From ad2b6d12371642b83eb9d970e81612528194b32f Mon Sep 17 00:00:00 2001
From: Felix Hammerl <mail@felixhammerl.com>
Date: Fri, 12 Sep 2014 17:02:03 +0200
Subject: [PATCH] [WO-587] Explicitly include arbitrary headers in clearsigned
 regex

---
 src/js/dao/email-dao.js     | 4 ++--
 test/unit/email-dao-test.js | 7 ++++---
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/js/dao/email-dao.js b/src/js/dao/email-dao.js
index 7ba13ce..230e111 100644
--- a/src/js/dao/email-dao.js
+++ b/src/js/dao/email-dao.js
@@ -772,11 +772,11 @@ define(function(require) {
             /*
              * any content before/after the PGP block will be discarded,
              * "-----BEGIN/END (...)-----" must be at the start/end of a line,
-             * after \n\n the signed payload begins,
+             * after the hash (and possibly other) arbitrary headers, the signed payload begins,
              * the text is followed by a final \n and then the pgp signature begins
              * untrusted attachments and html is ignored
              */
-            var clearSignedMatch = /^-{5}BEGIN PGP SIGNED MESSAGE-{5}[\s\S]*\n\n([\s\S]*)\n-{5}BEGIN PGP SIGNATURE-{5}[\S\s]*-{5}END PGP SIGNATURE-{5}$/im.exec(body);
+            var clearSignedMatch = /^-{5}BEGIN PGP SIGNED MESSAGE-{5}\nHash:[ ][^\n]+\n(?:[A-Za-z]+:[ ][^\n]+\n)*\n([\s\S]*)\n-{5}BEGIN PGP SIGNATURE-{5}[\S\s]*-{5}END PGP SIGNATURE-{5}$/im.exec(body);
             if (clearSignedMatch) {
                 // PGP/INLINE signed
                 message.signed = true;
diff --git a/test/unit/email-dao-test.js b/test/unit/email-dao-test.js
index 2a5b465..ef063dc 100644
--- a/test/unit/email-dao-test.js
+++ b/test/unit/email-dao-test.js
@@ -1010,9 +1010,10 @@ define(function(require) {
                 });
 
                 it('should read a signed pgp/inline from the device', function(done) {
-                    var message, pt;
+                    var message, pt, expected;
 
-                    pt = '-----BEGIN PGP SIGNED MESSAGE-----\n\ntest6\n-----BEGIN PGP SIGNATURE----------END PGP SIGNATURE-----';
+                    expected = 'Lorem ipsum Aliquip tempor veniam proident.\n\nafguab;igab;igubalw\n\nLorem ipsum Dolor sed irure sint in non.\n\n\n';
+                    pt = '-----BEGIN PGP SIGNED MESSAGE-----\nHash: WTFHASH\n\n' + expected + '\n-----BEGIN PGP SIGNATURE----------END PGP SIGNATURE-----';
                     message = {
                         uid: uid,
                         from: [{
@@ -1036,7 +1037,7 @@ define(function(require) {
                         expect(err).to.not.exist;
 
                         expect(msg).to.equal(message);
-                        expect(msg.body).to.equal('test6');
+                        expect(msg.body).to.equal(expected);
                         expect(message.signed).to.be.true;
                         expect(message.signaturesValid).to.be.true;
                         expect(message.loadingBody).to.be.false;