fix: always prefer the last header #7000
Merged
+8
−34
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
link2xt
force-pushed
the
link2xt/prefer-last-header
branch
from
b40d2d4 to
f4d20bb
Compare
|
Unless I overlook something, probably makes sense to merge this first and rebase #6370 on top of this. This seems to be in line with https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/ (future RFC 9788), protected headers should always be preferred over non-protected ones. |
Septias
approved these changes
Jul 13, 2025
Headers are normally added at the top of the message, e.g. when forwarding new `Received` headers are added at the top. When headers are protected with DKIM-Signature and oversigning is not used, forged headers may be added on top so headers from the top are generally less trustworthy. This is tested with `test_take_last_header`, but so far last header was only preferred for known headers. This change extends preference of the last header to all headers.
link2xt
force-pushed
the
link2xt/prefer-last-header
branch
from
f4d20bb to
1c97d11
Compare
iequidoo
reviewed
Jul 14, 2025
| @@ -2009,28 +2005,6 @@ pub(crate) fn parse_message_id(ids: &str) -> Result<String> { | |||
| } | |||
| } | |||
|
|
|||
| /// Returns true if the header overwrites outer header | |||
| /// when it comes from protected headers. | |||
| fn is_known(key: &str) -> bool { | |||
There was a problem hiding this comment.
This function is needed anyway because i want to use it in #6370 (because protected headers must be removed from the IMF section. Currently it's done using the list of headers under the if !signatures.is_empty() condition, but that list is incomplete and that condition doesn't handle signed-only messages).
But it's renamed and modified by that PR anyway, so for now it's fine to remove it
iequidoo
approved these changes
Jul 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Headers are normally added at the top of the message, e.g. when forwarding new
Receivedheaders areadded at the top.
When headers are protected with DKIM-Signature
and oversigning is not used,
forged headers may be added on top
so headers from the top are generally less trustworthy.
This is tested with
test_take_last_header,but so far last header was only preferred
for known headers. This change extends
preference of the last header to all headers.