[geary/wip/491-email-spoofing-case-3-32: 2/3] Don't consider substrings when checking distinct mailbox names
- From: Michael Gratton <mjog src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [geary/wip/491-email-spoofing-case-3-32: 2/3] Don't consider substrings when checking distinct mailbox names
- Date: Wed, 17 Jul 2019 09:10:50 +0000 (UTC)
commit eafc0833b34cd4b3d026cce1cd56456c090293a2
Author: Michael Gratton <mike vee net>
Date: Wed Jul 17 18:06:20 2019 +1000
Don't consider substrings when checking distinct mailbox names
RFC822.MailboxAddress.has_distinct_name() really needs to not do
sub-string checks since it will cause addresses like
`"foo-bar@baz" <bar@baz>` to not have a distinct name. To keep the fix
for #491 in effect, also adds special case checking for sinlge quotes.
Add some more tests to cover these cases.
Partially reverts commit 6e137eb64984f365156ac956e42f32cd452c6141
See discussion in GNOME/geary!252
src/engine/rfc822/rfc822-mailbox-address.vala | 20 ++++++++++++++++----
test/engine/rfc822-mailbox-address-test.vala | 4 +++-
2 files changed, 19 insertions(+), 5 deletions(-)
---
diff --git a/src/engine/rfc822/rfc822-mailbox-address.vala b/src/engine/rfc822/rfc822-mailbox-address.vala
index 07560000..f4e84fb8 100644
--- a/src/engine/rfc822/rfc822-mailbox-address.vala
+++ b/src/engine/rfc822/rfc822-mailbox-address.vala
@@ -409,17 +409,29 @@ public class Geary.RFC822.MailboxAddress :
* Determines if the name part is different to the address part.
*
* @return //true// if {@link name} is not empty, and the
- * normalised {@link address} part is not contained within the
- * name part when performing a case-insensitive comparison.
+ * normalised {@link address} part is not equal to the name part
+ * when performing a case-insensitive comparison.
*/
public bool has_distinct_name() {
string name = Geary.String.reduce_whitespace(this.name);
+ if (!Geary.String.is_empty(name)) {
+ // Some software uses single quotes instead of double
+ // quotes for name parts, which GMime ignores. Don't take
+ // those into account if present. See GNOME/geary#491.
+ if (name.length >= 2 &&
+ name[0] == '\'' &&
+ name[name.length - 1] == '\'') {
+ name = name.substring(1, name.length - 2);
+ }
+ }
+
bool ret = false;
if (!Geary.String.is_empty(name)) {
+ name = name.normalize().casefold();
string address = Geary.String.reduce_whitespace(
- this.address.normalize()
+ this.address.normalize().casefold()
);
- ret = !(address.normalize().casefold() in name.casefold());
+ ret = (name != address);
}
return ret;
}
diff --git a/test/engine/rfc822-mailbox-address-test.vala b/test/engine/rfc822-mailbox-address-test.vala
index ceb32381..b3f7547d 100644
--- a/test/engine/rfc822-mailbox-address-test.vala
+++ b/test/engine/rfc822-mailbox-address-test.vala
@@ -160,7 +160,9 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
assert(new MailboxAddress("example example com", "example example com").has_distinct_name() ==
false);
assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() ==
false);
assert(new MailboxAddress(" example example com ", "example example com").has_distinct_name() ==
false);
+
assert(new MailboxAddress("'example example com'", "example example com").has_distinct_name() ==
false);
+ assert(new MailboxAddress("'prefix-example example com'", "example example com").has_distinct_name()
== true);
}
public void is_spoofed() throws Error {
@@ -181,7 +183,7 @@ class Geary.RFC822.MailboxAddressTest : TestCase {
assert(new MailboxAddress("\n", "example example com").is_spoofed() == true);
assert(new MailboxAddress("test", "example@\nexample example com").is_spoofed() == true);
assert(new MailboxAddress("test", "example@example example com").is_spoofed() == true);
-
+ assert(new MailboxAddress("'prefix-example example com'", "example example com").is_spoofed() ==
true);
try {
assert(new
MailboxAddress.from_rfc822_string("\"=?utf-8?b?dGVzdCIgPHBvdHVzQHdoaXRlaG91c2UuZ292Pg==?==?utf-8?Q?=00=0A?=\"
<demo mailsploit com>")
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]