[PATCH 14/14] cli: Avoid bogus signature dates from GMime

Subject: [PATCH 14/14] cli: Avoid bogus signature dates from GMime

Date: Wed, 4 Dec 2019 00:52:02 -0500

To: Notmuch Mail

Cc:

From: Daniel Kahn Gillmor


As noted in https://github.com/jstedfast/gmime/issues/68, GMime
converts the unsigned longs returned from GPGME into time_t objects.

On architectures with a signed 32-bit time_t (like GNU/Linux x86_64),
this means that we're limited to 31 bits of data, which means the
clock wraps around in 2038.

Until GMime fixes this properly, we can regain 1 bit of space by
casting back from time_t to an unsigned long.  This gives us a window
of up until early 2106.

The example S/MIME SignedData message is signed by a certificate whose
expiration date is Fri Sep 27 06:54:18 UTC 2052 (2611032858 seconds
since the epoch).  GPGME reports the value faithfully as the
expiration date of the signature on this message, but GMime wraps it
back around to the negative.

Once GMime fixes #68, we should transition to their upstream fix
instead of maintaining this workaround forever.

Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
---
 notmuch-show.c     | 4 ++--
 test/T355-smime.sh | 1 -
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/notmuch-show.c b/notmuch-show.c
index c809f8e9..84839180 100644
--- a/notmuch-show.c
+++ b/notmuch-show.c
@@ -447,12 +447,12 @@ format_part_sigstatus_sprinter (sprinter_t *sp, GMimeSignatureList *siglist)
 	    time_t created = g_mime_signature_get_created (signature);
 	    if (created != -1) {
 		sp->map_key (sp, "created");
-		sp->integer (sp, created);
+		sp->ulong (sp, (unsigned long) created);
 	    }
 	    time_t expires = g_mime_signature_get_expires (signature);
 	    if (expires > 0) {
 		sp->map_key (sp, "expires");
-		sp->integer (sp, expires);
+		sp->ulong (sp, (unsigned long) expires);
 	    }
 	    if (certificate) {
 		const char *uid = g_mime_certificate_get_valid_userid (certificate);
diff --git a/test/T355-smime.sh b/test/T355-smime.sh
index ddc91a56..dedf5ab1 100755
--- a/test/T355-smime.sh
+++ b/test/T355-smime.sh
@@ -158,7 +158,6 @@ output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.ex
 test_valid_json "$output"
 
 test_begin_subtest "Verify signature on PKCS#7 SignedData message"
-test_subtest_known_broken
 output=$(notmuch show --format=json id:smime-onepart-signed@protected-headers.example)
 test_json_nodes <<<"$output" \
                 'crypto:[0][0][0]["crypto"]["signed"]["status"][0]={
-- 
2.24.0

_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Thread: