Do not accept protected From headers

Signatures are checked for unprotected From, so it should not be modified afterwards.
2026-04-17 21:46:35 +03:00 · 2020-08-02 17:26:05 +03:00
parent a4ca9f738b
commit b23fe6d976
1 changed files with 6 additions and 1 deletions
--- a/src/mimeparser.rs
+++ b/src/mimeparser.rs
@@ -155,11 +155,16 @@ impl MimeMessage {

                    // let known protected headers from the decrypted
                    // part override the unencrypted top-level
+
+                    // Signature was checked for original From, so we
+                    // do not allow overriding it.
+                    let mut throwaway_from = from.clone();
+
                    MimeMessage::merge_headers(
                        context,
                        &mut headers,
                        &mut recipients,
-                        &mut from,
+                        &mut throwaway_from,
                        &mut chat_disposition_notification_to,
                        &decrypted_mail.headers,
                    );