Projects
Kolab:Winterfell
roundcubemail
0004-Enigma-Fix-key-selection-for-signing.patch
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0004-Enigma-Fix-key-selection-for-signing.patch of Package roundcubemail (Revision 96)
Currently displaying revision
96
,
Show latest
From ad628a9befbc0583d3f84590039a14cee7f1a696 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak <alec@alec.pl> Date: Wed, 4 Apr 2018 11:14:35 +0200 Subject: [PATCH 4/4] Enigma: Fix key selection for signing In some cases a public key of other user could be selected instead of the sender's private key --- CHANGELOG | 1 + plugins/enigma/lib/enigma_engine.php | 23 ++++++++++++++++++++--- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index ba360f71c..f34306737 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -4,6 +4,7 @@ CHANGELOG Roundcube Webmail - Fix parsing date strings (e.g. from a Date: mail header) with comments (#6216) - Fix PHP 7.2: count(): Parameter must be an array in enchant-based spellchecker (#6234) - Fix possible IMAP command injection and type juggling vulnerabilities (#6229) +- Enigma: Fix key selection for signing RELEASE 1.3.5 ------------- diff --git a/plugins/enigma/lib/enigma_engine.php b/plugins/enigma/lib/enigma_engine.php index e0bd8bc27..bbe380cd0 100644 --- a/plugins/enigma/lib/enigma_engine.php +++ b/plugins/enigma/lib/enigma_engine.php @@ -29,6 +29,7 @@ class enigma_engine private $pgp_driver; private $smime_driver; private $password_time; + private $cache = array(); public $decryptions = array(); public $signatures = array(); @@ -348,7 +349,7 @@ class enigma_engine $from = $from[1]; // find my key - if ($from && ($key = $this->find_key($from))) { + if ($from && ($key = $this->find_key($from, true))) { $pubkey_armor = $this->export_key($key->id); if (!$pubkey_armor instanceof enigma_error) { @@ -979,6 +980,10 @@ class enigma_engine */ function find_key($email, $can_sign = false) { + if ($can_sign && array_key_exists($email, $this->cache)) { + return $this->cache[$email]; + } + $this->load_pgp_driver(); $result = $this->pgp_driver->list_keys($email); @@ -988,13 +993,25 @@ class enigma_engine } $mode = $can_sign ? enigma_key::CAN_SIGN : enigma_key::CAN_ENCRYPT; + $ret = null; // check key validity and type foreach ($result as $key) { - if ($subkey = $key->find_subkey($email, $mode)) { - return $key; + if (($subkey = $key->find_subkey($email, $mode)) + && (!$can_sign || $key->get_type() == enigma_key::TYPE_KEYPAIR) + ) { + $ret = $key; + break; } } + + // cache private key info for better performance + // we can skip one list_keys() call when signing and attaching a key + if ($can_sign) { + $this->cache[$email] = $ret; + } + + return $ret; } /** -- 2.14.3
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.