protect against attackers dropping the protect-this-chat message by not showing unprotected messages directly; this is done by checking the Chat-Verified flag on each incoming message. moreover, make sure, the flag is signed+encrypted (it must be read from the protected headers).

2026-04-26 09:56:35 +03:00 · 2020-10-06 15:19:58 +02:00
parent f144426bf5
commit 45dae1ff0c
2 changed files with 6 additions and 0 deletions
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -127,6 +127,7 @@ impl MimeMessage {

        // remove headers that are allowed _only_ in the encrypted part
        headers.remove("secure-join-fingerprint");
+        headers.remove("chat-verified");

        // Memory location for a possible decrypted message.
        let mail_raw;