Skip to content

Commit 11b5999

Browse files
larabrlarabr
committed
Reject cleartext messages with extraneous data preceeding hash header
Parsing of such messages will fail, as the data in the header is not verified, and allowing it opens up the possibility of signature spoofing.
1 parent 4df86e5 commit 11b5999

2 files changed

Lines changed: 27 additions & 1 deletion

File tree

src/cleartext.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ function verifyHeaders(headers, packetlist) {
174174
let oneHeader = null;
175175
let hashAlgos = [];
176176
headers.forEach(function(header) {
177-
oneHeader = header.match(/Hash: (.+)/); // get header value
177+
oneHeader = header.match(/^Hash: (.+)$/); // get header value
178178
if (oneHeader) {
179179
oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace
180180
oneHeader = oneHeader.split(',');

test/general/signature.js

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -999,6 +999,32 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
999999
expect(await sigInfo.verified).to.be.true;
10001000
});
10011001

1002+
it('Reject cleartext message with arbitrary text added around hash headers (spoofed cleartext message)', async function() {
1003+
await expect(openpgp.readCleartextMessage({ cleartextMessage: `-----BEGIN PGP SIGNED MESSAGE-----
1004+
This is not signed but you might think it is Hash: SHA512
1005+
1006+
This is signed
1007+
-----BEGIN PGP SIGNATURE-----
1008+
1009+
wnUEARYKACcFgmTsqxgJkEhlqJkkhIfRFiEEUA/OS4xZ3EwNC5l8SGWomSSE
1010+
h9EAALyPAQDDR0IYwq/5XMVSYPWojBamM4NhcP5arA656ALIq9cJYAEAlw0H
1011+
Fk7EflUZzngwY4lBzYAfnNBjEjc30xD/ddo+rwE=
1012+
=O7mt
1013+
-----END PGP SIGNATURE-----` })).to.be.rejectedWith(/Only "Hash" header allowed/);
1014+
1015+
await expect(openpgp.readCleartextMessage({ cleartextMessage: `-----BEGIN PGP SIGNED MESSAGE-----
1016+
Hash: SHA512\vThis is not signed but you might think it is
1017+
1018+
This is signed
1019+
-----BEGIN PGP SIGNATURE-----
1020+
1021+
wnUEARYKACcFgmTsqxgJkEhlqJkkhIfRFiEEUA/OS4xZ3EwNC5l8SGWomSSE
1022+
h9EAALyPAQDDR0IYwq/5XMVSYPWojBamM4NhcP5arA656ALIq9cJYAEAlw0H
1023+
Fk7EflUZzngwY4lBzYAfnNBjEjc30xD/ddo+rwE=
1024+
=O7mt
1025+
-----END PGP SIGNATURE-----` })).to.be.rejectedWith(/Unknown hash algorithm in armor header/);
1026+
});
1027+
10021028
it('Supports non-human-readable notations', async function() {
10031029
const { packets: [signature] } = await openpgp.readSignature({ armoredSignature: signature_with_non_human_readable_notations });
10041030
// There are no human-readable notations so `notations` property does not

0 commit comments

Comments
 (0)