[evolution/gnome-41] I#1621 - Prevent IDN homograph attacks



commit 349cb9bbe9b57bfb5dbd49ad06a87af3a0bc1234
Author: Milan Crha <mcrha redhat com>
Date:   Thu Sep 30 14:46:31 2021 +0200

    I#1621 - Prevent IDN homograph attacks
    
    Closes https://gitlab.gnome.org/GNOME/evolution/-/issues/1621

 src/e-util/e-misc-utils.c              |  1 +
 src/em-format/e-mail-formatter-utils.c | 12 +++++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)
---
diff --git a/src/e-util/e-misc-utils.c b/src/e-util/e-misc-utils.c
index fdfca25572..74c774a8ff 100644
--- a/src/e-util/e-misc-utils.c
+++ b/src/e-util/e-misc-utils.c
@@ -4586,6 +4586,7 @@ e_util_get_uri_tooltip (const gchar *uri)
        curl = camel_url_new (uri, NULL);
        address = camel_internet_address_new ();
        camel_address_decode (CAMEL_ADDRESS (address), curl->path);
+       camel_internet_address_sanitize_ascii_domain (address);
        who = camel_address_format (CAMEL_ADDRESS (address));
        g_object_unref (address);
        camel_url_free (curl);
diff --git a/src/em-format/e-mail-formatter-utils.c b/src/em-format/e-mail-formatter-utils.c
index 26391063a5..929da58db6 100644
--- a/src/em-format/e-mail-formatter-utils.c
+++ b/src/em-format/e-mail-formatter-utils.c
@@ -128,7 +128,7 @@ e_mail_formatter_format_address (EMailFormatter *formatter,
                                  gboolean elipsize)
 {
        CamelMimeFilterToHTMLFlags flags;
-       gchar *name, *mailto, *addr;
+       gchar *name, *mailto, *addr, *sanitized_addr;
        gint i = 0;
        gchar *str = NULL;
        gint limit = mail_config_get_address_count ();
@@ -148,6 +148,7 @@ e_mail_formatter_format_address (EMailFormatter *formatter,
 
                switch (a->type) {
                case CAMEL_HEADER_ADDRESS_NAME:
+                       sanitized_addr = camel_utils_sanitize_ascii_domain_in_address (a->v.addr, TRUE);
                        if (name != NULL && *name != '\0') {
                                gchar *real, *mailaddr;
 
@@ -162,23 +163,24 @@ e_mail_formatter_format_address (EMailFormatter *formatter,
 
                                /* rfc2368 for mailto syntax and url encoding extras */
                                if ((real = camel_header_encode_phrase ((guchar *) a->name))) {
-                                       mailaddr = g_strdup_printf ("%s <%s>", real, a->v.addr);
+                                       mailaddr = g_strdup_printf ("%s <%s>", real, sanitized_addr ? 
sanitized_addr : a->v.addr);
                                        g_free (real);
                                        mailto = camel_url_encode (mailaddr, "?=&()");
                                        g_free (mailaddr);
                                } else {
-                                       mailto = camel_url_encode (a->v.addr, "?=&()");
+                                       mailto = camel_url_encode (sanitized_addr ? sanitized_addr : 
a->v.addr, "?=&()");
                                }
                        } else {
-                               mailto = camel_url_encode (a->v.addr, "?=&()");
+                               mailto = camel_url_encode (sanitized_addr ? sanitized_addr : a->v.addr, 
"?=&()");
                        }
-                       addr = camel_text_to_html (a->v.addr, flags, 0);
+                       addr = camel_text_to_html (sanitized_addr ? sanitized_addr : a->v.addr, flags, 0);
                        if (no_links)
                                g_string_append_printf (out, "%s", addr);
                        else if (!show_mails && name && *name)
                                g_string_append_printf (out, "<a href=\"mailto:%s\";>%s</a>", mailto, name);
                        else
                                g_string_append_printf (out, "<a href=\"mailto:%s\";>%s</a>", mailto, addr);
+                       g_free (sanitized_addr);
                        g_free (mailto);
                        g_free (addr);
 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]