1. 31 Jan, 2018 2 commits
    • Michael Gratton's avatar
      Ensure mailbox addresses escaped correctly when formatted as RFC 822. · 8810e957
      Michael Gratton authored
      * src/engine/rfc822/rfc822-mailbox-address.vala (MailboxAddress): Escape
        and encode name and mailbox (local-part) when serialising as a RFC 822
        string. Provide a means to get a RFC 822 version of the address only
        for SMTP. Add unit tests.
      
      * src/engine/smtp/smtp-request.vala (MailRequest): Use proper RFC 822
        formatted version of mailbox addresses.
      8810e957
    • Michael Gratton's avatar
      Check for spoofed sender addresses, only display the address if so. · 71e0e683
      Michael Gratton authored
      This adds a check for malware spoofing of RFC 822 mailbox addresses such
      as those found in Mailsploit, and if found only displays the email
      address part and not the mailbox name part.
      
      Part 1 of Mailsploit mitigation.
      
      * src/engine/rfc822/rfc822-mailbox-address.vala (MailboxAddress): Add new
        is_spoofed method to check if the mailbox address looks like it has
        been spoofed. Add is_distinct method to determine if the name and the
        label is the same. Do whitespace and non-printing character stripping
        when generating display versions of the mailbox address, rename methods
        to make it more obvious what they do and update call sites. Add unit
        tests to cover all this.
      
      * src/client/conversation-viewer/conversation-message.vala
        (ConversationMessage): Check name is distinct and is not valid before
        displaying it. Use new MailboxAddress methods for getting display
        versions of the address, to ensure we get the stripped versions of the
        addresses.
      
      * src/client/conversation-list/formatted-conversation-data.vala
        (ParticipantDisplay): Ensure full addresses are always HTML-markup
        escaped before displaying them as markup, to avoid dropping "<address>"
        values as invalid HTML. Always show the full address if an address is
        invalid.
      
      * src/engine/util/util-string.vala (reduce_whitespace): Strip not only
        whitespace but also non-printing characters. Add unit tests.
      71e0e683
  2. 18 Dec, 2017 1 commit
  3. 04 Dec, 2017 1 commit
  4. 13 Dec, 2016 1 commit