suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename config.tolerant to config.ignoreUnsupportedPackets, add config.ignoreMalformedPackets (#1386)

Browse Source 
Configuration options related to parsing have been changed to make it possible
to try to read messages containing malformed packets. Changes:
- rename `config.tolerant` to `config.ignoreUnsupportedPackets`. This still
defaults to `true`.
- Add `config.ignoreMalformedPackets` to ignore packets that fail to parse
(when possible). This option was not available before and it defaults to `false`.
This commit is contained in:
larabr 2021-07-23 13:22:18 +02:00 committed by GitHub
parent 3cd61ff1b4
commit 4b6189b91b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 28 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
openpgp.d.ts vendored
View File

@ -321,7 +321,8 @@ interface Config {
minRSABits: number; minRSABits: number;
passwordCollisionCheck: boolean; passwordCollisionCheck: boolean;
revocationsExpire: boolean; revocationsExpire: boolean;
tolerant: boolean; ignoreUnsupportedPackets: boolean;
ignoreMalformedPackets: boolean;
versionString: string; versionString: string;
commentString: string; commentString: string;
allowInsecureDecryptionWithSigningKeys: boolean; allowInsecureDecryptionWithSigningKeys: boolean;

10
src/config/config.js
View File

@ -136,10 +136,14 @@ export default {
minBytesForWebCrypto: 1000, minBytesForWebCrypto: 1000,
/** /**
* @memberof module:config * @memberof module:config
* @property {Boolean} tolerant Ignore unsupported/unrecognizable packets instead of throwing an error * @property {Boolean} ignoreUnsupportedPackets Ignore unsupported/unrecognizable packets on parsing instead of throwing an error
*/ */
tolerant: true, ignoreUnsupportedPackets: true,
/**
* @memberof module:config
* @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error
*/
ignoreMalformedPackets: false,
/** /**
* @memberof module:config * @memberof module:config
* @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages

5
src/packet/packetlist.js
View File

@ -82,8 +82,9 @@ class PacketList extends Array {
await packet.read(parsed.packet, config); await packet.read(parsed.packet, config);
await writer.write(packet); await writer.write(packet);
} catch (e) { } catch (e) {
const isTolerableError = config.tolerant && e instanceof UnsupportedError; const throwUnsupportedError = !config.ignoreUnsupportedPackets && e instanceof UnsupportedError;
if (!isTolerableError || supportsStreaming(parsed.tag)) { const throwMalformedError = !config.ignoreMalformedPackets && !(e instanceof UnsupportedError);
if (throwUnsupportedError || throwMalformedError || supportsStreaming(parsed.tag)) {
// The packets that support streaming are the ones that contain message data. // The packets that support streaming are the ones that contain message data.
// Those are also the ones we want to be more strict about and throw on parse errors // Those are also the ones we want to be more strict about and throw on parse errors
// (since we likely cannot process the message without these packets anyway). // (since we likely cannot process the message without these packets anyway).

12
test/general/config.js
View File

@ -8,11 +8,11 @@ module.exports = () => describe('Custom configuration', function() {
const message = await openpgp.readMessage({ armoredMessage }); const message = await openpgp.readMessage({ armoredMessage });
message.packets.findPacket(openpgp.SymEncryptedSessionKeyPacket.tag).version = 1; // unsupported SKESK version message.packets.findPacket(openpgp.SymEncryptedSessionKeyPacket.tag).version = 1; // unsupported SKESK version
const config = { tolerant: true }; const config = { ignoreUnsupportedPackets: true };
const parsedMessage = await openpgp.readMessage({ armoredMessage: message.armor(), config }); const parsedMessage = await openpgp.readMessage({ armoredMessage: message.armor(), config });
expect(parsedMessage.packets.length).to.equal(1); expect(parsedMessage.packets.length).to.equal(1);
config.tolerant = false; config.ignoreUnsupportedPackets = false;
await expect( await expect(
openpgp.readMessage({ armoredMessage: message.armor(), config }) openpgp.readMessage({ armoredMessage: message.armor(), config })
).to.be.rejectedWith(/Version 1 of the SKESK packet is unsupported/); ).to.be.rejectedWith(/Version 1 of the SKESK packet is unsupported/);
@ -30,11 +30,11 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
const signature = await openpgp.readSignature({ armoredSignature }); const signature = await openpgp.readSignature({ armoredSignature });
signature.packets[0].signatureData[0] = 1; // set unsupported signature version signature.packets[0].signatureData[0] = 1; // set unsupported signature version
const config = { tolerant: true }; const config = { ignoreUnsupportedPackets: true };
const parsedSignature = await openpgp.readSignature({ armoredSignature: signature.armor(), config }); const parsedSignature = await openpgp.readSignature({ armoredSignature: signature.armor(), config });
expect(parsedSignature.packets.length).to.equal(0); expect(parsedSignature.packets.length).to.equal(0);
config.tolerant = false; config.ignoreUnsupportedPackets = false;
await expect( await expect(
openpgp.readSignature({ armoredSignature: signature.armor(), config }) openpgp.readSignature({ armoredSignature: signature.armor(), config })
).to.be.rejectedWith(/Version 1 of the signature packet is unsupported/); ).to.be.rejectedWith(/Version 1 of the signature packet is unsupported/);
@ -43,10 +43,10 @@ vAFM3jjrAQDgJPXsv8PqCrLGDuMa/2r6SgzYd03aw/xt1WM6hgUvhQD+J54Z
it('openpgp.readKey', async function() { it('openpgp.readKey', async function() {
const { privateKey: armoredKey } = await openpgp.generateKey({ userIDs:[{ name:'test', email:'test@a.it' }] }); const { privateKey: armoredKey } = await openpgp.generateKey({ userIDs:[{ name:'test', email:'test@a.it' }] });
await expect( await expect(
openpgp.readKey({ armoredKey, config: { tolerant: false, maxUserIDLength: 2 } }) openpgp.readKey({ armoredKey, config: { ignoreUnsupportedPackets: false, maxUserIDLength: 2 } })
).to.be.rejectedWith(/User ID string is too long/); ).to.be.rejectedWith(/User ID string is too long/);
await expect( await expect(
openpgp.readKey({ armoredKey, config: { tolerant: true, maxUserIDLength: 2 } }) openpgp.readKey({ armoredKey, config: { ignoreUnsupportedPackets: true, maxUserIDLength: 2 } })
).to.be.rejectedWith(/User ID string is too long/); ).to.be.rejectedWith(/User ID string is too long/);
}); });

21
test/general/packet.js
View File

@ -950,7 +950,7 @@ V+HOQJQxXJkVRYa3QrFUehiMzTeqqMdgC6ZqJy7+
}); });
describe('PacketList parsing', function () { describe('PacketList parsing', function () {
it('Ignores unknown packet version with tolerant mode enabled', async function() { it('Ignores unknown packet version with `config.ignoreUnsupportedPackets` enabled', async function() {
const armoredSignature = `-----BEGIN PGP SIGNATURE----- const armoredSignature = `-----BEGIN PGP SIGNATURE-----
iQFKBAEBCgA0FiEEdOyNPagqedqiXfEMa6Ve2Dq64bsFAlszXwQWHHRlc3Qtd2tk iQFKBAEBCgA0FiEEdOyNPagqedqiXfEMa6Ve2Dq64bsFAlszXwQWHHRlc3Qtd2tk
@ -968,11 +968,11 @@ kePFjAnu9cpynKXu3usf8+FuBw2zLsg1Id1n7ttxoAte416KjBN9lFBt8mcu
signaturePacket.signatureData[0] = 1; signaturePacket.signatureData[0] = 1;
packets.push(signaturePacket); packets.push(signaturePacket);
const bytes = packets.write(); const bytes = packets.write();
const parsed = await openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, tolerant: true }); const parsed = await openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, ignoreUnsupportedPackets: true });
expect(parsed.length).to.equal(0); expect(parsed.length).to.equal(0);
}); });
it('Throws on unknown packet version with tolerant mode disabled', async function() { it('Throws on unknown packet version with `config.ignoreUnsupportedPackets` disabled', async function() {
const armoredSignature = `-----BEGIN PGP SIGNATURE----- const armoredSignature = `-----BEGIN PGP SIGNATURE-----
iQFKBAEBCgA0FiEEdOyNPagqedqiXfEMa6Ve2Dq64bsFAlszXwQWHHRlc3Qtd2tk iQFKBAEBCgA0FiEEdOyNPagqedqiXfEMa6Ve2Dq64bsFAlszXwQWHHRlc3Qtd2tk
@ -991,7 +991,7 @@ kePFjAnu9cpynKXu3usf8+FuBw2zLsg1Id1n7ttxoAte416KjBN9lFBt8mcu
packets.push(signaturePacket); packets.push(signaturePacket);
const bytes = packets.write(); const bytes = packets.write();
await expect( await expect(
openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, tolerant: false }) openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, ignoreUnsupportedPackets: false })
).to.be.rejectedWith(/Version 1 of the signature packet is unsupported/); ).to.be.rejectedWith(/Version 1 of the signature packet is unsupported/);
}); });
@ -999,20 +999,19 @@ kePFjAnu9cpynKXu3usf8+FuBw2zLsg1Id1n7ttxoAte416KjBN9lFBt8mcu
const packets = new openpgp.PacketList(); const packets = new openpgp.PacketList();
packets.push(new openpgp.LiteralDataPacket()); packets.push(new openpgp.LiteralDataPacket());
const bytes = packets.write(); const bytes = packets.write();
await expect(openpgp.PacketList.fromBinary(bytes, {}, { ...openpgp.config, tolerant: false })).to.be.rejectedWith(/Packet not allowed in this context/); await expect(openpgp.PacketList.fromBinary(bytes, {}, { ...openpgp.config, ignoreUnsupportedPackets: false, ignoreMalformedPackets: false })).to.be.rejectedWith(/Packet not allowed in this context/);
await expect(openpgp.PacketList.fromBinary(bytes, {}, { ...openpgp.config, tolerant: true })).to.be.rejectedWith(/Packet not allowed in this context/); await expect(openpgp.PacketList.fromBinary(bytes, {}, { ...openpgp.config, ignoreUnsupportedPackets: true, ignoreMalformedPackets: true })).to.be.rejectedWith(/Packet not allowed in this context/);
}); });
it('Throws on parsing errors even with tolerant mode enabled', async function () { it('Throws on parsing errors `config.ignoreMalformedPackets` disabled', async function () {
const packets = new openpgp.PacketList(); const packets = new openpgp.PacketList();
packets.push(openpgp.UserIDPacket.fromObject({ name:'test', email:'test@a.it' })); packets.push(openpgp.UserIDPacket.fromObject({ name:'test', email:'test@a.it' }));
const bytes = packets.write(); const bytes = packets.write();
await expect( await expect(
openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, maxUserIDLength: 2, tolerant: false }) openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, maxUserIDLength: 2, ignoreMalformedPackets: false })
).to.be.rejectedWith(/User ID string is too long/);
await expect(
openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, maxUserIDLength: 2, tolerant: true })
).to.be.rejectedWith(/User ID string is too long/); ).to.be.rejectedWith(/User ID string is too long/);
const parsed = await openpgp.PacketList.fromBinary(bytes, allAllowedPackets, { ...openpgp.config, maxUserIDLength: 2, ignoreMalformedPackets: true });
expect(parsed.length).to.equal(0);
}); });
}); });
}); });