[Tickets #10809] Re: Bug in decrypting PGP-messages in imp

bugs at horde.org bugs at horde.org
Tue Dec 6 08:14:02 UTC 2011 

DO NOT REPLY TO THIS MESSAGE. THIS EMAIL ADDRESS IS NOT MONITORED.

Ticket URL: http://bugs.horde.org/ticket/10809
------------------------------------------------------------------------------
  Ticket             | 10809
  Updated By         | Michael Slusarz <slusarz at horde.org>
  Summary            | Bug in decrypting PGP-messages in imp
  Queue              | IMP
  Version            | 5.0.15
  Type               | Bug
  State              | Feedback
  Priority           | 2. Medium
  Milestone          |
  Patch              |
  Owners             |
------------------------------------------------------------------------------


Michael Slusarz <slusarz at horde.org> (2011-12-06 01:14) wrote:

> The error becomes manifest on line 378 in file  
> imp/lib/Mime/Viewer/Pgp.php where getMetadata() fails since the  
> variable the should be a Horde_Mime_Part is NULL. This is the case  
> since  $this->getConfigParam('imp_contents')->getMIMEPart($sig_id);  
> results NULL a few lines before.

Here's what I see.

You have a PGP encrypted message.  It looks like this:

(0) multipart/encrypted
   1 application/pgp-encrypted
   2 application/octet-stream

So far, so good.

IMP correctly decrypts the data.  When we do this, we create a  
"virtual" MIME part - Part ID 3.  We need to do this because the  
encrypted data is itself a MIME part, and we need to send this data  
through our viewing system to be
parsed.

Sure enough, the encrypted part is PGP signed.  So our message now  
(should) look like this:

(0) multipart/encrypted
   1 application/pgp-encrypted
   2 application/octet-stream
   (3) multipart/signed
     (3.1) [Message Data]
     (3.2) application/pgp-signature

BUT the problem with your message is that it appears that (3.1) is  
completely missing.  In other words, multipart/signed requires 2 parts  
but your message only contains one.  So that's why part ID 3.2 can't  
be found - it doesn't exist.  And if it doesn't exist, that means that  
your PGP message is broken (it looks like your message contains  
pgp-signature data but no message data).

I can't be sure until you provide the message source of the decrypted  
message.  Easiest way is to do this on line 283 of  
imp/lib/Mime/Viewer/Pgp.php:

Horde::debug($decrypted_data->message);

And post the output here (redacting any sensitive data).

---

Horde::debug() documentation: http://wiki.horde.org/Doc/Dev/DebugH4

More information about the bugs mailing list