Bug 303305 - A "From " at the beginning of a line is not escaped thus breaking signatures (ignoring RfC 3156 recommendation)
Summary: A "From " at the beginning of a line is not escaped thus breaking signatures ...
Status: RESOLVED FIXED
Alias: None
Product: kmail2
Classification: Applications
Component: crypto (show other bugs)
Version: 4.8
Platform: openSUSE Linux
: NOR major
Target Milestone: ---
Assignee: kdepim bugs
URL:
Keywords:
: 336069 (view as bug list)
Depends on:
Blocks:
 
Reported: 2012-07-10 14:53 UTC by Hauke Laging
Modified: 2016-09-26 21:39 UTC (History)
3 users (show)

See Also:
Latest Commit: http://commits.kde.org/kdepim/98770957d2a62437159ac3cba1882f75859adb87
Version Fixed In: 4.11.4

Attachments
Screenshot of the KMail window with the non-validating signature (83.82 KB, image/png)
2012-07-10 17:22 UTC, Hauke Laging 		Details
View All Add an attachment

Note You need to log in before you can comment on or make changes to this bug.
Description Hauke Laging 2012-07-10 14:53:30 UTC 
KMail (4.7.2 but I haven't found a bug referring to this) violates a RfC 4880 recommendation:

#############################
Note: If any line begins with the string "From ", it is strongly suggested that either the Quoted-Printable or Base64 MIME encoding be applied.  If Quoted-Printable is used, at least one of the characters in the string should be encoded using the hexadecimal coding rule.  This is because many mail transfer and delivery agents treat "From " (the word "from" followed immediately by a space character) as the start of a new message and thus insert a right angle-bracket (>) in front of any line beginning with "From " to distinguish this case, invalidating the signature.
#############################

This is not really a problem of the crypto component but the failure probably affects crypto only.

Reproducible: Always

Steps to Reproduce:
1. Write an email with a line beginning with "From " which is not sent as base64.
Actual Results:  
"From " is not escaped.

Expected Results:  
As said in the RfC quote.

To see the broken signature just send the mail to a "suitable" mailing list (like the GnuPG mailing list, Mailman version 2.1.12rc1). Local storage in mbox format may "work", too.
Comment 1 Laurent Montel 2012-07-10 16:59:27 UTC 
could you paste screenshot about it ?
Comment 2 Hauke Laging 2012-07-10 17:22:48 UTC 
Created attachment 72429 [details]
Screenshot of the KMail window with the non-validating signature
Comment 3 Hauke Laging 2012-07-10 17:26:13 UTC 
(In reply to comment #1)
> could you paste screenshot about it ?

Sure. Now I have noticed that KMail shows the escape char >. I am not familiar enough with the RfCs for emails without crypto but I guess that the MUA should strip off that one when displaying the message. For the crypto component it would be useful to check in case of both a bad signature and a ">From " whether the signature validates against a modified body (without the ">").
Comment 4 Sandro Knauß 2013-03-20 00:21:05 UTC 
I think he hit two unrelated bugs:
1.  violation of RFC 4880
-> I can confirm this violation also with unsigned messages

2. broken signature. Can you say, what kind of signing is broken? inline and/or mime? Can you actually load one broken mail & text as two attachments to this bug?
Comment 5 Sandro Knauß 2013-11-08 15:28:50 UTC 
Actually it is RFC 3156 that recommends this behaviour. Another error that falls into this category is #286553.
Comment 6 Sandro Knauß 2013-11-09 17:36:54 UTC 
Git commit 98770957d2a62437159ac3cba1882f75859adb87 by Sandro Knauß.
Committed on 09/11/2013 at 14:37.
Pushed by knauss into branch 'KDE/4.11'.

Fix 286553 - Kmail signed emails invalid in Thunderbird w/ Enigmail
Related: bug 286553
FIXED-IN: 4.11.4
REVIEW: 113750

M  +46   -0    messagecomposer/job/signjob.cpp
M  +35   -0    messagecomposer/tests/signjobtest.cpp
M  +1    -0    messagecomposer/tests/signjobtest.h

http://commits.kde.org/kdepim/98770957d2a62437159ac3cba1882f75859adb87
Comment 7 Sandro Knauß 2016-09-26 21:39:58 UTC 
*** Bug 336069 has been marked as a duplicate of this bug. ***