From e968692a1a4889eccab3ed5b4f15238816de0670 Mon Sep 17 00:00:00 2001 From: Art Cancro Date: Mon, 12 Oct 2009 20:59:21 +0000 Subject: [PATCH] * Blank out the Envelope-to: header when reading messages via POP or IMAP. Resolves bug #361. --- citadel/modules/imap/imap_fetch.c | 13 +++++++------ citadel/modules/pop3/serv_pop3.c | 10 ++++++---- citadel/msgbase.c | 11 +++++++++-- citadel/msgbase.h | 8 +++++--- 4 files changed, 27 insertions(+), 15 deletions(-) diff --git a/citadel/modules/imap/imap_fetch.c b/citadel/modules/imap/imap_fetch.c index a311aa1ec..1adac79a5 100644 --- a/citadel/modules/imap/imap_fetch.c +++ b/citadel/modules/imap/imap_fetch.c @@ -175,7 +175,8 @@ void imap_fetch_rfc822(long msgnum, char *whichfmt) { CC->redirect_alloc = SIZ; CtdlOutputMsg(msgnum, MT_RFC822, (need_body ? HEADERS_ALL : HEADERS_FAST), - 0, 1, NULL, 0); + 0, 1, NULL, SUPPRESS_ENV_TO + ); if (!need_body) cprintf("\r\n"); /* extra trailing newline */ IMAP->cached_rfc822_data = CC->redirect_buffer; IMAP->cached_rfc822_len = CC->redirect_len; @@ -640,11 +641,11 @@ void imap_fetch_body(long msgnum, char *item, int is_peek) { } else if ( (!strcmp(section, "1")) && (msg->cm_format_type != 4) ) { - CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, 0); + CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, SUPPRESS_ENV_TO); } else if (!strcmp(section, "")) { - CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ALL, 0, 1, 0); + CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ALL, 0, 1, SUPPRESS_ENV_TO); } /* @@ -656,7 +657,7 @@ void imap_fetch_body(long msgnum, char *item, int is_peek) { * IMAP library and this broke Mail.App and iPhone Mail, so we had to change it * to HEADERS_ONLY so the trendy hipsters with their iPhones can read mail. */ - CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ONLY, 0, 1, 0); + CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_ONLY, 0, 1, SUPPRESS_ENV_TO); imap_strip_headers(section); } @@ -664,7 +665,7 @@ void imap_fetch_body(long msgnum, char *item, int is_peek) { * Strip it down if the client asked for everything _except_ headers. */ else if (!strncasecmp(section, "TEXT", 4)) { - CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, 0); + CtdlOutputPreLoadedMsg(msg, MT_RFC822, HEADERS_NONE, 0, 1, SUPPRESS_ENV_TO); } /* @@ -908,7 +909,7 @@ void imap_fetch_bodystructure (long msgnum, char *item, CC->redirect_buffer = malloc(SIZ); CC->redirect_len = 0; CC->redirect_alloc = SIZ; - CtdlOutputPreLoadedMsg(msg, MT_RFC822, 0, 0, 1, 0); + CtdlOutputPreLoadedMsg(msg, MT_RFC822, 0, 0, 1, SUPPRESS_ENV_TO); rfc822 = CC->redirect_buffer; rfc822_len = CC->redirect_len; CC->redirect_buffer = NULL; diff --git a/citadel/modules/pop3/serv_pop3.c b/citadel/modules/pop3/serv_pop3.c index 79a6b592b..da6bda885 100644 --- a/citadel/modules/pop3/serv_pop3.c +++ b/citadel/modules/pop3/serv_pop3.c @@ -159,7 +159,7 @@ void pop3_add_message(long msgnum, void *userdata) { CC->redirect_buffer = malloc(SIZ); CC->redirect_len = 0; CC->redirect_alloc = SIZ; - CtdlOutputMsg(msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, 0); + CtdlOutputMsg(msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, SUPPRESS_ENV_TO); smi.meta_rfc822_length = CC->redirect_len; free(CC->redirect_buffer); CC->redirect_buffer = NULL; @@ -373,7 +373,10 @@ void pop3_retr(char *argbuf) { } cprintf("+OK Message %d:\r\n", which_one); - CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, ESC_DOT); + CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum, + MT_RFC822, HEADERS_ALL, 0, 1, NULL, + (ESC_DOT|SUPPRESS_ENV_TO) + ); cprintf(".\r\n"); } @@ -405,8 +408,7 @@ void pop3_top(char *argbuf) { CC->redirect_buffer = malloc(SIZ); CC->redirect_len = 0; CC->redirect_alloc = SIZ; - CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum, - MT_RFC822, HEADERS_ALL, 0, 1, NULL, 0); + CtdlOutputMsg(POP3->msgs[which_one - 1].msgnum, MT_RFC822, HEADERS_ALL, 0, 1, NULL, SUPPRESS_ENV_TO); msgtext = CC->redirect_buffer; CC->redirect_buffer = NULL; CC->redirect_len = 0; diff --git a/citadel/msgbase.c b/citadel/msgbase.c index 7b4873cee..d5be1bb33 100644 --- a/citadel/msgbase.c +++ b/citadel/msgbase.c @@ -1441,7 +1441,7 @@ int CtdlOutputMsg(long msg_num, /* message number (local) to fetch */ int do_proto, /* do Citadel protocol responses? */ int crlf, /* Use CRLF newlines instead of LF? */ char *section, /* NULL or a message/rfc822 section */ - int flags /* should the bessage be exported clean? */ + int flags /* various flags; see msgbase.h */ ) { struct CtdlMessage *TheMessage = NULL; int retcode = om_no_such_msg; @@ -1707,6 +1707,13 @@ int CtdlOutputPreLoadedMsg( return(om_no_such_msg); } + /* Suppress envelope recipients if required to avoid disclosing BCC addresses. + * Pad it with spaces in order to avoid changing the RFC822 length of the message. + */ + if ( (flags & SUPPRESS_ENV_TO) && (TheMessage->cm_fields['V'] != NULL) ) { + memset(TheMessage->cm_fields['V'], ' ', strlen(TheMessage->cm_fields['V'])); + } + /* Are we downloading a MIME component? */ if (mode == MT_DOWNLOAD) { if (TheMessage->cm_format_type != FMT_RFC822) { @@ -1814,7 +1821,7 @@ int CtdlOutputPreLoadedMsg( if (haschar(TheMessage->cm_fields['N'], '.') == 0) { suppress_f = 1; } - + /* Now spew the header fields in the order we like them. */ safestrncpy(allkeys, FORDER, sizeof allkeys); for (i=0; i