[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-commits] [torbirdy/master] Prevent leaking user's installed dictionary (Bug 22484)

To: tor-commits@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-commits] [torbirdy/master] Prevent leaking user's installed dictionary (Bug 22484)
From: sukhbir@xxxxxxxxxxxxxx
Date: Wed, 28 Mar 2018 15:34:15 +0000 (UTC)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 28 Mar 2018 11:34:27 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-commits/>
List-help: <mailto:tor-commits-request@lists.torproject.org?subject=help>
List-id: "auto: code repository commits" <tor-commits.lists.torproject.org>
List-post: <mailto:tor-commits@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-commits>, <mailto:tor-commits-request@lists.torproject.org?subject=unsubscribe>
Patch-author: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
Sender: "tor-commits" <tor-commits-bounces@xxxxxxxxxxxxxxxxxxxx>

commit 63fa6e508d5ed3218ca9f261a00347f0027b0913
Author: Sukhbir Singh <sukhbir@xxxxxxxxxxxxxx>
Date:   Wed Mar 28 11:31:53 2018 -0400

    Prevent leaking user's installed dictionary (Bug 22484)
    
    Also set the Content-Language to "en-US" to prevent leaking the user's
    default dictionary. Reported in https://bugs.torproject.org/22484 and
    discussed in Section 4 of RFC 3282.  Thunderbird bug:
    https://bugzilla.mozilla.org/show_bug.cgi?id=1370217
---
 components/torbirdy.js | 20 +++++++++++++++-----
 1 file changed, 15 insertions(+), 5 deletions(-)

diff --git a/components/torbirdy.js b/components/torbirdy.js
index bfe2427..e8d2cd2 100644
--- a/components/torbirdy.js
+++ b/components/torbirdy.js
@@ -391,12 +391,14 @@ var TorBirdyOldPrefs = [
   "network.proxy.http",
 ]
 
-// sanitizeDateHeaders()
-// Run this function to make sure that the Date header in a new message
-// is rounded down to the nearest minute.
-function sanitizeDateHeaders() {
+// sanitizeHeaders()
+// Sanitize the "Date" and "Content-Language" headers.
+function sanitizeHeaders() {
   // Import the jsmime module that is used to generate mail headers.
   let { jsmime } = Cu.import("resource:///modules/jsmime.jsm");
+  // Date
+  // Run this function to make sure that the Date header in a new message
+  // is rounded down to the nearest minute.
   // Inject our own structured encoder to the default header emitter,
   // to override the default Date encoder with a rounded-down version.
   jsmime.headeremitter.addStructuredEncoder("Date", function (date) {
@@ -410,6 +412,14 @@ function sanitizeDateHeaders() {
     // We replace the "GMT" symbol with "+0000" because it is preferred.
     this.addText(roundedDate.toUTCString().replace(/GMT$/, "+0000"), false);
   });
+  // Content-Language
+  // Also set the Content-Language to "en-US" to prevent leaking the user's
+  // default dictionary. Reported in https://bugs.torproject.org/22484 and
+  // discussed in Section 4 of RFC 3282.
+  // Thunderbird bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1370217
+  jsmime.headeremitter.addStructuredEncoder("Content-Language", function (locale) {
+    this.addText("en-US", false);
+  });
 }
 
 function TorBirdy() {
@@ -439,7 +449,7 @@ function TorBirdy() {
 
   this.setAccountPrefs();
   this.setPrefs();
-  sanitizeDateHeaders();
+  sanitizeHeaders();
 
 }
 



_______________________________________________
tor-commits mailing list
tor-commits@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-commits

Prev by Author: [tor-commits] [torbirdy/master] Update translations
Next by Author: [tor-commits] [torbirdy/master] Disable fetching site icons (#22944)
Previous by thread: [tor-commits] [tor/maint-0.3.3] Test TLD validation
Next by thread: [tor-commits] [torbirdy/master] Update the ChangeLog
Index(es):
- Author
- Thread