]> git.ipfire.org Git - thirdparty/dovecot/core.git/commitdiff
projects / thirdparty / dovecot / core.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d422cad)
lib-mail: Parse multiple address headers the same as if they were in a single header
authorTimo Sirainen <timo.sirainen@open-xchange.com>
Fri, 6 Sep 2019 09:09:58 +0000 (12:09 +0300)
committeraki.tuomi <aki.tuomi@open-xchange.com>
Fri, 31 Jan 2020 11:58:41 +0000 (11:58 +0000)
This is better from security point of view.

src/lib-mail/message-part-data.c patch | blob | blame | history

diff --git a/src/lib-mail/message-part-data.c b/src/lib-mail/message-part-data.c
index d3f102ed29b7de58dc6a05f43bcfab2b630af193..94f97fad36c7b411bd6201244c2a10ac8b22150b 100644 (file)
--- a/src/lib-mail/message-part-data.c
+++ b/src/lib-mail/message-part-data.c
@@ -176,7 +176,7 @@ void message_part_envelope_parse_from_header(pool_t pool,
 {
        struct message_part_envelope *d;
        enum envelope_field field;
-       struct message_address **addr_p;
+       struct message_address **addr_p, *addr;
        const char **str_p;
 
        if (*data == NULL) {
@@ -234,10 +234,18 @@ void message_part_envelope_parse_from_header(pool_t pool,
        }
 
        if (addr_p != NULL) {
-               *addr_p = message_address_parse(pool, hdr->full_value,
-                                               hdr->full_value_len,
-                                               UINT_MAX,
-                                               MESSAGE_ADDRESS_PARSE_FLAG_FILL_MISSING);
+               addr = message_address_parse(pool, hdr->full_value,
+                                            hdr->full_value_len,
+                                            UINT_MAX,
+                                            MESSAGE_ADDRESS_PARSE_FLAG_FILL_MISSING);
+               /* Merge multiple headers the same as if they were comma
+                  separated in a single line. This is better from security
+                  point of view, because attacker could intentionally write
+                  addresses in a way that e.g. the first From header is
+                  validated while MUA only shows the second From header. */
+               while (*addr_p != NULL)
+                       addr_p = &(*addr_p)->next;
+               *addr_p = addr;
        } else if (str_p != NULL) {
                *str_p = message_header_strdup(pool, hdr->full_value,
                                               hdr->full_value_len);
Mirror of https://github.com/dovecot/core.git