From 80e314f205d513f28fdf5bc07cce07b8661bc551 Mon Sep 17 00:00:00 2001
From: Kevin McCarthy <kevin@8t8.us>
Date: Sun, 10 Apr 2016 16:02:06 -0700
Subject: [PATCH] Fix mutt_protect() when INLINE is set. (closes #3828)

The oppenc changes allow security bits to be set even when not
encrypting or signing (for instance, OPPENCRYPT and INLINE).

mutt_protect() assumed that if INLINE is set, then either ENCRYPT or
SIGN must also be set.  Specifically, it would end up inline-signing
the message even though neither was set.

Ensure mutt_protect() is a noop if neither SIGN or ENCRYPT are set.

In ci_send_message(), check for sign or encrypt before calling the
crypt_get_keys() / mutt_protect() block, and also in the fcc section
(since clear_content would be NULL if not).

The second change to the fcc part is somewhat redundant, but better to
be explicit and avoid the case where the subtype is somehow
"encrypted" or "signed" even though msg->security wasn't set thus.
---
 crypt.c | 3 +++
 send.c  | 5 +++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/crypt.c b/crypt.c
index 88820047..570cc361 100644
--- a/crypt.c
+++ b/crypt.c
@@ -137,6 +137,9 @@ int mutt_protect (HEADER *msg, char *keylist)
   if (!WithCrypto)
     return -1;
 
+  if (!(msg->security & (ENCRYPT | SIGN)))
+    return 0;
+
   if ((msg->security & SIGN) && !crypt_valid_passphrase (msg->security))
     return (-1);
 
diff --git a/send.c b/send.c
index d4ac0377..387de5db 100644
--- a/send.c
+++ b/send.c
@@ -1717,7 +1717,7 @@ main_loop:
   
   if (WithCrypto)
   {
-    if (msg->security)  
+    if (msg->security & (ENCRYPT | SIGN))
     {
       /* save the decrypted attachments */
       clear_content = msg->content;
@@ -1781,7 +1781,7 @@ main_loop:
     BODY *save_sig = NULL;
     BODY *save_parts = NULL;
 
-    if (WithCrypto && msg->security && option (OPTFCCCLEAR))
+    if (WithCrypto && (msg->security & (ENCRYPT | SIGN)) && option (OPTFCCCLEAR))
       msg->content = clear_content;
 
     /* check to see if the user wants copies of all attachments */
@@ -1789,6 +1789,7 @@ main_loop:
 	msg->content->type == TYPEMULTIPART)
     {
       if (WithCrypto
+          && (msg->security & (ENCRYPT | SIGN))
           && (mutt_strcmp (msg->content->subtype, "encrypted") == 0 ||
               mutt_strcmp (msg->content->subtype, "signed") == 0))
       {
-- 
2.40.0