Ignore improperly formatted armor headers (#1557)

Show a debug warning instead of throwing an error on malformed headers.
2022-08-22 21:30:33 +08:00 · 2022-08-22 21:30:33 +08:00 · 4d2cf85a51
commit 4d2cf85a51
parent 93644b7c58
2 changed files with 9 additions and 14 deletions
--- a/src/encoding/armor.js
+++ b/src/encoding/armor.js
@ -182,15 +182,17 @@ function createcrc24(input) {
 }

 /**
- * Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted
- * Armor Headers to be corruption of the ASCII Armor."
+ * Verify armored headers. crypto-refresh-06, section 6.2:
+ * "An OpenPGP implementation may consider improperly formatted Armor
+ * Headers to be corruption of the ASCII Armor, but SHOULD make an
+ * effort to recover."
 * @private
 * @param {Array<String>} headers - Armor headers
 */
 function verifyHeaders(headers) {
  for (let i = 0; i < headers.length; i++) {
    if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
-      throw new Error('Improperly formatted armor header: ' + headers[i]);
+      util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));
    }
    if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {
      util.printDebugError(new Error('Unknown header: ' + headers[i]));
--- a/test/general/armor.js
+++ b/test/general/armor.js
@ -101,21 +101,14 @@ module.exports = () => describe('ASCII armor', function() {
    expect(msg).to.be.an.instanceof(openpgp.CleartextMessage);
  });

-  it('Exception if improperly formatted armor header - plaintext section', async function () {
-    let msg = getArmor(['Hash:SHA256']);
-    msg = openpgp.readCleartextMessage({ cleartextMessage: msg });
-    await expect(msg).to.be.rejectedWith(Error, /Improperly formatted armor header/);
-    msg = getArmor(['Ha sh: SHA256']);
-    msg = openpgp.readCleartextMessage({ cleartextMessage: msg });
+  it('Exception if header is not Hash in cleartext signed message', async function () {
+    const msg = openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Ha sh: SHA256']) });
    await expect(msg).to.be.rejectedWith(Error, /Only "Hash" header allowed in cleartext signed message/);
-    msg = getArmor(['Hash SHA256']);
-    msg = openpgp.readCleartextMessage({ cleartextMessage: msg });
-    await expect(msg).to.be.rejectedWith(Error, /Improperly formatted armor header/);
  });

-  it('Exception if improperly formatted armor header - signature section', async function () {
+  it('Ignore improperly formatted armor header', async function () {
    await Promise.all(['Space : trailing', 'Space :switched', ': empty', 'none', 'Space:missing'].map(async function (invalidHeader) {
-      await expect(openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Hash: SHA1'], [invalidHeader]) })).to.be.rejectedWith(Error, /Improperly formatted armor header/);
+      expect(await openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Hash: SHA1'], [invalidHeader]) })).to.be.an.instanceof(openpgp.CleartextMessage);
    }));
  });