Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch 'CVE-2019-10732' into Applications/19.04
Fixes the CVE-2019-10732, with additional tests, to make sure, we fixed the CVE completely. FIXED-IN: 5.11.2 BUG: 404698 CCMAIL: security@kde.org
- Loading branch information
Showing
34 changed files
with
1,325 additions
and
49 deletions.
There are no files selected for viewing
51 changes: 51 additions & 0 deletions
51
mimetreeparser/autotests/data/openpgp-inline-multiple.mbox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,51 @@ | ||
Subject: Testcase 'reply-decrytion-oracle' (PGP INLINE) | ||
To: brucewayne45@web.de | ||
From: brucewayne45@web.de | ||
MIME-Version: 1.0 | ||
Content-Type: text/plain | ||
|
||
Please reply to this message | ||
. | ||
. | ||
. | ||
|
||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf7BxmM0vO8nG37hKqoqOHb35JqprJM+sqF7JFmrsuWe6V2 | ||
PAyyE2wdtq+AhvXjVnggxYLwU+DEFpBTmWr1rsanyV8hWXRbecfN/9gN/4/N9y7Z | ||
XSx2OeE/uA5z8Kz5vrv/ywMqcVHjB5MQPTcLC2Zlg8MVltpriy6mdAkON4I3t7kl | ||
j9uwQRY7HeKvsib63HWnYAOV/fYPXXor/lioeYIll08uuCiTh3Z9fEhXQI/az5Ft | ||
e/xa70xGqviux+OvhoNUSZspzl7vK7e/NTBlC+LF1zVXUXT8prrd+ZFNwKvtn0Hl | ||
W4KfNqTM9TJB8vpE5FWnH6+B365ZvxZopZ5F/9szp9JGAUCNdX5WujBreg7nTLui | ||
UrnDNwOvjvsE/gsoO3n3jARK+Tu8PfUl8V1bHiCeGJz/mkA9uGJ/IApcT4rYsoHB | ||
nVQjW1NJ6A== | ||
=zrF/ | ||
-----END PGP MESSAGE----- | ||
|
||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf+MCqjMjAB80hAMAHfa7bdk/6L4DJQBQn+zHRv6oYzzYFC | ||
8l79DDIE2uorQNFj1ZBw5+pi7+/2QmAANnG2ug5W0HRphg2WPXTUswy5H+mg08PM | ||
MXRsP9lX5pAXEbLZVp61tvOQHnO/ltBhHHBwRaIq2tiirUUhy5erqLwlkSyN8xHM | ||
Bh0u/dIJw7ewMk0l3BtF/GuP7l6PtUxT7P0Vwit4h1FV1bc9mSFmBNN16dvixJ4l | ||
jK0mYEqT97SNZpg0MPOxx8E3xuJptzea4qmACv5zx4gYHlZRM0ZlKNqffmRauWOe | ||
pDCjZv2F1IUJOg28NzZhKCBVhmhBmP1VmLNYFKGAsNJHAV+3uN2YYWzbhoOJAE0N | ||
UxLI0EQN4y7OkAnGiRH45HygLxAjTk6dPiP5OD9OhUnSqofAjajlmqzfAAVMxY1a | ||
epnRKPsnCZU= | ||
=dqBN | ||
-----END PGP MESSAGE----- | ||
|
||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf+MNDSEBVsF78knI+uirDbLSLrHicrXExTocmXr2DZOggI | ||
zMYCAHyg7ohINA40/8ZuR0bC9h6qCZjjhR+VFe2edRFshXlbuzykjpXNYcSv61Sm | ||
9TAVpgAExzS5VhAxYIJ6+zWJR8+hgv63oREZPWlJ23utBDAMkEeY7cga3wn1HZMZ | ||
g4XQZ94a8s9s/I+s3dLOdHGdxw+hmSnxjMhI6TMcZV/Kvr1MkkW10N0h0+hiuq2O | ||
4owEztpm4See8fCkRfhr0TO+a8ElCtIXjVwqeB0tQh0fU3QaaNiDXYawoFMQXG8N | ||
nwCP92glfOeAvJn9KuLwO3ee+WKwcrJhsFRMmjziDdJGAUvptVDNrk2P/0fzo/Xl | ||
ypmw8zhir6ch+4C2+5yFCtVSmC+3Y7+NQ4YE4AR/z5rGvA1lxclulU1DSGkhFTbJ | ||
XEVyg8o23A== | ||
=Bs3d | ||
-----END PGP MESSAGE----- | ||
|
||
whoo three encrypted parts inside. |
72 changes: 72 additions & 0 deletions
72
mimetreeparser/autotests/data/openpgp-inline-multiple.mbox.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
<?xml version="1.0" encoding="UTF8"?> | ||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> | ||
<html> | ||
<body> | ||
<div style="position: relative; word-wrap: break-word"> | ||
<a name="att"/> | ||
<div id="attachmentDiv"> | ||
<div class="noquote"> | ||
<div dir="ltr">Please reply to this message</div> | ||
<div dir="ltr">.</div> | ||
<div dir="ltr">.</div> | ||
<div dir="ltr">.</div> | ||
<br/> | ||
</div> | ||
<table cellspacing="1" cellpadding="1" class="encr"> | ||
<tr class="encrH"> | ||
<td dir="ltr"> | ||
<div class="enc-simple">Encrypted message<a href="kmail:showEncryptionDetails" style="display:block;float:right;">Show Details</a></div> | ||
</td> | ||
</tr> | ||
<tr class="encrB"> | ||
<td> | ||
<div class="noquote"> | ||
<div dir="ltr">first part</div> | ||
</div> | ||
</td> | ||
</tr> | ||
<tr class="encrH"> | ||
<td dir="ltr">End of encrypted message</td> | ||
</tr> | ||
</table> | ||
<table cellspacing="1" cellpadding="1" class="encr"> | ||
<tr class="encrH"> | ||
<td dir="ltr"> | ||
<div class="enc-simple">Encrypted message<a href="kmail:showEncryptionDetails" style="display:block;float:right;">Show Details</a></div> | ||
</td> | ||
</tr> | ||
<tr class="encrB"> | ||
<td> | ||
<div class="noquote"> | ||
<div dir="ltr">second part</div> | ||
</div> | ||
</td> | ||
</tr> | ||
<tr class="encrH"> | ||
<td dir="ltr">End of encrypted message</td> | ||
</tr> | ||
</table> | ||
<table cellspacing="1" cellpadding="1" class="encr"> | ||
<tr class="encrH"> | ||
<td dir="ltr"> | ||
<div class="enc-simple">Encrypted message<a href="kmail:showEncryptionDetails" style="display:block;float:right;">Show Details</a></div> | ||
</td> | ||
</tr> | ||
<tr class="encrB"> | ||
<td> | ||
<div class="noquote"> | ||
<div dir="ltr">third part</div> | ||
</div> | ||
</td> | ||
</tr> | ||
<tr class="encrH"> | ||
<td dir="ltr">End of encrypted message</td> | ||
</tr> | ||
</table> | ||
<div class="noquote"> | ||
<div dir="ltr">whoo three encrypted parts inside.</div> | ||
</div> | ||
</div> | ||
</div> | ||
</body> | ||
</html> |
7 changes: 7 additions & 0 deletions
7
mimetreeparser/autotests/data/openpgp-inline-multiple.mbox.tree
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
* MimeTreeParser::MessagePartList | ||
* MimeTreeParser::TextMessagePart | ||
* MimeTreeParser::MessagePart | ||
* MimeTreeParser::EncryptedMessagePart | ||
* MimeTreeParser::EncryptedMessagePart | ||
* MimeTreeParser::EncryptedMessagePart | ||
* MimeTreeParser::MessagePart |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,72 @@ | ||
Subject: Testcase 'reply-mix-crlf' (PGP/MIME HTML) | ||
To: brucewayne45@web.de | ||
From: brucewayne45@web.de | ||
MIME-Version: 1.0 | ||
Content-Type: multipart/mixed; boundary="BOUNDARY" | ||
|
||
--BOUNDARY | ||
Content-Type: text/plain | ||
Please reply to this message | ||
. | ||
. | ||
. | ||
--BOUNDARY | ||
Content-Type: text/plain; name="text1.txt" | ||
Content-Disposition: inline | ||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf7BxmM0vO8nG37hKqoqOHb35JqprJM+sqF7JFmrsuWe6V2 | ||
PAyyE2wdtq+AhvXjVnggxYLwU+DEFpBTmWr1rsanyV8hWXRbecfN/9gN/4/N9y7Z | ||
XSx2OeE/uA5z8Kz5vrv/ywMqcVHjB5MQPTcLC2Zlg8MVltpriy6mdAkON4I3t7kl | ||
j9uwQRY7HeKvsib63HWnYAOV/fYPXXor/lioeYIll08uuCiTh3Z9fEhXQI/az5Ft | ||
e/xa70xGqviux+OvhoNUSZspzl7vK7e/NTBlC+LF1zVXUXT8prrd+ZFNwKvtn0Hl | ||
W4KfNqTM9TJB8vpE5FWnH6+B365ZvxZopZ5F/9szp9JGAUCNdX5WujBreg7nTLui | ||
UrnDNwOvjvsE/gsoO3n3jARK+Tu8PfUl8V1bHiCeGJz/mkA9uGJ/IApcT4rYsoHB | ||
nVQjW1NJ6A== | ||
=zrF/ | ||
-----END PGP MESSAGE----- | ||
|
||
--BOUNDARY | ||
Content-Type: text/plain; name="text2.txt" | ||
Content-Disposition: inline | ||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf+MCqjMjAB80hAMAHfa7bdk/6L4DJQBQn+zHRv6oYzzYFC | ||
8l79DDIE2uorQNFj1ZBw5+pi7+/2QmAANnG2ug5W0HRphg2WPXTUswy5H+mg08PM | ||
MXRsP9lX5pAXEbLZVp61tvOQHnO/ltBhHHBwRaIq2tiirUUhy5erqLwlkSyN8xHM | ||
Bh0u/dIJw7ewMk0l3BtF/GuP7l6PtUxT7P0Vwit4h1FV1bc9mSFmBNN16dvixJ4l | ||
jK0mYEqT97SNZpg0MPOxx8E3xuJptzea4qmACv5zx4gYHlZRM0ZlKNqffmRauWOe | ||
pDCjZv2F1IUJOg28NzZhKCBVhmhBmP1VmLNYFKGAsNJHAV+3uN2YYWzbhoOJAE0N | ||
UxLI0EQN4y7OkAnGiRH45HygLxAjTk6dPiP5OD9OhUnSqofAjajlmqzfAAVMxY1a | ||
epnRKPsnCZU= | ||
=dqBN | ||
-----END PGP MESSAGE----- | ||
|
||
|
||
--BOUNDARY | ||
Content-Type: text/plain; name="text3.txt" | ||
Content-Disposition: inline | ||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf+MNDSEBVsF78knI+uirDbLSLrHicrXExTocmXr2DZOggI | ||
zMYCAHyg7ohINA40/8ZuR0bC9h6qCZjjhR+VFe2edRFshXlbuzykjpXNYcSv61Sm | ||
9TAVpgAExzS5VhAxYIJ6+zWJR8+hgv63oREZPWlJ23utBDAMkEeY7cga3wn1HZMZ | ||
g4XQZ94a8s9s/I+s3dLOdHGdxw+hmSnxjMhI6TMcZV/Kvr1MkkW10N0h0+hiuq2O | ||
4owEztpm4See8fCkRfhr0TO+a8ElCtIXjVwqeB0tQh0fU3QaaNiDXYawoFMQXG8N | ||
nwCP92glfOeAvJn9KuLwO3ee+WKwcrJhsFRMmjziDdJGAUvptVDNrk2P/0fzo/Xl | ||
ypmw8zhir6ch+4C2+5yFCtVSmC+3Y7+NQ4YE4AR/z5rGvA1lxclulU1DSGkhFTbJ | ||
XEVyg8o23A== | ||
=Bs3d | ||
-----END PGP MESSAGE----- | ||
|
||
--BOUNDARY | ||
|
||
whoo three encrypted parts inside. | ||
|
||
--BOUNDRY-- |
66 changes: 66 additions & 0 deletions
66
templateparser/autotests/data/404698-gpg-attachments.mbox.forwarded.mbox
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,66 @@ | ||
Subject: Testcase 'reply-mix-crlf' (PGP/MIME HTML) | ||
To: brucewayne45@web.de | ||
From: brucewayne45@web.de | ||
MIME-Version: 1.0 | ||
Content-Type: multipart/mixed; boundary="BOUNDARY" | ||
|
||
--BOUNDARY | ||
Content-Type: text/plain | ||
Please reply to this message | ||
. | ||
. | ||
. | ||
--BOUNDARY | ||
Content-Type: text/plain; name="text1.txt" | ||
Content-Disposition: inline | ||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf7BxmM0vO8nG37hKqoqOHb35JqprJM+sqF7JFmrsuWe6V2 | ||
PAyyE2wdtq+AhvXjVnggxYLwU+DEFpBTmWr1rsanyV8hWXRbecfN/9gN/4/N9y7Z | ||
XSx2OeE/uA5z8Kz5vrv/ywMqcVHjB5MQPTcLC2Zlg8MVltpriy6mdAkON4I3t7kl | ||
j9uwQRY7HeKvsib63HWnYAOV/fYPXXor/lioeYIll08uuCiTh3Z9fEhXQI/az5Ft | ||
e/xa70xGqviux+OvhoNUSZspzl7vK7e/NTBlC+LF1zVXUXT8prrd+ZFNwKvtn0Hl | ||
W4KfNqTM9TJB8vpE5FWnH6+B365ZvxZopZ5F/9szp9JGAUCNdX5WujBreg7nTLui | ||
UrnDNwOvjvsE/gsoO3n3jARK+Tu8PfUl8V1bHiCeGJz/mkA9uGJ/IApcT4rYsoHB | ||
nVQjW1NJ6A== | ||
=zrF/ | ||
-----END PGP MESSAGE----- | ||
|
||
--BOUNDARY | ||
Content-Type: text/plain; name="text2.txt" | ||
Content-Disposition: inline | ||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf+MCqjMjAB80hAMAHfa7bdk/6L4DJQBQn+zHRv6oYzzYFC | ||
8l79DDIE2uorQNFj1ZBw5+pi7+/2QmAANnG2ug5W0HRphg2WPXTUswy5H+mg08PM | ||
MXRsP9lX5pAXEbLZVp61tvOQHnO/ltBhHHBwRaIq2tiirUUhy5erqLwlkSyN8xHM | ||
Bh0u/dIJw7ewMk0l3BtF/GuP7l6PtUxT7P0Vwit4h1FV1bc9mSFmBNN16dvixJ4l | ||
jK0mYEqT97SNZpg0MPOxx8E3xuJptzea4qmACv5zx4gYHlZRM0ZlKNqffmRauWOe | ||
pDCjZv2F1IUJOg28NzZhKCBVhmhBmP1VmLNYFKGAsNJHAV+3uN2YYWzbhoOJAE0N | ||
UxLI0EQN4y7OkAnGiRH45HygLxAjTk6dPiP5OD9OhUnSqofAjajlmqzfAAVMxY1a | ||
epnRKPsnCZU= | ||
=dqBN | ||
-----END PGP MESSAGE----- | ||
|
||
|
||
--BOUNDARY | ||
Content-Type: text/plain; name="text3.txt" | ||
Content-Disposition: inline | ||
-----BEGIN PGP MESSAGE----- | ||
|
||
hQEMAwzOQ1qnzNo7AQf+MNDSEBVsF78knI+uirDbLSLrHicrXExTocmXr2DZOggI | ||
zMYCAHyg7ohINA40/8ZuR0bC9h6qCZjjhR+VFe2edRFshXlbuzykjpXNYcSv61Sm | ||
9TAVpgAExzS5VhAxYIJ6+zWJR8+hgv63oREZPWlJ23utBDAMkEeY7cga3wn1HZMZ | ||
g4XQZ94a8s9s/I+s3dLOdHGdxw+hmSnxjMhI6TMcZV/Kvr1MkkW10N0h0+hiuq2O | ||
4owEztpm4See8fCkRfhr0TO+a8ElCtIXjVwqeB0tQh0fU3QaaNiDXYawoFMQXG8N | ||
nwCP92glfOeAvJn9KuLwO3ee+WKwcrJhsFRMmjziDdJGAUvptVDNrk2P/0fzo/Xl | ||
ypmw8zhir6ch+4C2+5yFCtVSmC+3Y7+NQ4YE4AR/z5rGvA1lxclulU1DSGkhFTbJ | ||
XEVyg8o23A== | ||
=Bs3d | ||
-----END PGP MESSAGE----- |
1 change: 1 addition & 0 deletions
1
templateparser/autotests/data/404698-gpg-attachments.mbox.html.reply
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
Please reply to this message<br>.<br>.<br>.<br><br> |
5 changes: 5 additions & 0 deletions
5
templateparser/autotests/data/404698-gpg-attachments.mbox.plain.reply
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
Please reply to this message | ||
. | ||
. | ||
. | ||
|
Oops, something went wrong.