From caaf10897f9ec071a54b077cc9f180886936e5b7 Mon Sep 17 00:00:00 2001 From: Romain <98847233+rlejeune74@users.noreply.github.com> Date: Wed, 6 Dec 2023 16:21:52 +0100 Subject: [PATCH] =?UTF-8?q?fix(GODT-3153):=20Do=20not=20take=20into=20acco?= =?UTF-8?q?unt=20full=20address=20when=20hasing=20mes=E2=80=A6=20(#401)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fix(GODT-3153): Do not take into account full address when hasing message. --- internal/session/handle_append.go | 4 +-- rfc822/hash.go | 26 +++++++++++++++---- {rfc5322 => rfcvalidation}/validation.go | 9 ++++--- {rfc5322 => rfcvalidation}/validation_test.go | 2 +- 4 files changed, 29 insertions(+), 12 deletions(-) rename {rfc5322 => rfcvalidation}/validation.go (89%) rename {rfc5322 => rfcvalidation}/validation_test.go (98%) diff --git a/internal/session/handle_append.go b/internal/session/handle_append.go index bee2b7bf..93aa3413 100644 --- a/internal/session/handle_append.go +++ b/internal/session/handle_append.go @@ -9,7 +9,7 @@ import ( "github.com/ProtonMail/gluon/internal/state" "github.com/ProtonMail/gluon/profiling" "github.com/ProtonMail/gluon/reporter" - "github.com/ProtonMail/gluon/rfc5322" + "github.com/ProtonMail/gluon/rfcvalidation" ) func (s *Session) handleAppend(ctx context.Context, tag string, cmd *command.Append, ch chan response.Response) error { @@ -33,7 +33,7 @@ func (s *Session) handleAppend(ctx context.Context, tag string, cmd *command.App } if !isDrafts { - if err := rfc5322.ValidateMessageHeaderFields(cmd.Literal); err != nil { + if err := rfcvalidation.ValidateMessageHeaderFields(cmd.Literal); err != nil { return response.Bad(tag).WithError(err) } } diff --git a/rfc822/hash.go b/rfc822/hash.go index 17ba51cf..fb478456 100644 --- a/rfc822/hash.go +++ b/rfc822/hash.go @@ -8,6 +8,7 @@ import ( "mime/quotedprintable" "strings" + "github.com/ProtonMail/gluon/rfc5322" "github.com/sirupsen/logrus" "golang.org/x/exp/maps" "golang.org/x/exp/slices" @@ -34,23 +35,23 @@ func GetMessageHash(b []byte) (string, error) { return "", err } - if _, err := h.Write([]byte(header.Get("From"))); err != nil { + if _, err := h.Write([]byte(getAddresses(header.Get("From")))); err != nil { return "", err } - if _, err := h.Write([]byte(header.Get("To"))); err != nil { + if _, err := h.Write([]byte(getAddresses(header.Get("To")))); err != nil { return "", err } - if _, err := h.Write([]byte(header.Get("Cc"))); err != nil { + if _, err := h.Write([]byte(getAddresses(header.Get("Cc")))); err != nil { return "", err } - if _, err := h.Write([]byte(header.Get("Reply-To"))); err != nil { + if _, err := h.Write([]byte(getAddresses(header.Get("Reply-To")))); err != nil { return "", err } - if _, err := h.Write([]byte(header.Get("In-Reply-To"))); err != nil { + if _, err := h.Write([]byte(getAddresses(header.Get("In-Reply-To")))); err != nil { return "", err } @@ -152,3 +153,18 @@ func hashBody(writer io.Writer, body []byte, mimeType MIMEType, encoding string) return err } + +func getAddresses(fieldAddr string) string { + var addresses string + + addrList, err := rfc5322.ParseAddressList(fieldAddr) + if err != nil { + return fieldAddr + } + + for _, addr := range addrList { + addresses += addr.Address + } + + return addresses +} diff --git a/rfc5322/validation.go b/rfcvalidation/validation.go similarity index 89% rename from rfc5322/validation.go rename to rfcvalidation/validation.go index 5e149af8..0908586f 100644 --- a/rfc5322/validation.go +++ b/rfcvalidation/validation.go @@ -1,9 +1,10 @@ -package rfc5322 +package rfcvalidation import ( "errors" "fmt" + "github.com/ProtonMail/gluon/rfc5322" "github.com/ProtonMail/gluon/rfc822" ) @@ -37,7 +38,7 @@ func ValidateMessageHeaderFields(literal []byte) error { } // Check if From is a multi address. If so, a sender filed must be present and non-empty. - addresses, err := ParseAddressList(value) + addresses, err := rfc5322.ParseAddressList(value) if err != nil { return fmt.Errorf("%w: failed to parse From header: %v", ErrInvalidMessage, err) } @@ -47,7 +48,7 @@ func ValidateMessageHeaderFields(literal []byte) error { if len(senderValue) == 0 { return fmt.Errorf("%w: Required header field 'Sender' not found or empty", ErrInvalidMessage) } - _, err := ParseAddress(senderValue) + _, err := rfc5322.ParseAddress(senderValue) if err != nil { return fmt.Errorf("%w: failed to parse Sender header: %v", ErrInvalidMessage, err) } @@ -58,7 +59,7 @@ func ValidateMessageHeaderFields(literal []byte) error { return fmt.Errorf("%w: Required header field 'Sender' should not be empty", ErrInvalidMessage) } - _, err := ParseAddress(senderValue) + _, err := rfc5322.ParseAddress(senderValue) if err != nil { return fmt.Errorf("%w: failed to parse Sender header: %v", ErrInvalidMessage, err) } diff --git a/rfc5322/validation_test.go b/rfcvalidation/validation_test.go similarity index 98% rename from rfc5322/validation_test.go rename to rfcvalidation/validation_test.go index 835fb899..bfb17332 100644 --- a/rfc5322/validation_test.go +++ b/rfcvalidation/validation_test.go @@ -1,4 +1,4 @@ -package rfc5322 +package rfcvalidation import ( "testing"