[balsa/gtk3] Obfuscate the message-id header (Albrecht Dr eß)
- From: Peter Bloomfield <peterb src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [balsa/gtk3] Obfuscate the message-id header (Albrecht Dr eß)
- Date: Sun, 1 Mar 2015 20:44:54 +0000 (UTC)
commit 306b30023b5b234e9c7c120a46840631dd158ef9
Author: Peter Bloomfield <PeterBloomfield bellsouth net>
Date: Sun Mar 1 14:49:13 2015 -0500
Obfuscate the message-id header (Albrecht Dreß)
* libbalsa/send.c (libbalsa_set_message_id): obfuscate the
message-id header (in response to bgo #738155).
ChangeLog | 7 ++++++
libbalsa/send.c | 63 ++++++++++++++++++++++++++++++++++++------------------
2 files changed, 49 insertions(+), 21 deletions(-)
---
diff --git a/ChangeLog b/ChangeLog
index fb5a59f..e68f48a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2015-03-01 Albrecht Dreß
+
+ Obfuscate the message-id header
+
+ * libbalsa/send.c (libbalsa_set_message_id): obfuscate the
+ message-id header (in response to bgo #738155).
+
2015-03-01 Peter Bloomfield <pbloomfield bellsouth net>
Use pan-down-symbolic instead of balsa-drop-down
diff --git a/libbalsa/send.c b/libbalsa/send.c
index def8cb5..b7e3460 100644
--- a/libbalsa/send.c
+++ b/libbalsa/send.c
@@ -2046,29 +2046,50 @@ libbalsa_message_postpone(LibBalsaMessage * message,
static void
libbalsa_set_message_id(GMimeMessage * mime_message)
{
- struct utsname utsbuf;
- const gchar *host = "localhost";
+ static GMutex mutex; /* as to make me thread-safe... */
+ static GRand *rand = NULL;
+ static struct {
+ gint64 now_monotonic;
+ gdouble randval;
+ char user_name[16];
+ char host_name[16];
+ } id_data;
+ GHmac *msg_id_hash;
+ guint8 buffer[32];
+ gsize buflen;
gchar *message_id;
-#if defined(_GNU_SOURCE) && defined(HAVE_STRUCT_UTSNAME_DOMAINNAME)
- gchar *fqdn;
- const gchar *domain = "localdomain";
-
- /* In an ideal world, uname() allows us to make a FQDN. */
- if (uname(&utsbuf) == 0) {
- if (*utsbuf.nodename)
- host = utsbuf.nodename;
- if (*utsbuf.domainname)
- domain = utsbuf.domainname;
+
+ g_mutex_lock(&mutex);
+ if (rand == NULL) {
+ /* initialise some stuff on first-time use... */
+ rand = g_rand_new_with_seed((guint32) time(NULL));
+ strncpy(id_data.user_name, g_get_user_name(),
+ sizeof(id_data.user_name));
+ strncpy(id_data.host_name, g_get_host_name(),
+ sizeof(id_data.host_name));
}
- fqdn = g_strconcat(host, ".", domain, NULL);
- message_id = g_mime_utils_generate_message_id(fqdn);
- g_free(fqdn);
-#else /* _GNU_SOURCE */
-
- if (uname(&utsbuf) == 0 && *utsbuf.nodename)
- host = utsbuf.nodename;
- message_id = g_mime_utils_generate_message_id(host);
-#endif /* _GNU_SOURCE */
+
+ /* get some randomness... */
+ id_data.now_monotonic = g_get_monotonic_time();
+ id_data.randval = g_rand_double(rand);
+
+ /* hash the buffer */
+ msg_id_hash =
+ g_hmac_new(G_CHECKSUM_SHA256, (const guchar *) &id_data,
+ sizeof(id_data));
+ buflen = sizeof(buffer);
+ g_hmac_get_digest(msg_id_hash, buffer, &buflen);
+ g_hmac_unref(msg_id_hash);
+ g_mutex_unlock(&mutex);
+
+ /* create a msg id string
+ * Note: RFC 5322, sect. 3.6.4 explicitly allows the form
+ * dot-atom-text "@" dot-atom-text
+ * where dot-atom-text may include all base64 (RFC 1421) chars,
+ * including '+' and '/' */
+ message_id = g_base64_encode(buffer, buflen);
+ memmove(message_id + 23, message_id + 22, strlen(message_id) - 23);
+ message_id[22] = '@';
g_mime_message_set_message_id(mime_message, message_id);
g_free(message_id);
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]