extern/egroupware
1
0
Fork 1
mirror of https://github.com/EGroupware/egroupware.git synced 2025-06-25 12:21:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

S/MIME:

Browse Source 
- Make sure content of p12 file contained \0 chars at the end stored in credentials will not get trimmed.
This commit is contained in:
Hadi Nategh 2017-08-31 11:39:50 +02:00
parent c886d567f9
commit 914d6b2a52
2 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
api/src/Mail/Credentials.php
View File

@ -200,6 +200,9 @@ class Credentials
} }
$password = self::decrypt($row); $password = self::decrypt($row);
// Remove special x char added to the end for \0 trimming escape.
if ($type == self::SMIME && substr($password, -1) === 'x') $password = substr($password, 0, -1);
foreach(self::$type2prefix as $pattern => $prefix) foreach(self::$type2prefix as $pattern => $prefix)
{ {
if ($row['cred_type'] & $pattern) if ($row['cred_type'] & $pattern)
@ -290,6 +293,11 @@ class Credentials
//error_log(__METHOD__."($acc_id, '$username', \$password, $type, $account_id, ".array2string($cred_id).") not storing session credentials!"); //error_log(__METHOD__."($acc_id, '$username', \$password, $type, $account_id, ".array2string($cred_id).") not storing session credentials!");
return; // do NOT store credentials from session of current user! return; // do NOT store credentials from session of current user!
} }
// Add arbitary char to the ending to make sure the Smime binary content
// with \0 at the end not getting trimmed of while trying to decrypt.
if ($type == self::SMIME) $password .= 'x';
// no need to write empty usernames, but delete existing row // no need to write empty usernames, but delete existing row
if ((string)$username === '') if ((string)$username === '')
{ {

2
mail/inc/class.mail_ui.inc.php
View File

@ -2275,7 +2275,7 @@ $filter['before']= date("d-M-Y", $cutoffdate2);
function smimeExportCert() function smimeExportCert()
{ {
if (empty($_GET['acc_id'])) return false; if (empty($_GET['acc_id'])) return false;
$acc_smime = Mail\Credentials::read($_GET['acc_id'], Mail\Credentials::SMIME, $GLOBALS['egw_info']['user']['account_id']); $acc_smime = Mail\Smime::get_acc_smime($_GET['acc_id']);
$length = 0; $length = 0;
$mime = 'application/x-pkcs12'; $mime = 'application/x-pkcs12';
Api\Header\Content::safe($acc_smime['acc_smime_password'], "certificate.p12", $mime, $length, true, true); Api\Header\Content::safe($acc_smime['acc_smime_password'], "certificate.p12", $mime, $length, true, true);