Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-05 22:36:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

make sure, Secure-Join-Fingerprint is not accepted unencrypted

Browse Source
This commit is contained in:
B. Petersen
2020-02-28 18:28:47 +01:00
committed by holger krekel
parent 5ded8fb400
commit 278454287c
1 changed files with 13 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/mimeparser.rs
View File

@@ -92,6 +92,9 @@ impl MimeMessage {
// init known headers with what mailparse provided us // init known headers with what mailparse provided us
MimeMessage::merge_headers(&mut headers, &mail.headers); MimeMessage::merge_headers(&mut headers, &mail.headers);
// remove headers that are allowed _only_ in the encrypted part
headers.remove("secure-join-fingerprint");
// Memory location for a possible decrypted message. // Memory location for a possible decrypted message.
let mail_raw; let mail_raw;
let mut gossipped_addr = Default::default(); let mut gossipped_addr = Default::default();
@@ -1174,14 +1177,16 @@ mod tests {
Content-Type: multipart/mixed; boundary=\"==break==\";\n\ Content-Type: multipart/mixed; boundary=\"==break==\";\n\
Subject: outer-subject\n\ Subject: outer-subject\n\
Secure-Join-Group: no\n\ Secure-Join-Group: no\n\
Test-Header: Bar\nChat-Version: 0.0\n\ Secure-Join-Fingerprint: 123456\n\
Test-Header: Bar\n\
chat-VERSION: 0.0\n\
\n\ \n\
--==break==\n\ --==break==\n\
Content-Type: text/plain; protected-headers=\"v1\";\n\ Content-Type: text/plain; protected-headers=\"v1\";\n\
Subject: inner-subject\n\ Subject: inner-subject\n\
SecureBar-Join-Group: yes\n\ SecureBar-Join-Group: yes\n\
Test-Header: Xy\n\ Test-Header: Xy\n\
Chat-Version: 1.0\n\ chat-VERSION: 1.0\n\
\n\ \n\
test1\n\ test1\n\
\n\ \n\
@@ -1200,12 +1205,17 @@ mod tests {
// the following fields would bubble up // the following fields would bubble up
// if the test would really use encryption for the protected part // if the test would really use encryption for the protected part
// however, as this is not the case, the outer things stay valid // however, as this is not the case, the outer things stay valid.
// for Chat-Version, also the case-insensivity is tested.
assert_eq!(mimeparser.get_subject(), Some("outer-subject".into())); assert_eq!(mimeparser.get_subject(), Some("outer-subject".into()));
let of = mimeparser.get(HeaderDef::ChatVersion).unwrap(); let of = mimeparser.get(HeaderDef::ChatVersion).unwrap();
assert_eq!(of, "0.0"); assert_eq!(of, "0.0");
assert_eq!(mimeparser.parts.len(), 1); assert_eq!(mimeparser.parts.len(), 1);
// make sure, headers that are only allowed in the encrypted part
// cannot be set from the outer part
assert!(mimeparser.get(HeaderDef::SecureJoinFingerprint).is_none());
} }
#[test] #[test]