Mirrors/chatmail-core
1
0
Fork 0
mirror of https://github.com/chatmail/core.git synced 2026-05-02 12:56:30 +03:00
Code Issues Packages Projects Releases Wiki Activity

Do not allow peerstate reset if DKIM check failed

Browse Source 
The problem was that a message without Autocrypt key or with a wrong
signature resets peerstate regardless of what DKIM check says. I
inserted sleep(1.1) to make sure reset always happens and make the bug
reproducible, then fixed it by forbidding reset if DKIM check fails.

https://github.com/deltachat/deltachat-core-rust/pull/3731
This commit is contained in:
link2xt
2022-11-05 01:44:37 +00:00
parent cb1a4291d0 037739c634
commit e93dc33ef8
3 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -40,6 +40,7 @@
### Fixes ### Fixes
- `dc_search_msgs()` returns unaccepted requests #3694 - `dc_search_msgs()` returns unaccepted requests #3694
- emit "contacts changed" event when the contact is no longer "seen recently" #3703 - emit "contacts changed" event when the contact is no longer "seen recently" #3703
- do not allow peerstate reset if DKIM check failed #3731
## 1.98.0 ## 1.98.0

8
src/authres.rs
View File

@@ -357,6 +357,7 @@ mod tests {
use super::*; use super::*;
use crate::aheader::EncryptPreference;
use crate::e2ee; use crate::e2ee;
use crate::mimeparser; use crate::mimeparser;
use crate::peerstate::Peerstate; use crate::peerstate::Peerstate;
@@ -665,6 +666,10 @@ Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@
tcm.section("An attacker, bob2, sends a from-forged email to Alice!"); tcm.section("An attacker, bob2, sends a from-forged email to Alice!");
// Sleep to make sure key reset is ignored because of DKIM failure
// and not because reordering is suspected.
tokio::time::sleep(std::time::Duration::from_millis(1100)).await;
let bob2 = tcm.unconfigured().await; let bob2 = tcm.unconfigured().await;
bob2.configure_addr("bob@example.net").await; bob2.configure_addr("bob@example.net").await;
e2ee::ensure_secret_key_exists(&bob2).await?; e2ee::ensure_secret_key_exists(&bob2).await?;
@@ -686,6 +691,9 @@ Authentication-Results: box.hispanilandia.net; spf=pass smtp.mailfrom=adbenitez@
.await? .await?
.unwrap(); .unwrap();
// Encryption preference is still mutual.
assert_eq!(bob_state.prefer_encrypt, EncryptPreference::Mutual);
// Also check that the keypair was not changed // Also check that the keypair was not changed
assert_eq!( assert_eq!(
bob_state.public_key.unwrap(), bob_state.public_key.unwrap(),

1
src/mimeparser.rs
View File

@@ -298,6 +298,7 @@ impl MimeMessage {
if let Some(peerstate) = &mut decryption_info.peerstate { if let Some(peerstate) = &mut decryption_info.peerstate {
if message_time > peerstate.last_seen_autocrypt if message_time > peerstate.last_seen_autocrypt
&& mail.ctype.mimetype != "multipart/report" && mail.ctype.mimetype != "multipart/report"
&& decryption_info.dkim_results.allow_keychange
{ {
peerstate.degrade_encryption(message_time); peerstate.degrade_encryption(message_time);
peerstate.save_to_db(&context.sql, false).await?; peerstate.save_to_db(&context.sql, false).await?;