From 4d2cf85a5185b7f64beeabf69349a2f7e13b9bd9 Mon Sep 17 00:00:00 2001 From: Celine Moredo <32130856+camoredo@users.noreply.github.com> Date: Mon, 22 Aug 2022 21:30:33 +0800 Subject: [PATCH] Ignore improperly formatted armor headers (#1557) Show a debug warning instead of throwing an error on malformed headers. --- src/encoding/armor.js | 8 +++++--- test/general/armor.js | 15 ++++----------- 2 files changed, 9 insertions(+), 14 deletions(-) diff --git a/src/encoding/armor.js b/src/encoding/armor.js index 99c0d282..6f402546 100644 --- a/src/encoding/armor.js +++ b/src/encoding/armor.js @@ -182,15 +182,17 @@ function createcrc24(input) { } /** - * Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted - * Armor Headers to be corruption of the ASCII Armor." + * Verify armored headers. crypto-refresh-06, section 6.2: + * "An OpenPGP implementation may consider improperly formatted Armor + * Headers to be corruption of the ASCII Armor, but SHOULD make an + * effort to recover." * @private * @param {Array} headers - Armor headers */ function verifyHeaders(headers) { for (let i = 0; i < headers.length; i++) { if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { - throw new Error('Improperly formatted armor header: ' + headers[i]); + util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i])); } if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) { util.printDebugError(new Error('Unknown header: ' + headers[i])); diff --git a/test/general/armor.js b/test/general/armor.js index c7958546..1611fcd1 100644 --- a/test/general/armor.js +++ b/test/general/armor.js @@ -101,21 +101,14 @@ module.exports = () => describe('ASCII armor', function() { expect(msg).to.be.an.instanceof(openpgp.CleartextMessage); }); - it('Exception if improperly formatted armor header - plaintext section', async function () { - let msg = getArmor(['Hash:SHA256']); - msg = openpgp.readCleartextMessage({ cleartextMessage: msg }); - await expect(msg).to.be.rejectedWith(Error, /Improperly formatted armor header/); - msg = getArmor(['Ha sh: SHA256']); - msg = openpgp.readCleartextMessage({ cleartextMessage: msg }); + it('Exception if header is not Hash in cleartext signed message', async function () { + const msg = openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Ha sh: SHA256']) }); await expect(msg).to.be.rejectedWith(Error, /Only "Hash" header allowed in cleartext signed message/); - msg = getArmor(['Hash SHA256']); - msg = openpgp.readCleartextMessage({ cleartextMessage: msg }); - await expect(msg).to.be.rejectedWith(Error, /Improperly formatted armor header/); }); - it('Exception if improperly formatted armor header - signature section', async function () { + it('Ignore improperly formatted armor header', async function () { await Promise.all(['Space : trailing', 'Space :switched', ': empty', 'none', 'Space:missing'].map(async function (invalidHeader) { - await expect(openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Hash: SHA1'], [invalidHeader]) })).to.be.rejectedWith(Error, /Improperly formatted armor header/); + expect(await openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Hash: SHA1'], [invalidHeader]) })).to.be.an.instanceof(openpgp.CleartextMessage); })); });