From 3c4c701f9b7316a37d47864b43d7e421c3e15461 Mon Sep 17 00:00:00 2001
From: link2xt <link2xt@testrun.org>
Date: Fri, 9 Feb 2024 08:35:44 +0000
Subject: [PATCH] fix: protect Secure-Join header

Secure-Join header must come from protected headers
unless it is a "vc-request" or "vg-request".
---
 src/mimeparser.rs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/mimeparser.rs b/src/mimeparser.rs
index a67749cc3..35fcf9f5f 100644
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -1388,6 +1388,13 @@ impl MimeMessage {
         headers.remove("secure-join-fingerprint");
         headers.remove("chat-verified");
         headers.remove("autocrypt-gossip");
+
+        // Secure-Join is secured unless it is an initial "vc-request"/"vg-request".
+        if let Some(secure_join) = headers.remove("secure-join") {
+            if secure_join == "vc-request" || secure_join == "vg-request" {
+                headers.insert("secure-join".to_string(), secure_join);
+            }
+        }
     }
 
     fn merge_headers(
@@ -1812,6 +1819,8 @@ pub(crate) fn parse_message_id(ids: &str) -> Result<String> {
     }
 }
 
+/// Returns true if the header overwrites outer header
+/// when it comes from protected headers.
 fn is_known(key: &str) -> bool {
     matches!(
         key,
@@ -1827,6 +1836,7 @@ fn is_known(key: &str) -> bool {
             | "in-reply-to"
             | "references"
             | "subject"
+            | "secure-join"
     )
 }