Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-26 01:46:34 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: protect Secure-Join header

Browse Source 
Secure-Join header must come from protected headers
unless it is a "vc-request" or "vg-request".
This commit is contained in:
link2xt
2024-02-09 08:35:44 +00:00
parent 01ac9c8b90
commit 3c4c701f9b
1 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/mimeparser.rs
View File

@@ -1388,6 +1388,13 @@ impl MimeMessage {
headers.remove("secure-join-fingerprint");
headers.remove("chat-verified");
headers.remove("autocrypt-gossip");
// Secure-Join is secured unless it is an initial "vc-request"/"vg-request".
if let Some(secure_join) = headers.remove("secure-join") {
if secure_join == "vc-request" || secure_join == "vg-request" {
headers.insert("secure-join".to_string(), secure_join);
}
}
}
fn merge_headers(
@@ -1812,6 +1819,8 @@ pub(crate) fn parse_message_id(ids: &str) -> Result<String> {
}
}
/// Returns true if the header overwrites outer header
/// when it comes from protected headers.
fn is_known(key: &str) -> bool {
matches!(
key,
@@ -1827,6 +1836,7 @@ fn is_known(key: &str) -> bool {
| "in-reply-to"
| "references"
| "subject"
| "secure-join"
)
}