Skip to content

Commit

Permalink
fix(GODT-3153): Do not take into account full address when hasing mes…
Browse files Browse the repository at this point in the history 
…sage.
  • Loading branch information
@rlejeune74
rlejeune74 committed Dec 6, 2023
1 parent 2ecbdd2 commit 5d4fa71
Show file tree
Hide file tree
Showing 4 changed files with 26 additions and 12 deletions.
4 changes: 2 additions & 2 deletions internal/session/handle_append.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ import (
"github.com/ProtonMail/gluon/internal/state"
"github.com/ProtonMail/gluon/profiling"
"github.com/ProtonMail/gluon/reporter"
"github.com/ProtonMail/gluon/rfc5322"
"github.com/ProtonMail/gluon/rfcvalidation"
)

func (s *Session) handleAppend(ctx context.Context, tag string, cmd *command.Append, ch chan response.Response) error {
Expand All @@ -33,7 +33,7 @@ func (s *Session) handleAppend(ctx context.Context, tag string, cmd *command.App
}

if !isDrafts {
if err := rfc5322.ValidateMessageHeaderFields(cmd.Literal); err != nil {
if err := rfcvalidation.ValidateMessageHeaderFields(cmd.Literal); err != nil {
return response.Bad(tag).WithError(err)
}
}
Expand Down
23 changes: 18 additions & 5 deletions rfc822/hash.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"mime/quotedprintable"
"strings"

"github.com/ProtonMail/gluon/rfc5322"
"github.com/sirupsen/logrus"
"golang.org/x/exp/maps"
"golang.org/x/exp/slices"
Expand All @@ -34,23 +35,23 @@ func GetMessageHash(b []byte) (string, error) {
return "", err
}

if _, err := h.Write([]byte(header.Get("From"))); err != nil {
if _, err := h.Write([]byte(getAddresses(header.Get("From")))); err != nil {
return "", err
}

if _, err := h.Write([]byte(header.Get("To"))); err != nil {
if _, err := h.Write([]byte(getAddresses(header.Get("To")))); err != nil {
return "", err
}

if _, err := h.Write([]byte(header.Get("Cc"))); err != nil {
if _, err := h.Write([]byte(getAddresses(header.Get("Cc")))); err != nil {
return "", err
}

if _, err := h.Write([]byte(header.Get("Reply-To"))); err != nil {
if _, err := h.Write([]byte(getAddresses(header.Get("Reply-To")))); err != nil {
return "", err
}

if _, err := h.Write([]byte(header.Get("In-Reply-To"))); err != nil {
if _, err := h.Write([]byte(getAddresses(header.Get("In-Reply-To")))); err != nil {
return "", err
}

Expand Down Expand Up @@ -152,3 +153,15 @@ func hashBody(writer io.Writer, body []byte, mimeType MIMEType, encoding string)

return err
}

func getAddresses(fieldAddr string) string {
addrList, err := rfc5322.ParseAddressList(fieldAddr)
if err != nil {
return ""
}
var addresses string

Check failure on line 162 in rfc822/hash.go

View workflow job for this annotation

GitHub Actions / test (ubuntu-20.04) 

declarations should never be cuddled (wsl)
for _, addr := range addrList {

Check failure on line 163 in rfc822/hash.go

View workflow job for this annotation

GitHub Actions / test (ubuntu-20.04) 

only one cuddle assignment allowed before range statement (wsl)
addresses += addr.Address
}
return addresses

Check failure on line 166 in rfc822/hash.go

View workflow job for this annotation

GitHub Actions / test (ubuntu-20.04) 

return statements should not be cuddled if block has more than two lines (wsl)
}
9 changes: 5 additions & 4 deletions rfc5322/validation.go → rfcvalidation/validation.go
View file
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
package rfc5322
package rfcvalidation

import (
"errors"
"fmt"

"github.com/ProtonMail/gluon/rfc5322"
"github.com/ProtonMail/gluon/rfc822"
)

Expand Down Expand Up @@ -37,7 +38,7 @@ func ValidateMessageHeaderFields(literal []byte) error {
}

// Check if From is a multi address. If so, a sender filed must be present and non-empty.
addresses, err := ParseAddressList(value)
addresses, err := rfc5322.ParseAddressList(value)
if err != nil {
return fmt.Errorf("%w: failed to parse From header: %v", ErrInvalidMessage, err)
}
Expand All @@ -47,7 +48,7 @@ func ValidateMessageHeaderFields(literal []byte) error {
if len(senderValue) == 0 {
return fmt.Errorf("%w: Required header field 'Sender' not found or empty", ErrInvalidMessage)
}
_, err := ParseAddress(senderValue)
_, err := rfc5322.ParseAddress(senderValue)
if err != nil {
return fmt.Errorf("%w: failed to parse Sender header: %v", ErrInvalidMessage, err)
}
Expand All @@ -58,7 +59,7 @@ func ValidateMessageHeaderFields(literal []byte) error {
return fmt.Errorf("%w: Required header field 'Sender' should not be empty", ErrInvalidMessage)
}

_, err := ParseAddress(senderValue)
_, err := rfc5322.ParseAddress(senderValue)
if err != nil {
return fmt.Errorf("%w: failed to parse Sender header: %v", ErrInvalidMessage, err)
}
Expand Down
2 changes: 1 addition & 1 deletion rfc5322/validation_test.go → rfcvalidation/validation_test.go
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package rfc5322
package rfcvalidation

import (
"testing"
Expand Down

0 comments on commit 5d4fa71

Please sign in to comment.