It's Riseup's twentieth year, help keep us going! If you can afford it, please contribute to our winter fundraising drive.

Commit e9475b7f authored by georg's avatar georg

Handle various exceptions due to decryption problems gracefully

Handle incoming mails encrypted to an absent key, using symmetric
encryption or containing PGP-garbage in a more graceful manner: Don't
throw an exception, don't notify (and annoy) the admins, instead inform
the sender of the mail how to do better.

Closes #337
parent de3fecb4
Pipeline #32803 passed with stages
in 10 minutes and 7 seconds
......@@ -16,6 +16,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
* Do not recognize sudo messages as automated message (#248)
* Fixed using x-attach-listkey with emails from Thunderbird that include protected headers.
* Ensure ASCII-8BIT as external encoding, this should ensure that plain text emails in different charsets can be parsed (#409)
* Handle incoming mails encrypted to an absent key, using symmetric encryption or containing PGP-garbage in a more graceful manner: Don't throw an exception, don't notify (and annoy) the admins, instead inform the sender of the mail how to do better. (#337)
## [3.4.1] / 2019-09-16
......
......@@ -13,7 +13,12 @@ module Schleuder
begin
# This decrypts, verifies, etc.
@mail = @mail.setup
rescue GPGME::Error::DecryptFailed
rescue GPGME::Error::BadPassphrase,
GPGME::Error::DecryptFailed,
GPGME::Error::NoData,
GPGME::Error::NoSecretKey
logger.warn "Decryption of incoming message failed."
return Errors::DecryptionFailed.new(list)
end
......
Date: Sat, 4 Jan 2020 23:42:49 +0000
From: <schleuder@example.org>
To: schleuder@example.org
Subject: Test
Message-ID: <20200104234249.GB9231@example.org>
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
--eAbsdosE1cNLO4uF
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Version: 1
--eAbsdosE1cNLO4uF
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="msg.asc"
-----BEGIN PGP MESSAGE-----
hF4DTO8GH8gtgSMSAQdAjiYMTVwKw70Z3H8NwyZeHpPopnE1BB2L8Cs0MF95AXYw
=xJbn
-----END PGP MESSAGE-----
--eAbsdosE1cNLO4uF--
Date: Sat, 4 Jan 2020 23:42:49 +0000
From: <schleuder@example.org>
To: schleuder@example.org
Subject: Test
Message-ID: <20200104234249.GB9231@example.org>
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
--eAbsdosE1cNLO4uF
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Version: 1
--eAbsdosE1cNLO4uF
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="msg.asc"
-----BEGIN PGP MESSAGE-----
hQGMA+8L5wLeonReAQv/ch+gZBhnP0ikFnkmEXB50e3oWlP7/Gc0hRetb6s5I8u4
dJOt9FUpaWiKg/OryBafJ889VtE7ujO2d8T+D0xwqiE9JRNzP3DiWiXgNpKw5pmN
L6R4+skZ9UK009AzxWSivgg6fJIpk8i022n9c5DPK4sMOE2jUYV7C2BMzXcSq8jf
vr5Wet3lf2yzfU+Pb62s8N1y/qg0PZrJb/0ddnaY4DDMPb4db3H2fuOEzuHnyxOK
WiphCGWSKqKUUWt/x/01GABWBDCy/5HB5ow1o43u8KDriTVB765dd0aS2QGqhLD8
yvhEnzjb1DRz5Bml7NOXKeueFL80S0vge1AKT1YOf1bW1YfTEpn0jiLr8zasd41c
c7cM6SGX6PFV6xGTqMgHLBZaN7Xj4ijgqZfPslYJp4iqjyQ18y1S3zMBDLc3s+9T
iihTi2Ve2D2nI7Xb1Cl/UAgRDin7pQT39UBsHtrKHbpf0NTKYQKzHk+0K+VZn1Bq
a89bFZrfiT+iMXovAzx20loBzk6GUrmSRSgngW7ai0se4nEQ7Vj8xJV/awmBq8Oz
O8UtXiQlIoqOXH07aLxZm819BRNy66XiRUsW0bxN/pzSbOlhivIXYm5ypy5UWEsl
hGHDxswJibLDdpc=
=pSCD
-----END PGP MESSAGE-----
--eAbsdosE1cNLO4uF--
Date: Sat, 4 Jan 2020 23:42:49 +0000
From: <schleuder@example.org>
To: schleuder@example.org
Subject: Test
Message-ID: <20200104234249.GB9231@example.org>
MIME-Version: 1.0
Content-Type: multipart/encrypted; protocol="application/pgp-encrypted";
boundary="eAbsdosE1cNLO4uF"
Content-Disposition: inline
--eAbsdosE1cNLO4uF
Content-Type: application/pgp-encrypted
Content-Disposition: attachment
Version: 1
--eAbsdosE1cNLO4uF
Content-Type: application/octet-stream
Content-Disposition: attachment; filename="msg.asc"
-----BEGIN PGP MESSAGE-----
jA0ECQMCk858png0tIj/0lQBvHbaDcW9nElJfL0tgFhEnZv3847kDXaRpYAaQhAY
TmHzD51Z7uUbalJSxgmLnBVFRFop2sKSmba1sqtlhszYFjTRerlWAJsb5vNZ1KIB
1kyOuBU=
=42m3
-----END PGP MESSAGE-----
--eAbsdosE1cNLO4uF--
......@@ -218,6 +218,54 @@ describe Schleuder::Runner do
end
end
context 'mails not encrypted to the list key' do
it 'handles a mail which was encrypted to an absent key and returns DecryptionFailed error' do
list = create(
:list,
send_encrypted_only: false
)
list.subscribe("schleuder@example.org", nil, true)
mail = File.read('spec/fixtures/mails/encrypted-to-absent-key.txt')
result = Schleuder::Runner.new().run(mail, list.email)
expect(result.class).to eql(Schleuder::Errors::DecryptionFailed)
teardown_list_and_mailer(list)
end
it 'handles a mail which was encrypted to a passphrase and returns DecryptionFailed error' do
list = create(
:list,
send_encrypted_only: false
)
list.subscribe("schleuder@example.org", nil, true)
mail = File.read('spec/fixtures/mails/encrypted-to-passphrase.txt')
result = Schleuder::Runner.new().run(mail, list.email)
expect(result.class).to eql(Schleuder::Errors::DecryptionFailed)
teardown_list_and_mailer(list)
end
it 'handles a mail containing PGP-garbage and returns DecryptionFailed error' do
list = create(
:list,
send_encrypted_only: false
)
list.subscribe("schleuder@example.org", nil, true)
mail = File.read('spec/fixtures/mails/containing-pgp-garbage.txt')
result = Schleuder::Runner.new().run(mail, list.email)
expect(result.class).to eql(Schleuder::Errors::DecryptionFailed)
teardown_list_and_mailer(list)
end
end
it "delivers a signed error message if a subscription's key is expired on a encrypted-only list" do
list = create(:list, send_encrypted_only: true)
list.subscribe("admin@example.org", nil, true, false)
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment