitize_string.go
@@ -0,0 +1,8 @@
+//go:build !ios
+// +build !ios
+
+package crypto
+
+func sanitizeString(input string) string {
+	return input
+}
diff --git a/crypto/sanitize_string_ios.go b/crypto/sanitize_string_ios.go
new file mode 100644
index 0000000..561414b
--- /dev/null
+++ b/crypto/sanitize_string_ios.go
@@ -0,0 +1,10 @@
+//go:build ios
+// +build ios
+
+package crypto
+
+import "strings"
+
+func sanitizeString(input string) string {
+	return strings.ToValidUTF8(input, "\ufffd")
+}