+;; Extract plaintext from cleartext signature. IMO, this kind of task
+;; should be done by GnuPG rather than Elisp, but older PGP backends
+;; (such as Mailcrypt, PGG, and gpg.el) discard the output from GnuPG.
+(defun mml2015-extract-cleartext-signature ()
+ (goto-char (point-min))
+ (forward-line)
+ ;; We need to be careful not to strip beyond the armor headers.
+ ;; Previously, an attacker could replace the text inside our
+ ;; markup with trailing garbage by injecting whitespace into the
+ ;; message.
+ (while (looking-at "Hash:") ; The only header allowed in cleartext
+ (forward-line)) ; signatures according to RFC2440.
+ (when (looking-at "[\t ]*$")
+ (forward-line))
+ (delete-region (point-min) (point))
+ (if (re-search-forward "^-----BEGIN PGP SIGNATURE-----" nil t)
+ (delete-region (match-beginning 0) (point-max)))
+ (goto-char (point-min))
+ (while (re-search-forward "^- " nil t)
+ (replace-match "" t t)
+ (forward-line 1)))
+