From: Timo Sirainen <timo.sirainen@open-xchange.com>
Date: Fri, 6 Sep 2019 09:09:58 +0000 (+0300)
Subject: lib-mail: Parse multiple address headers the same as if they were in a single header
X-Git-Tag: 2.3.10~117
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=469fcd3bdd7df40bb8f4d131121f3bfbceade02a;p=thirdparty%2Fdovecot%2Fcore.git

lib-mail: Parse multiple address headers the same as if they were in a single header

This is better from security point of view.
---

diff --git a/src/lib-mail/message-part-data.c b/src/lib-mail/message-part-data.c
index d3f102ed29..94f97fad36 100644
--- a/src/lib-mail/message-part-data.c
+++ b/src/lib-mail/message-part-data.c
@@ -176,7 +176,7 @@ void message_part_envelope_parse_from_header(pool_t pool,
 {
 	struct message_part_envelope *d;
 	enum envelope_field field;
-	struct message_address **addr_p;
+	struct message_address **addr_p, *addr;
 	const char **str_p;
 
 	if (*data == NULL) {
@@ -234,10 +234,18 @@ void message_part_envelope_parse_from_header(pool_t pool,
 	}
 
 	if (addr_p != NULL) {
-		*addr_p = message_address_parse(pool, hdr->full_value,
-						hdr->full_value_len,
-						UINT_MAX,
-						MESSAGE_ADDRESS_PARSE_FLAG_FILL_MISSING);
+		addr = message_address_parse(pool, hdr->full_value,
+					     hdr->full_value_len,
+					     UINT_MAX,
+					     MESSAGE_ADDRESS_PARSE_FLAG_FILL_MISSING);
+		/* Merge multiple headers the same as if they were comma
+		   separated in a single line. This is better from security
+		   point of view, because attacker could intentionally write
+		   addresses in a way that e.g. the first From header is
+		   validated while MUA only shows the second From header. */
+		while (*addr_p != NULL)
+			addr_p = &(*addr_p)->next;
+		*addr_p = addr;
 	} else if (str_p != NULL) {
 		*str_p = message_header_strdup(pool, hdr->full_value,
 					       hdr->full_value_len);