Skip to content

Commit 499f36c

Browse files
link2xtlink2xt
committed
fix: require that Autocrypt Setup Message is self-sent
1 parent c1ccfcc commit 499f36c

File tree

2 files changed

+24
-2
lines changed

2 files changed

+24
-2
lines changed

src/imex.rs

Lines changed: 23 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -827,7 +827,7 @@ mod tests {
827827
use crate::key;
828828
use crate::pgp::{split_armored_data, HEADER_AUTOCRYPT, HEADER_SETUPCODE};
829829
use crate::stock_str::StockMessage;
830-
use crate::test_utils::{alice_keypair, TestContext};
830+
use crate::test_utils::{alice_keypair, TestContext, TestContextManager};
831831

832832
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
833833
async fn test_render_setup_file() {
@@ -1133,6 +1133,7 @@ mod tests {
11331133
alice2.configure_addr("alice@example.org").await;
11341134
alice2.recv_msg(&sent).await;
11351135
let msg = alice2.get_last_msg().await;
1136+
assert!(msg.is_setupmessage());
11361137

11371138
// Send a message that cannot be decrypted because the keys are
11381139
// not synchronized yet.
@@ -1150,4 +1151,25 @@ mod tests {
11501151

11511152
Ok(())
11521153
}
1154+
1155+
/// Tests that Autocrypt Setup Messages is only clickable if it is self-sent.
1156+
/// This prevents Bob from tricking Alice into changing the key
1157+
/// by sending her an Autocrypt Setup Message as long as Alice's server
1158+
/// does not allow to forge the `From:` header.
1159+
#[tokio::test(flavor = "multi_thread", worker_threads = 2)]
1160+
async fn test_key_transfer_non_self_sent() -> Result<()> {
1161+
let mut tcm = TestContextManager::new();
1162+
let alice = tcm.alice().await;
1163+
let bob = tcm.bob().await;
1164+
1165+
let _setup_code = initiate_key_transfer(&alice).await?;
1166+
1167+
// Get Autocrypt Setup Message.
1168+
let sent = alice.pop_sent_msg().await;
1169+
1170+
let rcvd = bob.recv_msg(&sent).await;
1171+
assert!(!rcvd.is_setupmessage());
1172+
1173+
Ok(())
1174+
}
11531175
}

src/mimeparser.rs

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -510,7 +510,7 @@ impl MimeMessage {
510510

511511
/// Parses system messages.
512512
fn parse_system_message_headers(&mut self, context: &Context) {
513-
if self.get_header(HeaderDef::AutocryptSetupMessage).is_some() {
513+
if self.get_header(HeaderDef::AutocryptSetupMessage).is_some() && !self.incoming {
514514
self.parts.retain(|part| {
515515
part.mimetype.is_none()
516516
|| part.mimetype.as_ref().unwrap().as_ref() == MIME_AC_SETUP_FILE

0 commit comments

Comments
 (0)