Hi all, attached is a larger patch which fixes Balsa's vulnerabilities regarding the “Johnny you are fired” [1] issues: CMS Attack Class C2: Multiple signatures are classified and reported as possible attack, i.e. instead of perfect forgery, Balsa is not vulnerable any more. ID Attack Class I1, I2 and I3: Balsa now prints the uid of the signers key (in the S/MIME case only CN and EMAIL components, or the full uid if both are missing) in the headers section which cannot be controlled by an attacker. We don't cross-check the uid against the From: and/or Sender: address, as spoofing them is trivial, and might lead to false positives e.g. for messages distributed by mailing lists. The display of the invalid “from is sender . <signer>” and “from is sender <signer>” headers is exactly what GMime produces. This seems to be a flaw in gmime 2.6, as gmime 3.2 correctly indicates that they are broken. IOW, for the time being, it is not possible to fix this behaviour easily. Although the latter is not optimal, IMO Balsa is not vulnerable any more, instead of a partial forgery. MIME Attack Class M3 (inline PGP only) and M4 (inline PGP only): The confusing valid signature info has been removed from the headers section. Balsa is not vulnerable any more, instead of a weak forgery. I also fixed some glitches in printing PGP inline or PGP/MIME and S/MIME combined singed and encrypted messages where the frame was missing. This lead to a slightly more extensive refactoring of src/print-gtk.c. I also renamed the (for me) ugly sounding “Signed matter”, “Encrypted matter” and “Signed and encrypted matter” phrases (I invented them years ago, IIRC…) to just “Signed”, “Encrypted” and “Signed and encrypted” – native speakers, please check if this is correct, or replace them by better phrases! As always, any comment will be welcome! Cheers, Albrecht. [1] <https://mail.gnome.org/archives/balsa-list/2019-May/msg00000.html> --- Patch details: - configure.ac: require gnutls >= 3.0 - libbalsa/body.[ch]: add helper functions for detecting multipart and inline signed bodies - libbalsa/gmime-gpgme-signature.[ch]: * g_mime_gpgme_sigstat_new_from_gpgme_ctx() classify multiple signatures as possible attack, always load key if available; * add g_mime_gpgme_sigstat_info() giving the protocol, signer and signature status; * g_mime_gpgme_sigstat_to_gchar() use changed libbalsa_gpgme_sig_stat_to_gchar() interface, hide signature timestamp if it is missing; * add g_mime_gpgme_sigstat_signer() to get the OpenPGP or S/MIME signer as human-readable string; * add tokenize_subject() and cert_subject_cn_mail() for better evaluation of a certificate DN, and use them in libbalsa_cert_subject_readable() - libbalsa/html.c: fix segfault on NULL body (detected with one of the broken “Johnny” samples) - libbalsa/libbalsa-gpgme.[ch]: * add libbalsa_gpgme_protocol_name() to get consistent protocol naming (replaces gpgme_get_protocol_name() or hardcoded values); * define error code for multiple signatures - libbalsa/rfc3156.[ch]: * change libbalsa_gpgme_sig_stat_to_gchar() to return a newly allocated string, possibly including error information from gpgme; * remove duplicated #define's - src/balsa-message.c:# * get_crypto_content_icon() print extended signature info in the tree view; * libbalsa_msg_try_mp_signed() and libbalsa_msg_part_2440() use new libbalsa_gpgme_sig_stat_to_gchar() api - src/balsa-mime-widget-crypto.c: drop code to load a signature's key as this is now done in g_mime_gpgme_sigstat_new_from_gpgme_ctx() - src/balsa-mime-widget-message.c: * use new helpers for detecting signed parts; * use new libbalsa_gpgme_sig_stat_to_gchar() api - src/balsa-print-object-header.[ch]: * use new helpers for detecting signed parts and g_mime_gpgme_sigstat_info(); * remove now unused parameter from balsa_print_object_header_crypto(), and drop code to load a signature's key - src/balsa-print-object.c: use modified balsa_print_object_header_crypto() api - src/print-gtk.c: refactoring and simplification of printing signed and/or encrypted parts - src/sendmsg-window.c: use libbalsa_gpgme_protocol_name()
Attachment:
johnny-fixes.diff.bz2
Description: application/bzip
Attachment:
pgp0HK8h7q6QQ.pgp
Description: PGP signature