Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: Ignore protected headers in outer message part (#6357) #6370

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

iequidoo
Copy link
Collaborator

@iequidoo iequidoo commented Dec 28, 2024

No description provided.

@iequidoo iequidoo marked this pull request as ready for review December 28, 2024 02:00
@iequidoo iequidoo requested review from link2xt and Hocuri December 28, 2024 02:00
if !headers.contains_key(&key) || // key already exists, only overwrite known types (protected headers)
is_known(&key) || key.starts_with("chat-")
{
// Don't overwrite unprotected headers, but overwrite protected ones because DKIM
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this comment, why is it important here that DKIM signature applies to last headers?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At least test_take_last_header() breaks if i remove || is_protected(&key) here. For unprotected headers we just don't mind. Feel free to improve the comment

@iequidoo iequidoo force-pushed the iequidoo/outer-protected-hdrs branch from 3ff41b4 to 5445310 Compare December 28, 2024 20:23
@iequidoo iequidoo requested a review from link2xt December 28, 2024 20:32
@iequidoo iequidoo force-pushed the iequidoo/outer-protected-hdrs branch from 5445310 to 92a4af4 Compare December 29, 2024 17:30
Delta Chat always adds protected headers to the inner encrypted or signed message, so if a protected
header is only present in the outer part, it should be ignored because it's probably added by the
server or somebody else. The exception is Subject because there are known cases when it's only
present in the outer message part, e.g. an encrypted unsigned Thunderbird message.

Also treat any Chat-* headers as protected. This fixes e.g. a case when the server injects a
"Chat-Version" IMF header tricking Delta Chat into thinking that it's a chat message.

Also handle "Auto-Submitted" and "Autocrypt-Setup-Message" as protected headers on the receiver
side, this was apparently forgotten.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

2 participants