* Blank out the Envelope-to: header when reading messages via POP or IMAP. Resolves...

diff --git a/citadel/modules/imap/imap_fetch.c b/citadel/modules/imap/imap_fetch.c
index a311aa1ece44444f2c2b3845a50abce601150237..1adac79a59f40ff814dd91efc416436cddee10f0 100644 (file)
--- a/citadel/modules/imap/imap_fetch.c
+++ b/citadel/modules/imap/imap_fetch.c
@@ -175,7 +175,8 @@ void imap_fetch_rfc822(long msgnum, char *whichfmt) {
                CC->redirect_alloc = SIZ;
                CtdlOutputMsg(msgnum, MT_RFC822,
                        (need_body ? HEADERS_ALL : HEADERS_FAST),
-                             0, 1, NULL, 0);
+                       0, 1, NULL, SUPPRESS_ENV_TO
+               );
                if (!need_body) cprintf("\r\n");        /* extra trailing newline */
                IMAP->cached_rfc822_data = CC->redirect_buffer;
                IMAP->cached_rfc822_len = CC->redirect_len;
@@ -640,11 +641,11 @@ void imap_fetch_body(long msgnum, char *item, int is_peek) {
        }
 
        else if ( (!strcmp(section, "1")) && (msg->cm_format_type != 4) ) {
-               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, 0);
+               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, SUPPRESS_ENV_TO);
        }
 
        else if (!strcmp(section, "")) {
-               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ALL, 0, 1, 0);
+               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ALL, 0, 1, SUPPRESS_ENV_TO);
        }
 
        /*
@@ -656,7 +657,7 @@ void imap_fetch_body(long msgnum, char *item, int is_peek) {
                 * IMAP library and this broke Mail.App and iPhone Mail, so we had to change it
                 * to HEADERS_ONLY so the trendy hipsters with their iPhones can read mail.
                 */
-               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ONLY, 0, 1, 0);
+               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ONLY, 0, 1, SUPPRESS_ENV_TO);
                imap_strip_headers(section);
        }
 
@@ -664,7 +665,7 @@ void imap_fetch_body(long msgnum, char *item, int is_peek) {
         * Strip it down if the client asked for everything _except_ headers.
         */
        else if (!strncasecmp(section, "TEXT", 4)) {
-               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, 0);
+               CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, SUPPRESS_ENV_TO);
        }
 
        /*
@@ -908,7 +909,7 @@ void imap_fetch_bodystructure (long msgnum, char *item,
                CC->redirect_buffer = malloc(SIZ);
                CC->redirect_len = 0;
                CC->redirect_alloc = SIZ;
-               CtdlOutputPreLoadedMsg(msg, MT_RFC822, 0, 0, 1, 0);
+               CtdlOutputPreLoadedMsg(msg, MT_RFC822, 0, 0, 1, SUPPRESS_ENV_TO);
                rfc822 = CC->redirect_buffer;
                rfc822_len = CC->redirect_len;
                CC->redirect_buffer = NULL;

diff --git a/citadel/modules/pop3/serv_pop3.c b/citadel/modules/pop3/serv_pop3.c
index 79a6b592ba30f746002eae1c939a632cabd43f77..da6bda885262e383a765b55a2231df4c72b853e1 100644 (file)
--- a/citadel/modules/pop3/serv_pop3.c
+++ b/citadel/modules/pop3/serv_pop3.c
@@ -159,7 +159,7 @@ void pop3_add_message(long msgnum, void *userdata) {
                CC->redirect_buffer = malloc(SIZ);
                CC->redirect_len = 0;
                CC->redirect_alloc = SIZ;
-               CtdlOutputMsg(msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, 0);
+               CtdlOutputMsg(msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, SUPPRESS_ENV_TO);
                smi.meta_rfc822_length = CC->redirect_len;
                free(CC->redirect_buffer);
                CC->redirect_buffer = NULL;
@@ -373,7 +373,10 @@ void pop3_retr(char *argbuf) {
        }
 
        cprintf("+OK Message %d:\r\n", which_one);
-       CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, ESC_DOT);
+       CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum,
+               MT_RFC822, HEADERS_ALL, 0, 1, NULL,
+               (ESC_DOT|SUPPRESS_ENV_TO)
+       );
        cprintf(".\r\n");
 }
 
@@ -405,8 +408,7 @@ void pop3_top(char *argbuf) {
        CC->redirect_buffer = malloc(SIZ);
        CC->redirect_len = 0;
        CC->redirect_alloc = SIZ;
-       CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum,
-                     MT_RFC822, HEADERS_ALL, 0, 1, NULL, 0);
+       CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, SUPPRESS_ENV_TO);
        msgtext = CC->redirect_buffer;
        CC->redirect_buffer = NULL;
        CC->redirect_len = 0;

diff --git a/citadel/msgbase.c b/citadel/msgbase.c
index 7b4873cee126a5ee59332e3f4c5e958416357fc7..d5be1bb33ff99ed7d997f2380a0316cff8df026b 100644 (file)
--- a/citadel/msgbase.c
+++ b/citadel/msgbase.c
@@ -1441,7 +1441,7 @@ int CtdlOutputMsg(long msg_num,           /* message number (local) to fetch */
                  int do_proto,         /* do Citadel protocol responses? */
                  int crlf,             /* Use CRLF newlines instead of LF? */
                  char *section,        /* NULL or a message/rfc822 section */
-                 int flags             /* should the bessage be exported clean? */
+                 int flags             /* various flags; see msgbase.h */
 ) {
        struct CtdlMessage *TheMessage = NULL;
        int retcode = om_no_such_msg;
@@ -1707,6 +1707,13 @@ int CtdlOutputPreLoadedMsg(
                return(om_no_such_msg);
        }
 
+       /* Suppress envelope recipients if required to avoid disclosing BCC addresses.
+        * Pad it with spaces in order to avoid changing the RFC822 length of the message.
+        */
+       if ( (flags & SUPPRESS_ENV_TO) && (TheMessage->cm_fields['V'] != NULL) ) {
+               memset(TheMessage->cm_fields['V'], ' ', strlen(TheMessage->cm_fields['V']));
+       }
+               
        /* Are we downloading a MIME component? */
        if (mode == MT_DOWNLOAD) {
                if (TheMessage->cm_format_type != FMT_RFC822) {
@@ -1814,7 +1821,7 @@ int CtdlOutputPreLoadedMsg(
                      if (haschar(TheMessage->cm_fields['N'], '.') == 0) {
                        suppress_f = 1;
                }
-               
+
                /* Now spew the header fields in the order we like them. */
                safestrncpy(allkeys, FORDER, sizeof allkeys);
                for (i=0; i<strlen(allkeys); ++i) {

diff --git a/citadel/msgbase.h b/citadel/msgbase.h
index 56f2488249358035514925632b27116a1a9b2737..beced22efd3e7c7ed65aeaf45d4a5f993bfad01c 100644 (file)
--- a/citadel/msgbase.h
+++ b/citadel/msgbase.h
@@ -151,9 +151,11 @@ int CtdlOutputMsg(long msg_num,            /* message number (local) to fetch */
                  int flags             /* should the bessage be exported clean? */
 );
 
-#define QP_EADDR (1<<0)
-#define CRLF (1<<1)
-#define ESC_DOT (1<<2)
+/* Flags which may be passed to CtdlOutputMsg() and CtdlOutputPreLoadedMsg() */
+#define QP_EADDR       (1<<0)          /* quoted-printable encode email addresses */
+#define CRLF           (1<<1)
+#define ESC_DOT                (1<<2)          /* output a line containing only "." as ".." instead */
+#define SUPPRESS_ENV_TO        (1<<3)          /* suppress Envelope-to: header (warning: destructive!) */
 
 int CtdlOutputPreLoadedMsg(struct CtdlMessage *,
                           int mode,            /* how would you like that message? */