Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-05 14:26:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: Ignore secured headers in signed-only messages

Browse Source 
It was unclear why some `mimeparser` checks look at signatures for signed-only messages, e.g. when
deciding whether to remove secured headers such as "Secure-Join", and others don't do that. Better
don't look at signatures of signed-only messages at all, we don't want to process them in any
special way, they should follow the same code paths as usual unencrypted messages.
This commit is contained in:
iequidoo
2026-04-02 16:29:46 -03:00
parent ec5117a6c2
commit cd6fddc3a5
1 changed files with 9 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/mimeparser.rs
View File

@@ -24,6 +24,7 @@ use crate::context::Context;
use crate::decrypt::{self, validate_detached_signature}; use crate::decrypt::{self, validate_detached_signature};
use crate::dehtml::dehtml; use crate::dehtml::dehtml;
use crate::download::PostMsgMetadata; use crate::download::PostMsgMetadata;
use crate::ensure_and_debug_assert;
use crate::events::EventType; use crate::events::EventType;
use crate::headerdef::{HeaderDef, HeaderDefMap}; use crate::headerdef::{HeaderDef, HeaderDefMap};
use crate::key::{self, DcKey, Fingerprint, SignedPublicKey}; use crate::key::{self, DcKey, Fingerprint, SignedPublicKey};
@@ -517,6 +518,7 @@ impl MimeMessage {
} }
let mut signatures = if let Some(ref decrypted_msg) = decrypted_msg { let mut signatures = if let Some(ref decrypted_msg) = decrypted_msg {
ensure_and_debug_assert!(is_encrypted,);
crate::pgp::valid_signature_fingerprints(decrypted_msg, &public_keyring) crate::pgp::valid_signature_fingerprints(decrypted_msg, &public_keyring)
} else { } else {
HashMap::new() HashMap::new()
@@ -525,11 +527,13 @@ impl MimeMessage {
let mail = mail.as_ref().map(|mail| { let mail = mail.as_ref().map(|mail| {
let (content, signatures_detached) = validate_detached_signature(mail, &public_keyring) let (content, signatures_detached) = validate_detached_signature(mail, &public_keyring)
.unwrap_or((mail, Default::default())); .unwrap_or((mail, Default::default()));
let signatures_detached = signatures_detached if is_encrypted {
.into_iter() let signatures_detached = signatures_detached
.map(|fp| (fp, Vec::new())) .into_iter()
.collect::<HashMap<_, _>>(); .map(|fp| (fp, Vec::new()))
signatures.extend(signatures_detached); .collect::<HashMap<_, _>>();
signatures.extend(signatures_detached);
}
content content
}); });
@@ -613,9 +617,6 @@ impl MimeMessage {
if signatures.is_empty() { if signatures.is_empty() {
Self::remove_secured_headers(&mut headers, &mut headers_removed, is_encrypted); Self::remove_secured_headers(&mut headers, &mut headers_removed, is_encrypted);
} }
if !is_encrypted {
signatures.clear();
}
if let (Ok(mail), true) = (mail, is_encrypted) if let (Ok(mail), true) = (mail, is_encrypted)
&& let Some(post_msg_rfc724_mid) = && let Some(post_msg_rfc724_mid) =