mirror of
https://github.com/chatmail/core.git
synced 2026-04-19 14:36:29 +03:00
fix: Reject message with forged From even if no valid signatures are found
There are many reasons why we may fail to find valid signatures in a message, e.g. we don't yet know a public key attached in the same message, anyway, if From is forged, the message must be rejected. Also always take the displayname from encrypted From, even if no valid signatures are found.
This commit is contained in:
iequidoo
iequidoo
@@ -396,13 +396,10 @@ impl MimeMessage {
|
||||
&mail.headers,
|
||||
);
|
||||
|
||||
if let (Some(inner_from), true) = (inner_from, !signatures.is_empty()) {
|
||||
if addr_cmp(&inner_from.addr, &from.addr) {
|
||||
from_is_signed = true;
|
||||
from = inner_from;
|
||||
} else {
|
||||
// There is a From: header in the encrypted &
|
||||
// signed part, but it doesn't match the outer one.
|
||||
if let Some(inner_from) = inner_from {
|
||||
if !addr_cmp(&inner_from.addr, &from.addr) {
|
||||
// There is a From: header in the encrypted
|
||||
// part, but it doesn't match the outer one.
|
||||
// This _might_ be because the sender's mail server
|
||||
// replaced the sending address, e.g. in a mailing list.
|
||||
// Or it's because someone is doing some replay attack.
|
||||
@@ -411,7 +408,7 @@ impl MimeMessage {
|
||||
// so we return an error below.
|
||||
warn!(
|
||||
context,
|
||||
"From header in signed part doesn't match the outer one",
|
||||
"From header in encrypted part doesn't match the outer one",
|
||||
);
|
||||
|
||||
// Return an error from the parser.
|
||||
@@ -420,6 +417,8 @@ impl MimeMessage {
|
||||
// as if the MIME structure is broken.
|
||||
bail!("From header is forged");
|
||||
}
|
||||
from = inner_from;
|
||||
from_is_signed = !signatures.is_empty();
|
||||
}
|
||||
}
|
||||
if signatures.is_empty() {
|
||||
|
||||
Reference in New Issue
Block a user