smime crash when replying to mail

[Neuron]

Hi,

I have no idea how smime exactly works, but I guess that SmimeDefaultKey? is NULL unless something is set in .muttrc. However this crashes mutt when replying to smime signed mail. I'm attaching patch which fixes this issue for me.

Thank you

--

Vlad

[Vladimir Marek]

>  I have no idea how smime exactly works, but I guess that SmimeDefaultKey
>  is NULL unless something is set in .muttrc. However this crashes mutt when
>  replying to smime signed mail. I'm attaching patch which fixes this issue
>  for me.

Thinking beyond the fix, would not be better to stop any smime
processing earlier, let's say somewhere in mutt_protect, if
SmimeDefaultKey is NULL ?

Thank you

[pdmef]

Hmm, the code changes smime_sign_message() so first we need to know why it attempts to S/MIME sign the message at all. What are your pgp and s/mime settings ("mutt -D | grep crypt" and remove any private data)?

[Vladimir Marek]

>  Hmm, the code changes smime_sign_message() so first we need to know why it
>  attempts to S/MIME sign the message at all. What are your pgp and s/mime
>  settings ("mutt -D | grep crypt" and remove any private data)?

========================= mutt -D | grep crypt =========================
crypt_use_gpgme is unset
crypt_use_pka is unset
crypt_autopgp is set
crypt_autosmime is set
crypt_autosign is set
crypt_autoencrypt is unset
crypt_replyencrypt is set
crypt_replysign is unset
crypt_replysignencrypted is unset
crypt_timestamp is set
crypt_verify_sig=yes
smime_decrypt_use_default_key is set
pgp_decrypt_command="mutt_gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
pgp_encrypt_sign_command="pgpewrap mutt_gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xXXXXXXXX -- -r %r -- %f"
pgp_encrypt_only_command="pgpewrap mutt_gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xXXXXXXXX -- -r %r -- %f"
forward_decrypt is set
smime_encrypt_with=""
smime_decrypt_command=""
smime_encrypt_command=""
========================================================================

Does it make any sense to you ?

What happened exactly was, that I got mail, which contains
"S/MIME Cryptographic Signature" as an attachment. If I turn the headers
display on, this bit seems to be relevant:

Content-type: multipart/signed;                                                                                                                                
        boundary=------------ms020002030404060802020200; micalg=sha1;                                                                                          
        protocol="application/x-pkcs7-signature"                                                                                                               

I hit 'r' as in reply and wrote my reply in editor and quit to composer.
The composer shows (apart from the rest) this two lines:

S/MIME: Sign
sign as: <default>

Then I hit 'y' since I want to send the mail. Mutt asks me "Enter S/MIME
passphrase:". Since I don't have any S/MIME passphrase I just hit CR.
Mutt then warns me "Warning: Intermediate certificate not found." and in
few moment crashes.

If I quickly inspect the core file:

$ dbx /store/rcs/pkg/mutt/bin/mutt.i386 core
Reading mutt.i386
core file header read successfully
Reading ld.so.1
Reading libdl.so.1
Reading libz.so.1
Reading libsocket.so.1
Reading libnsl.so.1
Reading libc.so.1
Reading cs_CZ.UTF-8@euro.so.3
Reading methods_unicode.so.3
program terminated by signal SEGV (no mapping at the fault address)
0xfed8a350: strlen+0x0030:      movl     (%eax),%ecx
(dbx) where                                                                  
=>[1] strlen(0x0), at 0xfed8a350 
  [2] _ndoprnt(0x834f3ed, 0x804349c, 0x8043460, 0x0), at 0xfedcb3f6 
  [3] snprintf(0x838a1f8, 0xff, 0x834f3e8, 0x83a386c, 0x0, 0x83ab0b0, 0x57c, 0x1), at 0xfedcd4a1 
  [4] smime_sign_message(0x0, 0x90600, 0x0, 0x0, 0x0, 0x80780), at 0x8110b74 
(dbx) x 0x834f3e8/s
dbx: warning: unknown language, 'c' assumed
0x0834f3e8: stringprep_rfc3454_A_1+0x9e90:      "%s/%s"
(dbx) x 0x83a386c/s
0x083a386c: _libiconv_version+0xa368:   ""

I can repeat with debug build if it helps anything. I'm sorry that I
didn't include full bug report as a first thing.

Thank you for help

[Rocco Rutte]

Hi,

* Vladimir Marek wrote:
>>  Hmm, the code changes smime_sign_message() so first we need to know why it
>>  attempts to S/MIME sign the message at all. What are your pgp and s/mime
>>  settings ("mutt -D | grep crypt" and remove any private data)?

>========================= mutt -D | grep crypt =========================
>crypt_use_gpgme is unset
>crypt_use_pka is unset
>crypt_autopgp is set
>crypt_autosmime is set
>crypt_autosign is set
>crypt_autoencrypt is unset
>crypt_replyencrypt is set
>crypt_replysign is unset
>crypt_replysignencrypted is unset
>crypt_timestamp is set
>crypt_verify_sig=yes
>smime_decrypt_use_default_key is set
>pgp_decrypt_command="mutt_gpg --passphrase-fd 0 --no-verbose --batch --output - %f"
>pgp_encrypt_sign_command="pgpewrap mutt_gpg --passphrase-fd 0 --batch --quiet --no-verbose --textmode --output - --encrypt --sign %?a?-u %a? --armor --always-trust --encrypt-to 0xXXXXXXXX -- -r %r -- %f"
>pgp_encrypt_only_command="pgpewrap mutt_gpg --batch --quiet --no-verbose --output - --encrypt --textmode --armor --always-trust --encrypt-to 0xXXXXXXXX -- -r %r -- %f"
>forward_decrypt is set
>smime_encrypt_with=""
>smime_decrypt_command=""
>smime_encrypt_command=""
>========================================================================

>Does it make any sense to you ?

Yes (partially) since this is what I've guessed (more or less). 
crypt_autosign is set. I didn't read the code but my guess is that mutt 
tries to S/MIME sign the message since the original one is S/MIME, too.

To verify that this is the problem (which should be reproducable I 
think), you could try unsetting $crypt_autosign and re-trying. The crash 
should go away. Trying the other case (replying to PGP signed mail with 
only S/MIME setup and $crypt_autosign) might be interesting too.

I'm not sure where to fix this since I didn't read the code. Maybe that 
function should really just fail since you also set $crypt_autosmime 
(unsetting it may also make the problem disappear)...

Rocco

[Vladimir Marek]

[...]
> Yes (partially) since this is what I've guessed (more or less).  
> crypt_autosign is set. I didn't read the code but my guess is that mutt  
> tries to S/MIME sign the message since the original one is S/MIME, too.
>
> To verify that this is the problem (which should be reproducable I  
> think), you could try unsetting $crypt_autosign and re-trying. The crash  
> should go away.

Correct. After ":set crypt_autosign=no" composer says: "Security: Clear"
and I do not get crash. Other workaround (which I have been using) is to
press 'p' to show pgp-menu, which first asks you if you wish to clear
the S/MIME bit.


> Trying the other case (replying to PGP signed mail with  only S/MIME
> setup and $crypt_autosign) might be interesting too.

I haven't tried that.


> I'm not sure where to fix this since I didn't read the code. Maybe that  
> function should really just fail since you also set $crypt_autosmime  
> (unsetting it may also make the problem disappear)...

Now I see. I had 'pgp_autosign=yes' which is deprecated now, and turned
on crypt_autosign. I replaced it with theese three and it seems to use
PGP always for signing.

set crypt_autosign=yes
set crypt_autopgp=yes
set crypt_autosmime=no

Thank you

[brendan]

(In [32374c911c6c]) Check S/MIME signing ID exists before attempting to use it. Closes #3069. Also make (s)ign automatically ask for a key if no default is defined.

[Vladimir Marek]

> Changes (by brendan):
> 
>   * status:  new => closed
>   * resolution:  => fixed

Thank you Brendan. I'll test it out tomorrow.

[Vladimir Marek]

> Changes (by brendan):
> 
>   * status:  new => closed
>   * resolution:  => fixed
> 
> Comment:
> 
>  (In [32374c911c6c]) Check S/MIME signing ID exists before attempting to
>  use it.
>  Closes #3069. Also make (s)ign automatically ask for a key if no
>  default is defined.

Works very well, thank you