Sanitize non utf8 strings before returning them to iOS apps

In swift, strings must be strictly utf8, and when golang returns a string with non utf8 characters, it gets translated to an empty string for utf8. To avoid this situation, we sanitize strings before returning them. This behavior is only enabled when building with the "ios" build tag.
2022-10-31 15:18:24 +01:00 · 2022-10-31 15:18:24 +01:00 · a2fd1c6a3b
commit a2fd1c6a3b
parent 6021e54d03
4 changed files with 21 additions and 2 deletions
--- a/crypto/message.go
+++ b/crypto/message.go
@ -202,7 +202,7 @@ func (msg *PlainMessage) GetBinary() []byte {

 // GetString returns the content of the message as a string.
 func (msg *PlainMessage) GetString() string {
-	return strings.ReplaceAll(string(msg.Data), "\r\n", "\n")
+	return sanitizeString(strings.ReplaceAll(string(msg.Data), "\r\n", "\n"))
 }

 // GetBase64 returns the base-64 encoded binary content of the message as a
--- a/crypto/mime.go
+++ b/crypto/mime.go
@ -49,7 +49,8 @@ func (keyRing *KeyRing) DecryptMIMEMessage(
 		callbacks.OnVerified(constants.SIGNATURE_OK)
 	}
 	bodyContent, bodyMimeType := body.GetBody()
-	callbacks.OnBody(bodyContent, bodyMimeType)
+	bodyContentSanitized := sanitizeString(bodyContent)
+	callbacks.OnBody(bodyContentSanitized, bodyMimeType)
 	for i := 0; i < len(attachments); i++ {
 		callbacks.OnAttachment(attachmentHeaders[i], []byte(attachments[i]))
 	}
--- a/crypto/sanitize_string.go
+++ b/crypto/sanitize_string.go
@ -0,0 +1,8 @@
+//go:build !ios
+// +build !ios
+
+package crypto
+
+func sanitizeString(input string) string {
+	return input
+}
--- a/crypto/sanitize_string_ios.go
+++ b/crypto/sanitize_string_ios.go
@ -0,0 +1,10 @@
+//go:build ios
+// +build ios
+
+package crypto
+
+import "strings"
+
+func sanitizeString(input string) string {
+	return strings.ToValidUTF8(input, "\ufffd")
+}