Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

error flattening complex smime signed message #40361

Open
ludo mannequin opened this issue Jun 7, 2004 · 8 comments
Open

error flattening complex smime signed message #40361

ludo mannequin opened this issue Jun 7, 2004 · 8 comments
Labels
expert-email type-bug An unexpected behavior, bug, or error

Comments

@ludo
Copy link
Mannequin

ludo mannequin commented Jun 7, 2004

BPO 968430
Nosy @warsaw, @vstinner, @devdanzin, @bitdancer
Dependencies
  • bpo-1590744: mail message parsing glitch
  • bpo-1670765: email.Generator: no header wrapping for multipart/signed
    		•
    Files
  • email_smime_bug.zip: test messages and ca certificate file
    		•

    Note: these values reflect the state of the issue at the time it was migrated and might not reflect the current state.

    Show more details

    GitHub fields:

    assignee = None
closed_at = None
created_at = <Date 2004-06-07.20:34:58.000>
labels = ['type-bug', 'expert-email']
title = 'error flattening complex smime signed message'
updated_at = <Date 2019-07-29.12:01:30.577>
user = 'https://bugs.python.org/ludo'

    bugs.python.org fields:

    activity = <Date 2019-07-29.12:01:30.577>
actor = 'vstinner'
assignee = 'none'
closed = False
closed_date = None
closer = None
components = ['email']
creation = <Date 2004-06-07.20:34:58.000>
creator = 'ludo'
dependencies = ['1590744', '1670765']
files = ['1304']
hgrepos = []
issue_num = 968430
keywords = ['patch']
message_count = 8.0
messages = ['21076', '21077', '21078', '21079', '21080', '82054', '161478', '348648']
nosy_count = 9.0
nosy_names = ['barry', 'ludo', 'shevek', 'hta', 'gagern', 'vstinner', 'ajaksu2', 'r.david.murray', 'srikanths']
pr_nums = []
priority = 'normal'
resolution = None
stage = 'test needed'
status = 'open'
superseder = None
type = 'behavior'
url = 'https://bugs.python.org/issue968430'
versions = ['Python 3.3']
    @ludo
    Copy link
    Mannequin Author

    ludo mannequin commented Jun 7, 2004

    Python 2.3.3 [GCC 3.2.2] on linux2
    email version 2.5.5

    Complex SMIME signed messages parsed and flattened
    again do not pass SMIME verification. I have noticed
    this with messages that have as message/rfc822
    attachment another SMIME signed message.

    A diff between an "original" SMIME signed messaged
    passign openssl smime -verify verification and the same
    message parsed (message_from_file) and flattened
    (as_string(False)) by the email library:
    diff -bB bugmsg_signed.eml bugmsg_signed_parsed.eml
    2c2,3
    < Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature"; micalg=sha1;
    boundary="----381546B4549948B9F93D885A82884C49"
    ---

    Content-Type: multipart/signed;
    protocol="application/x-pkcs7-signature";
    micalg=sha1;
    boundary="----381546B4549948B9F93D885A82884C49"

    The email-parsed message splits the signature header
    into two lines, thus rendering the message non-valid.

    Attached to this bug a .zip archive with:

    openssl command used to verify #2 and #3:

    openssl smime -verify -in bugmsg_signed.eml -CAfile
    cacert.pem

    openssl smime -verify -in bugmsg_signed_parsed.eml
    -CAfile cacert.pem

    @ludo ludo mannequin assigned warsaw Jun 7, 2004
    @ludo ludo mannequin added the stdlib Python modules in the Lib dir label Jun 7, 2004
    @ludo ludo mannequin assigned warsaw Jun 7, 2004
    @ludo ludo mannequin added the stdlib Python modules in the Lib dir label Jun 7, 2004
    @shevek
    Copy link
    Mannequin

    shevek mannequin commented Jan 24, 2005

    Logged In: YES
    user_id=42389

    I would like to add that I think this bug is quite
    important, as mailman uses python. This means that many
    mailing lists invalidate signatures when signed e-mails with
    attachments are sent through them. As attachments are often
    code patches, it is quite important that the signatures are
    working correctly.

    @shevek
    Copy link
    Mannequin

    shevek mannequin commented Jan 25, 2005

    Logged In: YES
    user_id=42389

    In case it is any help, I tried to find the problem in the
    source. I don't speak python, so I can't fix anything, but
    I do speak C, so it's quite readable. :-)

    It seems to me that the problem is in Lib/email/Message.py,
    in particular in _parseparam and _get_params_preserve. Both
    these functions call strip() on the object several times
    (which seems a bit overdone anyway ;-) ), which I presume
    removes all whitespace around them.

    I think the whitespace should somehow be saved (not
    stripping will probably break many programs, so that's not a
    good idea), so it can be used again when the header is
    written. set_param should of course also fill this value,
    so new params get a defined separation (although the empty
    string is quite acceptable).

    How this should be implemented I gladly leave to someone who
    actually speaks Python. :-)

    @hta
    Copy link
    Mannequin

    hta mannequin commented Sep 8, 2005

    Logged In: YES
    user_id=12193

    Adding my voice that the bug is important.
    This is now the chief culprit in breaking signed messages in my usage of
    signed email on the net; that "signtures are so often broken" is one
    argument people often use against using signed email.

    @gagern
    Copy link
    Mannequin

    gagern mannequin commented Feb 28, 2007

    At least for the header wrapping issue, adding a new handler to the default Generator implementation should provide an easy solution. I just created patch 968430 http://tinyurl.com/2chhz6 for this.

    From mailman bug report 815297 http://tinyurl.com/2a8dta I understand that there is a fix in mailman for this issue as well, but I believe this patch would be a fix any python program would want, not just mailman.

    There remains an issue about leading space in headers, mentioned in that mailman problem report as well. The cause is an lstrip call in FeedParser. However removing that would probably break a lot of existing programs. And modifying all methods accessing the headers to remove or add leading space would be somewhat ugly. Right now I'm trying to figure out how to save the unmodified body for every multipart/signed message, so that it can be stored with the message and used without any modifications during generation.

    @devdanzin
    Copy link
    Mannequin

    devdanzin mannequin commented Feb 14, 2009

    Patch at bpo-1670765.

    @devdanzin devdanzin mannequin added type-bug An unexpected behavior, bug, or error labels Feb 14, 2009
    @devdanzin devdanzin mannequin added easy labels Apr 22, 2009
    @warsaw warsaw assigned bitdancer and unassigned warsaw May 5, 2010
    @bitdancer
    Copy link
    Member

    I think if we can fix bpo-1590744, this will be completely fixed.

    @bitdancer bitdancer added expert-email and removed stdlib Python modules in the Lib dir labels May 24, 2012
    @vstinner
    Copy link
    Member

    This issue is not newcomer friendly, I remove the easy keyword.

    @ezio-melotti ezio-melotti transferred this issue from another repository Apr 9, 2022
    Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
    Assignees
    No one assigned
    Labels
    expert-email type-bug An unexpected behavior, bug, or error
    Projects
    None yet
    Milestone
    No milestone
    Development

    No branches or pull requests
    3 participants
    @vstinner @warsaw @bitdancer