From 1544ad3a69ff1f19993eb7081f2ed09f9d12fc3a Mon Sep 17 00:00:00 2001 From: Vibha Yadav Date: Thu, 15 Sep 2011 18:03:53 +0530 Subject: Bug #657374 - mailto: attachment parameter can lead to accidental data exfiltration Through warning on attaching Hidden/security files by mailto command. --- composer/e-msg-composer.c | 30 ++++++++++++++++++++++++++++++ mail/mail.error.xml | 5 +++++ 2 files changed, 35 insertions(+) diff --git a/composer/e-msg-composer.c b/composer/e-msg-composer.c index c41c4019b3..0eaf3caa6b 100644 --- a/composer/e-msg-composer.c +++ b/composer/e-msg-composer.c @@ -128,6 +128,8 @@ static void handle_multipart_signed (EMsgComposer *composer, static void e_msg_composer_alert_sink_init (EAlertSinkInterface *interface); +gboolean check_blacklisted_file (gchar *filename); + G_DEFINE_TYPE_WITH_CODE ( EMsgComposer, e_msg_composer, @@ -4003,6 +4005,28 @@ merge_always_cc_and_bcc (EComposerHeaderTable *table, e_destination_freev (addrv); } +static const gchar *blacklisted_files [] = {".", "etc", ".."}; + +gboolean check_blacklisted_file (gchar *filename) +{ + gboolean blacklisted = FALSE; + gint i,j,len; + gchar **filename_part; + + filename_part = g_strsplit (filename, G_DIR_SEPARATOR_S, -1); + len = g_strv_length(filename_part); + for(i = 0; !blacklisted && i < G_N_ELEMENTS(blacklisted_files); i++) + { + for (j = 0; !blacklisted && j < len;j++) + if (g_str_has_prefix (filename_part[j], blacklisted_files[i])) + blacklisted = TRUE; + } + + g_strfreev(filename_part); + + return blacklisted; +} + static void handle_mailto (EMsgComposer *composer, const gchar *mailto) @@ -4094,8 +4118,14 @@ handle_mailto (EMsgComposer *composer, } else if (!g_ascii_strcasecmp (header, "attach") || !g_ascii_strcasecmp (header, "attachment")) { EAttachment *attachment; + gboolean check = FALSE; camel_url_decode (content); + check = check_blacklisted_file(content); + if(check) + e_alert_submit ( + E_ALERT_SINK (composer), + "mail:blacklisted-file", content, NULL); if (g_ascii_strncasecmp (content, "file:", 5) == 0) attachment = e_attachment_new_for_uri (content); else diff --git a/mail/mail.error.xml b/mail/mail.error.xml index f32b4ce688..006cc559a4 100644 --- a/mail/mail.error.xml +++ b/mail/mail.error.xml @@ -540,5 +540,10 @@ An mbox account will be created to preserve the old mbox folders. You can delete <_secondary>The reported error was "{0}". + + <_primary>Hidden file is attached. + <_secondary xml:space="preserve">The attachment named {0} is a hidden file and may contain sensitive data. Please review it before sending. + + -- cgit v1.2.3