Skip to content

Commit 6b43e02

Browse files
larabrlarabr
authored
Merge pull request from GHSA-ch3c-v47x-4pgp
Reject cleartext messages with extraneous data preceeding hash header
2 parents 4df86e5 + 11b5999 commit 6b43e02

2 files changed

Lines changed: 27 additions & 1 deletion

File tree

src/cleartext.js

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -174,7 +174,7 @@ function verifyHeaders(headers, packetlist) {
174174
let oneHeader = null;
175175
let hashAlgos = [];
176176
headers.forEach(function(header) {
177-
oneHeader = header.match(/Hash: (.+)/); // get header value
177+
oneHeader = header.match(/^Hash: (.+)$/); // get header value
178178
if (oneHeader) {
179179
oneHeader = oneHeader[1].replace(/\s/g, ''); // remove whitespace
180180
oneHeader = oneHeader.split(',');

test/general/signature.js

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -999,6 +999,32 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU=
999999
expect(await sigInfo.verified).to.be.true;
10001000
});
10011001

1002+
it('Reject cleartext message with arbitrary text added around hash headers (spoofed cleartext message)', async function() {
1003+
await expect(openpgp.readCleartextMessage({ cleartextMessage: `-----BEGIN PGP SIGNED MESSAGE-----
1004+
This is not signed but you might think it is Hash: SHA512
1005+
1006+
This is signed
1007+
-----BEGIN PGP SIGNATURE-----
1008+
1009+
wnUEARYKACcFgmTsqxgJkEhlqJkkhIfRFiEEUA/OS4xZ3EwNC5l8SGWomSSE
1010+
h9EAALyPAQDDR0IYwq/5XMVSYPWojBamM4NhcP5arA656ALIq9cJYAEAlw0H
1011+
Fk7EflUZzngwY4lBzYAfnNBjEjc30xD/ddo+rwE=
1012+
=O7mt
1013+
-----END PGP SIGNATURE-----` })).to.be.rejectedWith(/Only "Hash" header allowed/);
1014+
1015+
await expect(openpgp.readCleartextMessage({ cleartextMessage: `-----BEGIN PGP SIGNED MESSAGE-----
1016+
Hash: SHA512\vThis is not signed but you might think it is
1017+
1018+
This is signed
1019+
-----BEGIN PGP SIGNATURE-----
1020+
1021+
wnUEARYKACcFgmTsqxgJkEhlqJkkhIfRFiEEUA/OS4xZ3EwNC5l8SGWomSSE
1022+
h9EAALyPAQDDR0IYwq/5XMVSYPWojBamM4NhcP5arA656ALIq9cJYAEAlw0H
1023+
Fk7EflUZzngwY4lBzYAfnNBjEjc30xD/ddo+rwE=
1024+
=O7mt
1025+
-----END PGP SIGNATURE-----` })).to.be.rejectedWith(/Unknown hash algorithm in armor header/);
1026+
});
1027+
10021028
it('Supports non-human-readable notations', async function() {
10031029
const { packets: [signature] } = await openpgp.readSignature({ armoredSignature: signature_with_non_human_readable_notations });
10041030
// There are no human-readable notations so `notations` property does not

0 commit comments

Comments
 (0)