suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Ignore improperly formatted armor headers (#1557)

Browse Source 
Show a debug warning instead of throwing an error on malformed headers.
This commit is contained in:
Celine Moredo 2022-08-22 21:30:33 +08:00 committed by GitHub
parent 93644b7c58
commit 4d2cf85a51
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/encoding/armor.js
View File

@ -182,15 +182,17 @@ function createcrc24(input) {
} }
/** /**
* Verify armored headers. RFC4880, section 6.3: "OpenPGP should consider improperly formatted * Verify armored headers. crypto-refresh-06, section 6.2:
* Armor Headers to be corruption of the ASCII Armor." * "An OpenPGP implementation may consider improperly formatted Armor
* Headers to be corruption of the ASCII Armor, but SHOULD make an
* effort to recover."
* @private * @private
* @param {Array<String>} headers - Armor headers * @param {Array<String>} headers - Armor headers
*/ */
function verifyHeaders(headers) { function verifyHeaders(headers) {
for (let i = 0; i < headers.length; i++) { for (let i = 0; i < headers.length; i++) {
if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) { if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
throw new Error('Improperly formatted armor header: ' + headers[i]); util.printDebugError(new Error('Improperly formatted armor header: ' + headers[i]));
} }
if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) { if (!/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {
util.printDebugError(new Error('Unknown header: ' + headers[i])); util.printDebugError(new Error('Unknown header: ' + headers[i]));

15
test/general/armor.js
View File

@ -101,21 +101,14 @@ module.exports = () => describe('ASCII armor', function() {
expect(msg).to.be.an.instanceof(openpgp.CleartextMessage); expect(msg).to.be.an.instanceof(openpgp.CleartextMessage);
}); });
it('Exception if improperly formatted armor header - plaintext section', async function () { it('Exception if header is not Hash in cleartext signed message', async function () {
let msg = getArmor(['Hash:SHA256']); const msg = openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Ha sh: SHA256']) });
msg = openpgp.readCleartextMessage({ cleartextMessage: msg });
await expect(msg).to.be.rejectedWith(Error, /Improperly formatted armor header/);
msg = getArmor(['Ha sh: SHA256']);
msg = openpgp.readCleartextMessage({ cleartextMessage: msg });
await expect(msg).to.be.rejectedWith(Error, /Only "Hash" header allowed in cleartext signed message/); await expect(msg).to.be.rejectedWith(Error, /Only "Hash" header allowed in cleartext signed message/);
msg = getArmor(['Hash SHA256']);
msg = openpgp.readCleartextMessage({ cleartextMessage: msg });
await expect(msg).to.be.rejectedWith(Error, /Improperly formatted armor header/);
}); });
it('Exception if improperly formatted armor header - signature section', async function () { it('Ignore improperly formatted armor header', async function () {
await Promise.all(['Space : trailing', 'Space :switched', ': empty', 'none', 'Space:missing'].map(async function (invalidHeader) { await Promise.all(['Space : trailing', 'Space :switched', ': empty', 'none', 'Space:missing'].map(async function (invalidHeader) {
await expect(openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Hash: SHA1'], [invalidHeader]) })).to.be.rejectedWith(Error, /Improperly formatted armor header/); expect(await openpgp.readCleartextMessage({ cleartextMessage: getArmor(['Hash: SHA1'], [invalidHeader]) })).to.be.an.instanceof(openpgp.CleartextMessage);
})); }));
}); });