mutt/2180: mutt / gpgme does a case sensitive check of sender's domainname
>Number: 2180
>Notify-List:
>Category: mutt
>Synopsis: mutt / gpgme does a case sensitive check of sender's domainname
>Confidential: no
>Severity: normal
>Priority: medium
>Responsible: mutt-dev
>State: open
>Keywords:
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Thu Feb 09 15:58:48 +0100 2006
>Originator: Christoph Ludwig
>Release: 1.5.11 (CVS from 2006-02-09)
>Organization:
>Environment:
>Description:
RFC 2821 reads (Sect. 2.4):
SMTP implementations MUST take care to preserve
the case of mailbox local-parts. Mailbox domains
are not case sensitive.
However, the function verify_sender() in crypt-gpgme.c that is used to verify
the From: header against the email address stated in the signer's x509
certificate compares the complete address in a case sensitive manner.
There is a mail server at our site that that I cannot control and that changes
the domain name part from fh-worms.de into Fh-Worms.de. Therefore, whenever I
open a mail from someone at fh-worms.de, mutt mistakenly complains that the
signer's certificate does not belong to the sender.
>How-To-Repeat:
>Fix:
The attached patch (against the CVS as of 2005-02-09) fixes this problem. It
additionally fixes a not initialized variable in decrypt_part() that might be
accessed in some code path.
>Add-To-Audit-Trail:
>Unformatted:
----gnatsweb-attachment----
Content-Type: text/x-diff; name="mutt-domainname.patch"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="mutt-domainname.patch"
SW5kZXg6IGNyeXB0LWdwZ21lLmMKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2hvbWUvcm9lc3NsZXIv
Y3ZzL211dHQvY3J5cHQtZ3BnbWUuYyx2CnJldHJpZXZpbmcgcmV2aXNpb24gMy4xMApkaWZmIC11
IC11IC1yMy4xMCBjcnlwdC1ncGdtZS5jCi0tLSBjcnlwdC1ncGdtZS5jCTIxIE9jdCAyMDA1IDA0
OjM1OjM3IC0wMDAwCTMuMTAKKysrIGNyeXB0LWdwZ21lLmMJOSBGZWIgMjAwNiAxNDo1NzozNiAt
MDAwMApAQCAtMTQ0MSw3ICsxNDQxLDcgQEAKIHsKICAgc3RydWN0IHN0YXQgaW5mbzsKICAgQk9E
WSAqdGF0dGFjaDsKLSAgaW50IGVycjsKKyAgaW50IGVyciA9IDA7CiAgIGdwZ21lX2N0eF90IGN0
eDsKICAgZ3BnbWVfZGF0YV90IGNpcGhlcnRleHQsIHBsYWludGV4dDsKICAgaW50IG1heWJlX3Np
Z25lZCA9IDA7CkBAIC00MjQxLDkgKzQyNDEsMzkgQEAKIAkgICAgICBpZiAoMQogCQkgICYmICh1
aWQtPmVtYWlsWzBdID09ICc8JykKIAkJICAmJiAodWlkLT5lbWFpbFt1aWRfbGVuZ3RoIC0gMV0g
PT0gJz4nKQotCQkgICYmICh1aWRfbGVuZ3RoID09IHNlbmRlcl9sZW5ndGggKyAyKQotCQkgICYm
ICghIHN0cm5jbXAgKHVpZC0+ZW1haWwgKyAxLCBzZW5kZXItPm1haWxib3gsIHNlbmRlcl9sZW5n
dGgpKSkKLQkJcmV0ID0gMDsKKwkJICAmJiAodWlkX2xlbmd0aCA9PSBzZW5kZXJfbGVuZ3RoICsg
MikpCisgICAgICAgICAgICAgICAgeworICAgICAgICAgICAgICAgICAgY29uc3QgY2hhciogYXRf
c2lnbiA9IHN0cmNocih1aWQtPmVtYWlsICsgMSwgJ0AnKTsKKyAgICAgICAgICAgICAgICAgIGlm
IChhdF9zaWduID09IE5VTEwpCisgICAgICAgICAgICAgICAgICAgIHsKKyAgICAgICAgICAgICAg
ICAgICAgICBpZiAoISBzdHJuY21wICh1aWQtPmVtYWlsICsgMSwgc2VuZGVyLT5tYWlsYm94LCBz
ZW5kZXJfbGVuZ3RoKSkKKyAgICAgICAgICAgICAgICAgICAgICAgIHJldCA9IDA7CisgICAgICAg
ICAgICAgICAgICAgIH0KKyAgICAgICAgICAgICAgICAgIGVsc2UKKyAgICAgICAgICAgICAgICAg
ICAgeworICAgICAgICAgICAgICAgICAgICAgIC8qCisgICAgICAgICAgICAgICAgICAgICAgICog
QXNzdW1lIGFkZHJlc3MgaXMgJ21haWxib3hAZG9tYWlubmFtZScuCisgICAgICAgICAgICAgICAg
ICAgICAgICogVGhlIG1haWxib3ggcGFydCBpcyBjYXNlLXNlbnNpdGl2ZSwKKyAgICAgICAgICAg
ICAgICAgICAgICAgKiB0aGUgZG9tYWlubmFtZSBpcyBub3QuIChSRkMgMjgyMSkKKyAgICAgICAg
ICAgICAgICAgICAgICAgKi8KKyAgICAgICAgICAgICAgICAgICAgICBjb25zdCBjaGFyKiB0bXBf
ZW1haWwgPSB1aWQtPmVtYWlsICsgMTsKKyAgICAgICAgICAgICAgICAgICAgICBjb25zdCBjaGFy
KiB0bXBfc2VuZGVyID0gc2VuZGVyLT5tYWlsYm94OworICAgICAgICAgICAgICAgICAgICAgIC8q
IGxlbmd0aCBvZiBtYWlsYm94IHBhcnQgaW5jbHVkaW5nICdAJyAqLworICAgICAgICAgICAgICAg
ICAgICAgIGludCBtYWlsYm94X2xlbmd0aCA9IGF0X3NpZ24gLSB0bXBfZW1haWwgKyAxOworICAg
ICAgICAgICAgICAgICAgICAgIGludCBkb21haW5uYW1lX2xlbmd0aCA9IHNlbmRlcl9sZW5ndGgg
LSBtYWlsYm94X2xlbmd0aDsKKworICAgICAgICAgICAgICAgICAgICAgIGludCBtYWlsYm94X21h
dGNoID0gKCEgc3RybmNtcCAodG1wX2VtYWlsLAorICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgdG1wX3NlbmRlciwKKyAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIG1haWxib3hfbGVuZ3RoKSk7Cisg
ICAgICAgICAgICAgICAgICAgICAgdG1wX2VtYWlsICs9IG1haWxib3hfbGVuZ3RoOworICAgICAg
ICAgICAgICAgICAgICAgIHRtcF9zZW5kZXIgKz0gbWFpbGJveF9sZW5ndGg7CisgICAgICAgICAg
ICAgICAgICAgICAgaW50IGRvbWFpbm5hbWVfbWF0Y2ggPSAoISBzdHJuY2FzZWNtcCAodG1wX2Vt
YWlsLAorICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgIHRtcF9zZW5kZXIsCisgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgZG9tYWlubmFtZV9sZW5ndGgpKTsKKyAgICAgICAg
ICAgICAgICAgICAgICBpZiAobWFpbGJveF9tYXRjaCAmJiBkb21haW5uYW1lX21hdGNoKQorICAg
ICAgICAgICAgICAgICAgICAgICAgcmV0ID0gMDsKKyAgICAgICAgICAgICAgICAgICAgfQorICAg
ICAgICAgICAgICAgIH0KIAkgICAgfQogCX0KICAgICAgIGVsc2UK