fix bug "[ 537413 ] false varification of pgp-signature"
authorColin Leroy <colin@colino.net>
Mon, 23 Sep 2002 22:57:32 +0000 (22:57 +0000)
committerColin Leroy <colin@colino.net>
Mon, 23 Sep 2002 22:57:32 +0000 (22:57 +0000)
(false pgp-signature attachment named Good signature)

ChangeLog.claws
configure.in
src/procmime.c

index 3d51de2..97fc7df 100644 (file)
@@ -1,3 +1,10 @@
+2002-09-24 [colin]     0.8.3claws17
+
+       * src/procmime.c
+               Do not display name or filename for attachments
+               with an application/pgp-signature type
+               (security flaw, see bug 537413)
+
 2002-09-23 [colin]     0.8.3claws16
 
        * src/editaddress.c
index 911b795..ab7a2be 100644 (file)
@@ -10,7 +10,7 @@ MINOR_VERSION=8
 MICRO_VERSION=3
 INTERFACE_AGE=0
 BINARY_AGE=0
-EXTRA_VERSION=claws16
+EXTRA_VERSION=claws17
 VERSION=$MAJOR_VERSION.$MINOR_VERSION.$MICRO_VERSION$EXTRA_VERSION
 
 dnl set $target
index 7c07a70..64bbcf2 100644 (file)
@@ -403,7 +403,9 @@ void procmime_scan_content_type(MimeInfo *mimeinfo, const gchar *content_type)
                                Xalloca(tmp, len, return);
                                conv_unmime_header(tmp, len, value, NULL);
                                g_free(mimeinfo->name);
-                               mimeinfo->name = g_strdup(tmp);
+                               /*pgp signatures should NOT have a name */
+                               if (strcasecmp(mimeinfo->content_type, "application/pgp-signature"))
+                                       mimeinfo->name = g_strdup(tmp);
                        } else if (!strcasecmp(attr, "boundary"))
                                mimeinfo->boundary = g_strdup(value);
                }
@@ -467,7 +469,9 @@ void procmime_scan_content_disposition(MimeInfo *mimeinfo,
                                Xalloca(tmp, len, return);
                                conv_unmime_header(tmp, len, value, NULL);
                                g_free(mimeinfo->filename);
-                               mimeinfo->filename = g_strdup(tmp);
+                               /*pgp signatures should NOT have a name */
+                               if (strcasecmp(mimeinfo->content_type, "application/pgp-signature"))
+                                       mimeinfo->filename = g_strdup(tmp);
                                break;
                        }
                }
@@ -498,7 +502,9 @@ void procmime_scan_content_description(MimeInfo *mimeinfo,
        Xalloca(tmp, blen, return);
        conv_unmime_header(tmp, blen, buf, NULL);
        g_free(mimeinfo->name);
-       mimeinfo->name = g_strdup(tmp);
+       /*pgp signatures should NOT have a name */
+       if (strcasecmp(mimeinfo->content_type, "application/pgp-signature"))
+               mimeinfo->name = g_strdup(tmp);
 }
 
 void procmime_scan_subject(MimeInfo *mimeinfo,