[kmail2] [Bug 390002] Message viewer: attached .doc file is shown as encrypted

Ingo Klöcker bugzilla_noreply at kde.org
Wed Sep 1 22:53:18 BST 2021


https://bugs.kde.org/show_bug.cgi?id=390002

--- Comment #7 from Ingo Klöcker <kloecker at kde.org> ---
I had a quick look at what GpgME::data().type() is doing. It looks as if any
data that starts with something that looks even remotely like a valid OpenPGP
packet is identified as some OpenPGP data. The code trying to identifying the
data basically only looks at the first byte. If bit 7 is set, then there is
a chance of 31:127 that the data is identified as some kind of OpenPGP data and
a chance of 15:127 that the data is identified as GpgME::Data::PGPOther.

There is special code to prevent PNG files starting with "\x89PNG" from being
identified as some kind of OpenPGP data, but that's the only blacklisting
that's done.

Given this, I conclude that GpgME::data().type() is not suitable for checking
if arbitrary data is some kind of OpenPGP data. In my opinion, it should only
be used on data if there are good reasons to assume that this data is indeed
OpenPGP data, but if it's not clear what kind of OpenPGP data.

For identifying data of type application/octet-stream, we should use file type
detection provided by other libraries. Isn't there something in KF5 maybe in
KIO that determines the mimetype? Or are we doing the GpgME::data().type() only
after KIO returns application/octet-stream?

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the Kdepim-bugs mailing list