From 20f534dde5f0f7382de43cf4d7853f29666b865d Mon Sep 17 00:00:00 2001
From: Dylan Baker <dylan@pnwbakers.com>
Date: Mon, 10 Jul 2017 11:11:06 -0700
Subject: crypto: Fix error handling of signed messages

gpgme.Context.verify doesn't raise an exception, instead it attaches the
error as an attribute of the return value. This means that we've been
returning that a signature is valid even when it isn't.

This patch checks the attribute instead of try/excepting. Because there
is a second bug (fixed in the next patch) signature verification will
always fail with this patch.
---
 alot/crypto.py | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

(limited to 'alot/crypto.py')

diff --git a/alot/crypto.py b/alot/crypto.py
index 08213f34..b0849ae2 100644
--- a/alot/crypto.py
+++ b/alot/crypto.py
@@ -202,10 +202,11 @@ def verify_detached(message, signature):
     message_data = StringIO(message)
     signature_data = StringIO(signature)
     ctx = gpgme.Context()
-    try:
-        return ctx.verify(signature_data, message_data, None)
-    except gpgme.GpgmeError as e:
-        raise GPGProblem(e.message, code=e.code)
+
+    status = ctx.verify(signature_data, message_data, None)
+    if isinstance(status[0].status, gpgme.GpgmeError):
+        raise GPGProblem(status[0].status.message, code=status[0].status.code)
+    return status
 
 
 def decrypt_verify(encrypted):
-- 
cgit v1.2.3