From bed1bad3ea0250d6d3998fcee8204f66bc4b7636 Mon Sep 17 00:00:00 2001 From: Michael Gratton Date: Sat, 6 Jul 2019 14:38:05 +1000 Subject: [PATCH] Fix "'test@example.com' " marked as spoofed Make RFC833.MailboxAddress.has_distinct_name() consider substrings rather than straight-up string comparison. See #491 --- src/engine/rfc822/rfc822-mailbox-address.vala | 18 +++++++------ test/engine/rfc822-mailbox-address-test.vala | 26 +++++++++++-------- 2 files changed, 25 insertions(+), 19 deletions(-) diff --git a/src/engine/rfc822/rfc822-mailbox-address.vala b/src/engine/rfc822/rfc822-mailbox-address.vala index 448c6c9c..07560000 100644 --- a/src/engine/rfc822/rfc822-mailbox-address.vala +++ b/src/engine/rfc822/rfc822-mailbox-address.vala @@ -409,17 +409,19 @@ public class Geary.RFC822.MailboxAddress : * Determines if the name part is different to the address part. * * @return //true// if {@link name} is not empty, and the - * normalised name part and {@link address} are not equal when - * performing a case-insensitive comparison. + * normalised {@link address} part is not contained within the + * name part when performing a case-insensitive comparison. */ public bool has_distinct_name() { string name = Geary.String.reduce_whitespace(this.name); - return ( - !Geary.String.is_empty(name) && - name.normalize().casefold() != Geary.String.reduce_whitespace( - this.address.normalize().casefold() - ) - ); + bool ret = false; + if (!Geary.String.is_empty(name)) { + string address = Geary.String.reduce_whitespace( + this.address.normalize() + ); + ret = !(address.normalize().casefold() in name.casefold()); + } + return ret; } /** diff --git a/test/engine/rfc822-mailbox-address-test.vala b/test/engine/rfc822-mailbox-address-test.vala index b6e30789..ceb32381 100644 --- a/test/engine/rfc822-mailbox-address-test.vala +++ b/test/engine/rfc822-mailbox-address-test.vala @@ -12,8 +12,9 @@ class Geary.RFC822.MailboxAddressTest : TestCase { add_test("is_valid_address", is_valid_address); add_test("unescaped_constructor", unescaped_constructor); add_test("from_rfc822_string_encoded", from_rfc822_string_encoded); - add_test("is_spoofed", is_spoofed); + // latter depends on the former, so test that first add_test("has_distinct_name", has_distinct_name); + add_test("is_spoofed", is_spoofed); add_test("to_full_display", to_full_display); add_test("to_short_display", to_short_display); // latter depends on the former, so test that first @@ -151,6 +152,17 @@ class Geary.RFC822.MailboxAddressTest : TestCase { } } + public void has_distinct_name() throws Error { + assert(new MailboxAddress("example", "example@example.com").has_distinct_name() == true); + + assert(new MailboxAddress("", "example@example.com").has_distinct_name() == false); + assert(new MailboxAddress(" ", "example@example.com").has_distinct_name() == false); + assert(new MailboxAddress("example@example.com", "example@example.com").has_distinct_name() == false); + assert(new MailboxAddress(" example@example.com ", "example@example.com").has_distinct_name() == false); + assert(new MailboxAddress(" example@example.com ", "example@example.com").has_distinct_name() == false); + assert(new MailboxAddress("'example@example.com'", "example@example.com").has_distinct_name() == false); + } + public void is_spoofed() throws Error { assert(new MailboxAddress(null, "example@example.com").is_spoofed() == false); assert(new MailboxAddress("", "example@example.com").is_spoofed() == false); @@ -161,6 +173,7 @@ class Geary.RFC822.MailboxAddressTest : TestCase { assert(new MailboxAddress("test?", "example@example.com").is_spoofed() == false); assert(new MailboxAddress("test@example.com", "test@example.com").is_spoofed() == false); assert(new MailboxAddress("test@EXAMPLE.com", "test@example.com").is_spoofed() == false); + assert(new MailboxAddress("'example@example.com'", "example@example.com").is_spoofed() == false); assert(new MailboxAddress("test@example.com", "example@example.com").is_spoofed() == true); assert(new MailboxAddress("test @ example . com", "example@example.com").is_spoofed() == true); @@ -169,6 +182,7 @@ class Geary.RFC822.MailboxAddressTest : TestCase { assert(new MailboxAddress("test", "example@\nexample@example.com").is_spoofed() == true); assert(new MailboxAddress("test", "example@example@example.com").is_spoofed() == true); + try { assert(new MailboxAddress.from_rfc822_string("\"=?utf-8?b?dGVzdCIgPHBvdHVzQHdoaXRlaG91c2UuZ292Pg==?==?utf-8?Q?=00=0A?=\" ") .is_spoofed() == true); @@ -177,16 +191,6 @@ class Geary.RFC822.MailboxAddressTest : TestCase { } } - public void has_distinct_name() throws Error { - assert(new MailboxAddress("example", "example@example.com").has_distinct_name() == true); - - assert(new MailboxAddress("", "example@example.com").has_distinct_name() == false); - assert(new MailboxAddress(" ", "example@example.com").has_distinct_name() == false); - assert(new MailboxAddress("example@example.com", "example@example.com").has_distinct_name() == false); - assert(new MailboxAddress(" example@example.com ", "example@example.com").has_distinct_name() == false); - assert(new MailboxAddress(" example@example.com ", "example@example.com").has_distinct_name() == false); - } - public void to_full_display() throws Error { assert(new MailboxAddress("", "example@example.com").to_full_display() == "example@example.com");