Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-04-26 01:46:34 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: reject messages with protected From not corresponding to outer From

Browse Source
This commit is contained in:
link2xt
2024-02-10 21:38:26 +00:00
parent 6cee295a5d
commit c03e163ed2
2 changed files with 29 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/mimeparser.rs
View File

@@ -378,13 +378,20 @@ impl MimeMessage {
// signed part, but it doesn't match the outer one.
// This _might_ be because the sender's mail server
// replaced the sending address, e.g. in a mailing list.
// Or it's because someone is doing some replay attack
// - OTOH, I can't come up with an attack scenario
// where this would be useful.
// Or it's because someone is doing some replay attack.
// Resending encrypted messages via mailing lists
// without reencrypting is not useful anyway,
// so we return an error below.
warn!(
context,
"From header in signed part doesn't match the outer one",
);
// Return an error from the parser.
// This will result in creating a tombstone
// and no further message processing
// as if the MIME structure is broken.
bail!("From header is forged");
}
}
}