Package: evolution / 3.30.5-1.1

CVE-2018-15587-Show-security-bar-above-message-headers.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
From: Jonas Meurer <jonas@freesources.org>
Date: Tue, 23 Apr 2019 14:29:02 +0200
Subject: CVE-2018-15587: Show security bar above message headers

From: Milan Crha <mcrha@redhat.com>
Subject: [PATCH] I#120 - Show security bar above message headers
Origin: upstream, https://gitlab.gnome.org/GNOME/evolution/commit/9c55a311
Bug: https://gitlab.gnome.org/GNOME/evolution/issues/120
Bug-Debian: https://bugs.debian.org/924616
---
 src/em-format/e-mail-parser.c | 63 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 63 insertions(+)

diff --git a/src/em-format/e-mail-parser.c b/src/em-format/e-mail-parser.c
index 793d891..c81bcc2 100644
--- a/src/em-format/e-mail-parser.c
+++ b/src/em-format/e-mail-parser.c
@@ -79,6 +79,67 @@ GType e_mail_parser_application_smime_get_type (void);
 
 static gpointer parent_class;
 
+static void
+mail_parser_move_security_before_headers (GQueue *part_queue)
+{
+	GList *link, *last_headers = NULL;
+	GSList *headers_stack = NULL;
+
+	link = g_queue_peek_head_link (part_queue);
+	while (link) {
+		EMailPart *part = link->data;
+		const gchar *id;
+
+		if (!part) {
+			link = g_list_next (link);
+			continue;
+		}
+
+		id = e_mail_part_get_id (part);
+		if (!id) {
+			link = g_list_next (link);
+			continue;
+		}
+
+		if (g_str_has_suffix (id, ".rfc822")) {
+			headers_stack = g_slist_prepend (headers_stack, last_headers);
+			last_headers = NULL;
+		} else if (g_str_has_suffix (id, ".rfc822.end")) {
+			g_warn_if_fail (headers_stack != NULL);
+
+			if (headers_stack) {
+				last_headers = headers_stack->data;
+				headers_stack = g_slist_remove (headers_stack, last_headers);
+			} else {
+				last_headers = NULL;
+			}
+		}
+
+		if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.headers") == 0) {
+			last_headers = link;
+			link = g_list_next (link);
+		} else if (g_strcmp0 (e_mail_part_get_mime_type (part), "application/vnd.evolution.secure-button") == 0) {
+			g_warn_if_fail (last_headers != NULL);
+
+			if (last_headers) {
+				GList *next = g_list_next (link);
+
+				g_warn_if_fail (g_queue_remove (part_queue, part));
+				g_queue_insert_before (part_queue, last_headers, part);
+
+				link = next;
+			} else {
+				link = g_list_next (link);
+			}
+		} else {
+			link = g_list_next (link);
+		}
+	}
+
+	g_warn_if_fail (headers_stack == NULL);
+	g_slist_free (headers_stack);
+}
+
 static void
 mail_parser_run (EMailParser *parser,
                  EMailPartList *part_list,
@@ -142,6 +203,8 @@ mail_parser_run (EMailParser *parser,
 			break;
 	}
 
+	mail_parser_move_security_before_headers (&mail_part_queue);
+
 	while (!g_queue_is_empty (&mail_part_queue)) {
 		mail_part = g_queue_pop_head (&mail_part_queue);
 		e_mail_part_list_add_part (part_list, mail_part);