Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-22 16:26:31 +03:00
Code Issues Packages Projects Releases Wiki Activity

Remove the ability to receive signed-only messages, if the body is in a "signed" subpart

Browse Source 
We have a test for receiving `thunderbird_signed_unencrypted.eml`, so
apparently, some signed-only messages can still be received
This commit is contained in:
Hocuri
2026-04-28 15:30:48 +02:00
parent 36cb7b49fc
commit 813302a598
1 changed files with 2 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
src/mimeparser.rs
View File

@@ -304,37 +304,9 @@ impl MimeMessage {
// Parse hidden headers. // Parse hidden headers.
let mimetype = mail.ctype.mimetype.parse::<Mime>()?; let mimetype = mail.ctype.mimetype.parse::<Mime>()?;
let (part, mimetype) =
// We do not sign unencrypted messages ourselves, but are able to receive them.
if mimetype.type_() == mime::MULTIPART && mimetype.subtype().as_str() == "signed" {
if let Some(part) = mail.subparts.first() {
// We don't remove "subject" from `headers` because currently just signed
// messages are shown as unencrypted anyway.
timestamp_sent =
Self::get_timestamp_sent(&part.headers, timestamp_sent, timestamp_rcvd);
MimeMessage::merge_headers(
context,
&mut headers,
&mut headers_removed,
&mut recipients,
&mut past_members,
&mut from,
&mut list_post,
&mut chat_disposition_notification_to,
part,
);
(part, part.ctype.mimetype.parse::<Mime>()?)
} else {
// Not a valid signed message, handle it as plaintext.
(&mail, mimetype)
}
} else {
(&mail, mimetype)
};
if mimetype.type_() == mime::MULTIPART if mimetype.type_() == mime::MULTIPART
&& mimetype.subtype().as_str() == "mixed" && mimetype.subtype().as_str() == "mixed"
&& let Some(part) = part.subparts.first() && let Some(part) = mail.subparts.first()
{ {
for field in &part.headers { for field in &part.headers {
let key = field.get_key().to_lowercase(); let key = field.get_key().to_lowercase();
@@ -358,8 +330,7 @@ impl MimeMessage {
); );
} }
// Remove headers that are allowed _only_ in the encrypted+signed part. It's ok to leave // Remove headers that are allowed _only_ in the encrypted+signed part
// them in signed-only emails, but has no value currently.
let encrypted = false; let encrypted = false;
Self::remove_secured_headers(&mut headers, &mut headers_removed, encrypted); Self::remove_secured_headers(&mut headers, &mut headers_removed, encrypted);