ncrypt/crypt.c: Protect address lists in header fields

alejandro-colomar · flatcap · commit 913a991a5a8a · 2024-05-08T09:14:33.000+01:00
... except Bcc, for obvious reasons. There are several attacks that are possible if the To, Cc, and similar header fields are not protected. One of them is: - The metadata of a signed+encrypted message can be modified (without decrypting it), to add a malicious recipient. Subsequent replies to the thread will likely also encrypt to the malicious recipient, disclosing secret data. Read the links below for a more detailed explanation of the problem. Link: <#4223> Link: <#4226> Cc: Richard Russon <rich@flatcap.org> Signed-off-by: Alejandro Colomar <alx@kernel.org>
diff --git a/ncrypt/crypt.c b/ncrypt/crypt.c
@@ -271,8 +271,15 @@ int mutt_protect(struct Email *e, char *keylist, bool postpone)
   {
     struct Envelope *protected_headers = mutt_env_new();
     mutt_env_set_subject(protected_headers, e->env->subject);
-    /* Note: if other headers get added, such as to, cc, then a call to
-     * mutt_env_to_intl() will need to be added here too. */
+    mutt_addrlist_copy(&protected_headers->return_path, &e->env->return_path, false);
+    mutt_addrlist_copy(&protected_headers->from, &e->env->from, false);
+    mutt_addrlist_copy(&protected_headers->to, &e->env->to, false);
+    mutt_addrlist_copy(&protected_headers->cc, &e->env->cc, false);
+    mutt_addrlist_copy(&protected_headers->sender, &e->env->sender, false);
+    mutt_addrlist_copy(&protected_headers->reply_to, &e->env->reply_to, false);
+    mutt_addrlist_copy(&protected_headers->mail_followup_to, &e->env->mail_followup_to, false);
+    mutt_addrlist_copy(&protected_headers->x_original_to, &e->env->x_original_to, false);
+    mutt_env_to_intl(protected_headers, NULL, NULL);
     mutt_prepare_envelope(protected_headers, 0, NeoMutt->sub);
 
     mutt_env_free(&e->body->mime_headers);
