debian/notmuch
1
0
Fork 0
mirror of https://git.notmuchmail.org/git/notmuch synced 2024-11-21 18:38:08 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
notmuch/mime-node.c
Daniel Kahn Gillmor 4dccb99282 mime-node: Clean up unwrapped MIME parts correctly. 
Avoid a memory leak in the notmuch command line.

gmime_multipart_encrypted_decrypt returns a GMimeObject marked by
GMime as "transfer full", so we are supposed to clean up after it.

When parsing a message, notmuch would leak one GMimeObject part per
multipart/encrypted MIME layer.  We clean it up by analogy with
cleaning up the signature list associated with a MIME node.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
2020-03-22 22:21:03 -03:00

469 lines
14 KiB
C
Raw Blame History

/* notmuch - Not much of an email program, (just index and search)
*
* Copyright © 2009 Carl Worth
* Copyright © 2009 Keith Packard
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see https://www.gnu.org/licenses/ .
*
* Authors: Carl Worth <cworth@cworth.org>
* Keith Packard <keithp@keithp.com>
* Austin Clements <aclements@csail.mit.edu>
*/
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include "notmuch-client.h"
/* Context that gets inherited from the root node. */
typedef struct mime_node_context {
/* Per-message resources. These are allocated internally and must
* be destroyed. */
GMimeStream *stream;
GMimeParser *parser;
GMimeMessage *mime_message;
_notmuch_message_crypto_t *msg_crypto;
/* repaired/unmangled parts that will need to be cleaned up */
GSList *repaired_parts;
/* Context provided by the caller. */
_notmuch_crypto_t *crypto;
} mime_node_context_t;
static int
_mime_node_context_free (mime_node_context_t *res)
{
if (res->mime_message)
g_object_unref (res->mime_message);
if (res->parser)
g_object_unref (res->parser);
if (res->stream)
g_object_unref (res->stream);
if (res->repaired_parts)
g_slist_free_full (res->repaired_parts, g_object_unref);
return 0;
}
/* keep track of objects that need to be destroyed when the mime node
* context goes away. */
static void
_mime_node_context_track_repaired_part (mime_node_context_t *ctx, GMimeObject *part)
{
if (part)
ctx->repaired_parts = g_slist_prepend (ctx->repaired_parts, part);
}
const _notmuch_message_crypto_t *
mime_node_get_message_crypto_status (mime_node_t *node)
{
return node->ctx->msg_crypto;
}
notmuch_status_t
mime_node_open (const void *ctx, notmuch_message_t *message,
_notmuch_crypto_t *crypto, mime_node_t **root_out)
{
const char *filename = notmuch_message_get_filename (message);
mime_node_context_t *mctx;
mime_node_t *root;
notmuch_status_t status;
int fd;
root = talloc_zero (ctx, mime_node_t);
if (root == NULL) {
fprintf (stderr, "Out of memory.\n");
status = NOTMUCH_STATUS_OUT_OF_MEMORY;
goto DONE;
}
/* Create the tree-wide context */
mctx = talloc_zero (root, mime_node_context_t);
if (mctx == NULL) {
fprintf (stderr, "Out of memory.\n");
status = NOTMUCH_STATUS_OUT_OF_MEMORY;
goto DONE;
}
talloc_set_destructor (mctx, _mime_node_context_free);
/* Fast path */
fd = open (filename, O_RDONLY);
if (fd == -1) {
/* Slow path - for some reason the first file in the list is
* not available anymore. This is clearly a problem in the
* database, but we are not going to let this problem be a
* show stopper */
notmuch_filenames_t *filenames;
for (filenames = notmuch_message_get_filenames (message);
notmuch_filenames_valid (filenames);
notmuch_filenames_move_to_next (filenames)) {
filename = notmuch_filenames_get (filenames);
fd = open (filename, O_RDONLY);
if (fd != -1)
break;
}
talloc_free (filenames);
if (fd == -1) {
/* Give up */
fprintf (stderr, "Error opening %s: %s\n", filename, strerror (errno));
status = NOTMUCH_STATUS_FILE_ERROR;
goto DONE;
}
}
mctx->stream = g_mime_stream_gzfile_new (fd);
if (! mctx->stream) {
fprintf (stderr, "Out of memory.\n");
status = NOTMUCH_STATUS_OUT_OF_MEMORY;
goto DONE;
}
mctx->parser = g_mime_parser_new_with_stream (mctx->stream);
if (! mctx->parser) {
fprintf (stderr, "Out of memory.\n");
status = NOTMUCH_STATUS_OUT_OF_MEMORY;
goto DONE;
}
mctx->mime_message = g_mime_parser_construct_message (mctx->parser, NULL);
if (! mctx->mime_message) {
fprintf (stderr, "Failed to parse %s\n", filename);
status = NOTMUCH_STATUS_FILE_ERROR;
goto DONE;
}
mctx->msg_crypto = _notmuch_message_crypto_new (mctx);
mctx->crypto = crypto;
/* Create the root node */
root->part = GMIME_OBJECT (mctx->mime_message);
root->envelope_file = message;
root->nchildren = 1;
root->ctx = mctx;
root->parent = NULL;
root->part_num = 0;
root->next_child = 0;
root->next_part_num = 1;
*root_out = root;
return NOTMUCH_STATUS_SUCCESS;
DONE:
talloc_free (root);
return status;
}
/* Signature list destructor */
static int
_signature_list_free (GMimeSignatureList **proxy)
{
g_object_unref (*proxy);
return 0;
}
/* Set up signature list destructor */
static void
set_signature_list_destructor (mime_node_t *node)
{
GMimeSignatureList **proxy = talloc (node, GMimeSignatureList *);
if (proxy) {
*proxy = node->sig_list;
talloc_set_destructor (proxy, _signature_list_free);
}
}
/* Unwrapped MIME part destructor */
static int
_unwrapped_child_free (GMimeObject **proxy)
{
g_object_unref (*proxy);
return 0;
}
/* Set up unwrapped MIME part destructor */
static void
set_unwrapped_child_destructor (mime_node_t *node)
{
GMimeObject **proxy = talloc (node, GMimeObject *);
if (proxy) {
*proxy = node->unwrapped_child;
talloc_set_destructor (proxy, _unwrapped_child_free);
}
}
/* Verify a signed mime node */
static void
node_verify (mime_node_t *node, GMimeObject *part)
{
GError *err = NULL;
notmuch_status_t status;
node->verify_attempted = true;
node->sig_list = g_mime_multipart_signed_verify (
GMIME_MULTIPART_SIGNED (part), GMIME_VERIFY_NONE, &err);
if (node->sig_list)
set_signature_list_destructor (node);
else
fprintf (stderr, "Failed to verify signed part: %s\n",
err ? err->message : "no error explanation given");
if (err)
g_error_free (err);
status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
if (status) /* this is a warning, not an error */
fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
}
/* Decrypt and optionally verify an encrypted mime node */
static void
node_decrypt_and_verify (mime_node_t *node, GMimeObject *part)
{
GError *err = NULL;
GMimeDecryptResult *decrypt_result = NULL;
notmuch_status_t status;
GMimeMultipartEncrypted *encrypteddata = GMIME_MULTIPART_ENCRYPTED (part);
notmuch_message_t *message = NULL;
if (! node->unwrapped_child) {
for (mime_node_t *parent = node; parent; parent = parent->parent)
if (parent->envelope_file) {
message = parent->envelope_file;
break;
}
node->unwrapped_child = _notmuch_crypto_decrypt (&node->decrypt_attempted,
node->ctx->crypto->decrypt,
message,
encrypteddata, &decrypt_result, &err);
if (node->unwrapped_child)
set_unwrapped_child_destructor (node);
}
if (! node->unwrapped_child) {
fprintf (stderr, "Failed to decrypt part: %s\n",
err ? err->message : "no error explanation given");
goto DONE;
}
node->decrypt_success = true;
status = _notmuch_message_crypto_successful_decryption (node->ctx->msg_crypto);
if (status) /* this is a warning, not an error */
fprintf (stderr, "Warning: failed to note decryption status: %s.\n", notmuch_status_to_string (status));
if (decrypt_result) {
/* This may be NULL if the part is not signed. */
node->sig_list = g_mime_decrypt_result_get_signatures (decrypt_result);
if (node->sig_list) {
node->verify_attempted = true;
g_object_ref (node->sig_list);
set_signature_list_destructor (node);
status = _notmuch_message_crypto_potential_sig_list (node->ctx->msg_crypto, node->sig_list);
if (status) /* this is a warning, not an error */
fprintf (stderr, "Warning: failed to note signature status: %s.\n", notmuch_status_to_string (status));
}
if (node->ctx->crypto->decrypt == NOTMUCH_DECRYPT_TRUE && message) {
notmuch_database_t *db = notmuch_message_get_database (message);
const char *session_key = g_mime_decrypt_result_get_session_key (decrypt_result);
if (db && session_key)
print_status_message ("Failed to stash session key in the database",
message,
notmuch_message_add_property (message, "session-key",
session_key));
}
g_object_unref (decrypt_result);
}
DONE:
if (err)
g_error_free (err);
}
static bool
_mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild);
static mime_node_t *
_mime_node_create (mime_node_t *parent, GMimeObject *part, int numchild)
{
mime_node_t *node = talloc_zero (parent, mime_node_t);
/* Set basic node properties */
node->ctx = parent->ctx;
if (! talloc_reference (node, node->ctx)) {
fprintf (stderr, "Out of memory.\n");
talloc_free (node);
return NULL;
}
node->parent = parent;
node->part_num = node->next_part_num = -1;
node->next_child = 0;
if (_mime_node_set_up_part (node, part, numchild))
return node;
talloc_free (node);
return NULL;
}
/* associate a MIME part with a node. */
static bool
_mime_node_set_up_part (mime_node_t *node, GMimeObject *part, int numchild)
{
/* Deal with the different types of parts */
if (GMIME_IS_PART (part)) {
node->part = part;
node->nchildren = 0;
} else if (GMIME_IS_MULTIPART (part)) {
GMimeObject *repaired_part = _notmuch_repair_mixed_up_mangled (part);
if (repaired_part) {
/* This was likely "Mixed Up" in transit! We replace it
* with the more likely-to-be-correct variant. */
_mime_node_context_track_repaired_part (node->ctx, repaired_part);
part = repaired_part;
}
node->part = part;
node->nchildren = g_mime_multipart_get_count (GMIME_MULTIPART (part));
} else if (GMIME_IS_MESSAGE_PART (part)) {
/* Promote part to an envelope and open it */
GMimeMessagePart *message_part = GMIME_MESSAGE_PART (part);
GMimeMessage *message = g_mime_message_part_get_message (message_part);
node->envelope_part = message_part;
node->part = GMIME_OBJECT (message);
node->nchildren = 1;
} else {
fprintf (stderr, "Warning: Unknown mime part type: %s.\n",
g_type_name (G_OBJECT_TYPE (part)));
return false;
}
/* Handle PGP/MIME parts (by definition not cryptographic payload parts) */
if (GMIME_IS_MULTIPART_ENCRYPTED (part) && (node->ctx->crypto->decrypt != NOTMUCH_DECRYPT_FALSE)) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 4, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/encrypted "
"message (must be exactly 2)\n",
node->nchildren);
} else {
node_decrypt_and_verify (node, part);
}
} else if (GMIME_IS_MULTIPART_SIGNED (part) && node->ctx->crypto->verify) {
if (node->nchildren != 2) {
/* this violates RFC 3156 section 5, so we won't bother with it. */
fprintf (stderr, "Error: %d part(s) for a multipart/signed message "
"(must be exactly 2)\n",
node->nchildren);
} else {
node_verify (node, part);
}
} else {
if (_notmuch_message_crypto_potential_payload (node->ctx->msg_crypto, part, node->parent ? node->parent->part : NULL, numchild) &&
node->ctx->msg_crypto->decryption_status == NOTMUCH_MESSAGE_DECRYPTED_FULL) {
GMimeObject *clean_payload = _notmuch_repair_crypto_payload_skip_legacy_display (part);
if (clean_payload != part) {
/* only one layer of recursion is possible here
* because there can be only a single cryptographic
* payload: */
return _mime_node_set_up_part (node, clean_payload, numchild);
}
}
}
return true;
}
mime_node_t *
mime_node_child (mime_node_t *parent, int child)
{
GMimeObject *sub;
mime_node_t *node;
if (! parent || ! parent->part || child < 0 || child >= parent->nchildren)
return NULL;
if (GMIME_IS_MULTIPART (parent->part)) {
if (child == GMIME_MULTIPART_ENCRYPTED_CONTENT && parent->unwrapped_child)
sub = parent->unwrapped_child;
else
sub = g_mime_multipart_get_part (
GMIME_MULTIPART (parent->part), child);
} else if (GMIME_IS_MESSAGE (parent->part)) {
sub = g_mime_message_get_mime_part (GMIME_MESSAGE (parent->part));
} else {
/* This should have been caught by _mime_node_set_up_part */
INTERNAL_ERROR ("Unexpected GMimeObject type: %s",
g_type_name (G_OBJECT_TYPE (parent->part)));
}
node = _mime_node_create (parent, sub, child);
if (child == parent->next_child && parent->next_part_num != -1) {
/* We're traversing in depth-first order. Record the child's
* depth-first numbering. */
node->part_num = parent->next_part_num;
node->next_part_num = node->part_num + 1;
/* Prepare the parent for its next depth-first child. */
parent->next_child++;
parent->next_part_num = -1;
if (node->nchildren == 0) {
/* We've reached a leaf, so find the parent that has more
* children and set it up to number its next child. */
mime_node_t *iter = node->parent;
while (iter && iter->next_child == iter->nchildren)
iter = iter->parent;
if (iter)
iter->next_part_num = node->part_num + 1;
}
}
return node;
}
static mime_node_t *
_mime_node_seek_dfs_walk (mime_node_t *node, int *n)
{
int i;
if (*n == 0)
return node;
*n -= 1;
for (i = 0; i < node->nchildren; i++) {
mime_node_t *child = mime_node_child (node, i);
mime_node_t *ret = _mime_node_seek_dfs_walk (child, n);
if (ret)
return ret;
talloc_free (child);
}
return NULL;
}
mime_node_t *
mime_node_seek_dfs (mime_node_t *node, int n)
{
if (n < 0)
return NULL;
return _mime_node_seek_dfs_walk (node, &n);
}
Reference in a new issue View git blame Copy permalink