Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-02 12:56:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

Do not accept protected From headers

Browse Source 
Signatures are checked for unprotected From, so it should not be modified
afterwards.
This commit is contained in:
Alexander Krotov
2020-08-02 17:26:05 +03:00
committed by link2xt
parent a4ca9f738b
commit b23fe6d976
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
src/mimeparser.rs
View File

@@ -155,11 +155,16 @@ impl MimeMessage {
// let known protected headers from the decrypted // let known protected headers from the decrypted
// part override the unencrypted top-level // part override the unencrypted top-level
// Signature was checked for original From, so we
// do not allow overriding it.
let mut throwaway_from = from.clone();
MimeMessage::merge_headers( MimeMessage::merge_headers(
context, context,
&mut headers, &mut headers,
&mut recipients, &mut recipients,
&mut from, &mut throwaway_from,
&mut chat_disposition_notification_to, &mut chat_disposition_notification_to,
&decrypted_mail.headers, &decrypted_mail.headers,
); );