Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

NullReferenceException in BouncyCastleSecureMimeContext #941

Closed
alxbauer opened this issue Jul 12, 2023 · 0 comments
Closed

NullReferenceException in BouncyCastleSecureMimeContext #941

alxbauer opened this issue Jul 12, 2023 · 0 comments
Labels
compatibility Compatibility with existing software

Comments

@alxbauer
Copy link

alxbauer commented Jul 12, 2023
edited
Loading

In very rare cases i get an NullReferenceException in BouncyCastleSecureMimeContext while decoding S/Mime messages.

The problem is caused by malformed SMIMECapabilities in the signature.
These contain the RC2-CBC algorithm, but without the required parameter.
This causes the NullReferenceException to occur in the following section of code.

Line 846

MimeKit/MimeKit/Cryptography/BouncyCastleSecureMimeContext.cs

Lines 834 to 855 in e9b1905

if (identifier.Algorithm.Id == CmsEnvelopedGenerator.RC2Cbc) {
if (identifier.Parameters is DerSequence) {
var param = (DerSequence) identifier.Parameters;
var version = (DerInteger) param[0];
int bits = version.Value.IntValue;
switch (bits) {
case 58: algorithm = EncryptionAlgorithm.RC2128; return true;
case 120: algorithm = EncryptionAlgorithm.RC264; return true;
case 160: algorithm = EncryptionAlgorithm.RC240; return true;
}
} else {
var param = (DerInteger) identifier.Parameters;
int bits = param.Value.IntValue;
switch (bits) {
case 128: algorithm = EncryptionAlgorithm.RC2128; return true;
case 64: algorithm = EncryptionAlgorithm.RC264; return true;
case 40: algorithm = EncryptionAlgorithm.RC240; return true;
}
}
}

I think the simplest solution would be to use a else if condition to prevent the NullReferenceException:

if (identifier.algorithm.id == cmsenvelopedgenerator.rc2cbc) {
	if (identifier.parameters is dersequence) {
		var param = (dersequence) identifier.parameters;
		var version = (derinteger) param[0];
		int bits = version.value.intvalue;

		switch (bits) {
		case 58: algorithm = encryptionalgorithm.rc2128; return true;
		case 120: algorithm = encryptionalgorithm.rc264; return true;
		case 160: algorithm = encryptionalgorithm.rc240; return true;
		}
	} else if (identifier.parameters is derinteger) {
		var param = (derinteger) identifier.parameters;
		int bits = param.value.intvalue;

		switch (bits) {
		case 128: algorithm = encryptionalgorithm.rc2128; return true;
		case 64: algorithm = encryptionalgorithm.rc264; return true;
		case 40: algorithm = encryptionalgorithm.rc240; return true;
		}
	}
}

br,
Alex
jstedfast added a commit that referenced this issue Jul 12, 2023
@jstedfast
Avoid throwing NRE when an RC2 algorithm was used for S/MIME w/o para…
82b9b1a 
…meters

Fixes issue #941
@jstedfast jstedfast added the compatibility Compatibility with existing software label Jul 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
compatibility Compatibility with existing software
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jstedfast @alxbauer