From 1814a76498c25e8a791a70317dbe9d6e56912865 Mon Sep 17 00:00:00 2001
From: Kenny <k.niehage@syseleven.de>
Date: Fri, 22 Jun 2018 09:18:18 +0200
Subject: [PATCH] decryption of non-MDC-protected messages is now prevented for
 older versions of GnuPG that set the return code to 0

---
 CHANGELOG.md                 |  5 +++++
 README.md                    |  6 +++---
 index.php                    |  4 ++--
 libs/shared-secrets.def.php  |  3 +++
 libs/shared-secrets.exec.php | 10 +++++++---
 5 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4145467..38dd4cb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,8 @@
+# 0.12b0 (2018-06-22)
+
+* decryption of non-MDC-protected messages is now prevented for older versions of GnuPG that set the return code to 0
+* force GnuPG to produce English output as we have to check it against a predefined string
+
 # 0.11b0 (2017-08-10)
 
 * version bump for legacy-less publication on github
diff --git a/README.md b/README.md
index b5b8192..03a156d 100644
--- a/README.md
+++ b/README.md
@@ -68,13 +68,13 @@ server {
 
 Furthermore the following HTTP headers have to be set (Nginx example):
 ```
-add_header Content-Security-Policy   "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
+add_header Content-Security-Policy   "base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
 add_header Referrer-Policy           "same-origin";
 add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
-add_header X-Content-Security-Policy "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
+add_header X-Content-Security-Policy "base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
 add_header X-Content-Type-Options    "nosniff";
 add_header X-Frame-Options           "SAMEORIGIN";
-add_header X-Webkit-CSP              "default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
+add_header X-Webkit-CSP              "base-uri 'self'; default-src 'self'; form-action 'self'; frame-ancestors 'self'; require-sri-for script style";
 add_header X-XSS-Protection          "1; mode=block";
 ```
 
diff --git a/index.php b/index.php
index 6a72324..b054efc 100644
--- a/index.php
+++ b/index.php
@@ -1,8 +1,8 @@
 <?php
 
-  # Shared-Secrets v0.11b0
+  # Shared-Secrets v0.12b0
   #
-  # Copyright (c) 2016, SysEleven GmbH
+  # Copyright (c) 2016-2018, SysEleven GmbH
   # All rights reserved.
   #
   # This page allows you to share a secret through a secret sharing link.
diff --git a/libs/shared-secrets.def.php b/libs/shared-secrets.def.php
index 3a4cd32..5c352e3 100644
--- a/libs/shared-secrets.def.php
+++ b/libs/shared-secrets.def.php
@@ -14,6 +14,9 @@
   define("URL_BASE64_MARKER_B", "_");
   define("URL_ENCODE_MARKER",   "%");
 
+  # define GnuPG error message
+  define("GPG_MDC_ERROR", "gpg: WARNING: message was not integrity protected");
+
   # define MySQL queries
   define("MYSQL_READ",  "SELECT COUNT(*) FROM secrets WHERE fingerprint = ?");
   define("MYSQL_WRITE", "INSERT INTO secrets VALUES (?, ?, CURRENT_TIMESTAMP)");
diff --git a/libs/shared-secrets.exec.php b/libs/shared-secrets.exec.php
index 26f15b9..a635976 100644
--- a/libs/shared-secrets.exec.php
+++ b/libs/shared-secrets.exec.php
@@ -108,12 +108,16 @@ function decrypt($content, $homedir, $passphrase_file) {
         $cmd_append .= " --batch --passphrase-file ".escapeshellarg($passphrase_file);
       }
 
-      $ret = execute_with_stdio("gpg --quiet --keyid-format LONG --no-tty ".$cmd_append." --output - --decrypt -",
+      $ret = execute_with_stdio("LANG=en gpg --quiet --keyid-format LONG --no-tty ".$cmd_append." --output - --decrypt -",
                                 $content,
                                 $stdout,
                                 $stderr);
       if (0 === $ret) {
-        $result = $stdout;
+        # check that the decrypted message has been integrity-protected,
+        # older versions of GnuPG set the return code to 0 when this warning occurs 
+        if (false === stripos($stderr, GPG_MDC_ERROR)) {
+          $result = $stdout;
+        }
       }
     }
 
@@ -170,7 +174,7 @@ function encrypt($content, $recipient, $homedir) {
         $cmd_append .= " --homedir ".escapeshellarg($homedir);
       }
 
-      $ret = execute_with_stdio("gpg --quiet --keyid-format LONG --no-tty --recipient ".escapeshellarg($recipient)." --trust-model always --yes ".$cmd_append." --output - --encrypt -",
+      $ret = execute_with_stdio("LANG=en gpg --quiet --keyid-format LONG --no-tty --recipient ".escapeshellarg($recipient)." --trust-model always --yes ".$cmd_append." --output - --encrypt -",
                                 $content,
                                 $stdout,
                                 $stderr);