<table><tr><td style="">knauss retitled this revision from "Test mails for Decryption Oracle based on replying to PGP or S/MIME." to " Decryption Oracle based on replying to PGP or S/MIME (CVE-2019-10732)".<br />knauss edited the summary of this revision. <a href="https://phabricator.kde.org/transactions/detail/PHID-XACT-DREV-mtixmkvkljihwm3/">(Show Details)</a><br />knauss edited the test plan for this revision. <a href="https://phabricator.kde.org/transactions/detail/PHID-XACT-DREV-rb5iugfwfdvcdeq/">(Show Details)</a><br />knauss added a subscriber: security-team.
</td><a style="text-decoration: none; padding: 4px 8px; margin: 0 8px 8px; float: right; color: #464C5C; font-weight: bold; border-radius: 3px; background-color: #F7F7F9; background-image: linear-gradient(to bottom,#fff,#f1f0f1); display: inline-block; border: 1px solid rgba(71,87,120,.2);" href="https://phabricator.kde.org/D20757">View Revision</a></tr></table><br /><div><strong>CHANGES TO REVISION SUMMARY</strong><div><div style="white-space: pre-wrap; color: #74777D;"><span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">In order to make sure we never add a Decryption Oracle add test mails to<br />
TemplateParser.<br />
<br />
BUG: 404698<br />
<br />
Current status:<br />
reply as text:<br />
[x] PGP Mime text<br />
[x] PGP Mime html<br />
[x] S/MIME<br />
[x] PGP inline<br />
<br />
reply as html:<br />
[x] PGP Mime text<br />
[x] PGP Mime html ( and it removes the first text node</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">ObjectTreeParser.htmlContent/plainTextContent may concats different encrypted parts without the user noticing it. That would lead to a Decryption oracle. We have already a logic to find the topleveltextNode in MimeTreeParser</span>, <span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">if it finds a HtmlMessagePart in leaf nodes)</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">this does not take HTML nodes into account nor that TEXT nodes may have several PGP Inline blocks.</span><br />
<span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">[x] S/MIME<br />
[x] PGP inline</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);"> <br />
That plaintextContent for HtmlMessagePart is not return QString(), that bubbled up by testing the stuff.</span><br />
<br />
<span style="padding: 0 2px; color: #333333; background: rgba(251, 175, 175, .7);">forward (text/html):<br />
[] PGP Mime text<br />
[] PGP Mime html<br />
[] S/MIME<br />
[] PGP inline</span><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">BUG: 404698</span></div></div></div><br /><div><strong>CHANGES TO TEST PLAN</strong><div><div style="white-space: pre-wrap; color: #74777D;"><span style="padding: 0 2px; color: #333333; background: rgba(151, 234, 151, .6);">Current status:<br />
<br />
"x" - means the reply does not leak information from other blocks<br />
<br />
reply as text:<br />
[x] PGP Mime text<br />
[x] PGP Mime html<br />
[x] S/MIME<br />
[x] PGP inline<br />
<br />
reply as html:<br />
[x] PGP Mime text<br />
[x] PGP Mime html ( and it removes the first text node, if it finds a HtmlMessagePart in leaf nodes)<br />
[x] S/MIME<br />
[x] PGP inline<br />
<br />
will moved to another review request:<br />
forward (text/html):<br />
[] PGP Mime text<br />
[] PGP Mime html<br />
[] S/MIME<br />
[] PGP inline</span></div></div></div><br /><div><strong>REPOSITORY</strong><div><div>R94 PIM: Message Library</div></div></div><br /><div><strong>REVISION DETAIL</strong><div><a href="https://phabricator.kde.org/D20757">https://phabricator.kde.org/D20757</a></div></div><br /><div><strong>To: </strong>knauss, KDE PIM, aacid, dfaure<br /><strong>Cc: </strong>security-team, vkrause, kde-pim, dvasin, rodsevich, winterz, mlaurent, knauss, dvratil<br /></div>