Commit 6b86a05f authored by Volker Krause's avatar Volker Krause
Browse files

Fix parsing headers with a name that is a prefix of a well-known header

That is, we ended up handling e.g. "Repl:" as "Reply-To:" here, and thus
this can have side-effects on application behavior such as determining who
to send a reply to. As this might allow bypasses of mechanisms that sign
certain subset of relevant headers, this is rather problematic.

This is caused by only checking the length of the input string, but not
the length of the expected string for the name comparison.

Thanks to Marcus Brinkmann for discovering this.
parent ae6f738a
From null@kde.org Fri May 08 12:59:02 2020
Reply: Weird Receiver <foo@kde.org>
To: Volker Krause <vkrause@kde.org>
From: Null <null@kde.org>
Hi Volker,
......@@ -630,6 +630,16 @@ void MessageTest::testEmptySubject()
QVERIFY(msg->subject()->asUnicodeString().isEmpty());
}
void MessageTest::testReplyHeader()
{
auto msg = readAndParseMail(QStringLiteral("reply-header.mbox"));
QVERIFY(msg);
QVERIFY(!msg->replyTo(false));
QCOMPARE(msg->hasHeader("Reply-To"), false);
QCOMPARE(msg->hasHeader("Reply"), true);
QVERIFY(msg->headerByType("Reply"));
}
KMime::Message::Ptr MessageTest::readAndParseMail(const QString &mailFile) const
{
QFile file(QLatin1String(TEST_DATA_DIR) + QLatin1String("/mails/") + mailFile);
......
......@@ -47,6 +47,7 @@ private Q_SLOTS:
void testEncryptedMails();
void testReturnSameMail();
void testEmptySubject();
void testReplyHeader();
private:
KMime::Message::Ptr readAndParseMail(const QString &mailFile) const;
......
......@@ -38,8 +38,8 @@ using namespace KMime;
using namespace KMime::Headers;
#define mk_header(hdr) \
if (qstrnicmp(type, hdr ::staticType(), typeLen) == 0) \
return new hdr
if (qstrnicmp(type, hdr ::staticType(), std::max(typeLen, strlen(hdr::staticType()))) == 0) \
return new hdr;
Headers::Base *HeaderFactory::createHeader(const char *type, size_t typeLen)
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment