Bug 387619

Summary: Some of Mailsploit test patterns are incorrectly decoded
Product: [Applications] kmail2 Reporter: Shinjo Park <kde>
Component: message listAssignee: kdepim bugs <kdepim-bugs>
Status: RESOLVED FIXED    
Severity: normal CC: montel, sknauss
Priority: NOR    
Version: 5.5.3   
Target Milestone: ---   
Platform: Ubuntu   
OS: Linux   
Latest Commit: https://commits.kde.org/kdepim-addons/8208fe9919692ee2f95a9aa09370edf60e85f690 Version Fixed In: 5.7.0
Attachments: Message list showing incorrectly parsed sender (2nd) field

Description Shinjo Park 2017-12-05 15:18:55 UTC 
The email address parsing problem, as discovered by the Mailsploit, persists in various mail clients. Looks like KMail is not tested, I am filing a bug to improve the current status.

Test the email at: https://www.mailsploit.com/index#demo

As of my KMail version 5.5.3, bugs are existing in both message list and message viewer.

For message list, the following messages from Mailsploit shows incorrect sender values:
 - Mailsploit: Mozilla-Thunderbird ≤ 52.5.0-like (via spoof\n\0 <spoof\n\0@domain>)
 - Mailsploit: Variation #3 (via "spoof" <spoof>\n\0\0\0 <user@domain>)
 - Mailsploit: Variation #3.2 (via "spoof" <test>\n\0\0\0 <user@domain>)
 - Mailsploit: Variation #3.2 (via "spoof" <test>\n\0\0\0 <user@domain>)

For message viewer, I have Enterprise, Fancy, Standard, Brief headers and KMail 5.2. From my testing, only "Enterprise headers" shows incorrect sender values for the following messages:
 - Mailsploit: Variation #5 (via spoof <user@domain>)
 - Mailsploit: Mozilla-Thunderbird ≤ 52.5.0-like (via spoof\n\0 <spoof\n\0@domain>)
Comment 1 Shinjo Park 2017-12-05 15:29:12 UTC 
Created attachment 109217 [details]
Message list showing incorrectly parsed sender (2nd) field
Comment 2 Christophe Marin 2017-12-05 15:35:35 UTC 
With KMail from master :

(In reply to Shinjo Park from comment #0)
> For message list, the following messages from Mailsploit shows incorrect
> sender values:
>  - Mailsploit: Mozilla-Thunderbird ≤ 52.5.0-like (via spoof\n\0
> <spoof\n\0@domain>)

didn't receive this one :) 

>  - Mailsploit: Variation #3 (via "spoof" <spoof>\n\0\0\0 <user@domain>)
Standard headers : "\"potus@whitehouse.gov\" <potus@whitehouse.gov>"
Enterprise headers : "potus@whitehouse.gov" <potus@whitehouse.gov>

>  - Mailsploit: Variation #3.2 (via "spoof" <test>\n\0\0\0 <user@domain>)
- Standard : "\"potus@whitehouse.gov\" <test>" <demo@mailsploit.com>
- enterprise : "potus@whitehouse.gov" <test>

>  - Mailsploit: Variation #5 (via spoof <user@domain>)

- Standard : "potus@whitehouse.gov" <demo@mailsploit.com>
- Enterprise : potus@whitehouse.gov
Comment 3 Christophe Marin 2017-12-05 15:42:45 UTC 
the 'simple' header theme is also affected.
Comment 4 Laurent Montel 2017-12-05 16:12:48 UTC 
I confirm it.
I will fix it soon.
Comment 5 Laurent Montel 2017-12-05 16:19:36 UTC 
"
For message list, the following messages from Mailsploit shows incorrect sender values:
 - Mailsploit: Mozilla-Thunderbird ≤ 52.5.0-like (via spoof\n\0 <spoof\n\0@domain>)
 - Mailsploit: Variation #3 (via "spoof" <spoof>\n\0\0\0 <user@domain>)
 - Mailsploit: Variation #3.2 (via "spoof" <test>\n\0\0\0 <user@domain>)
 - Mailsploit: Variation #3.2 (via "spoof" <test>\n\0\0\0 <user@domain>)
"
it's already fixed in 5.7.0

But other is not for the moment
Comment 6 Laurent Montel 2017-12-05 16:20:19 UTC 
Git commit 8208fe9919692ee2f95a9aa09370edf60e85f690 by Montel Laurent.
Committed on 05/12/2017 at 16:19.
Pushed by mlaurent into branch 'Applications/17.12'.

Fix Bug 387619 - Some of Mailsploit test patterns are incorrectly decoded

FIXED-IN: 5.7.0

M  +3    -3    plugins/messageviewerheaderplugins/briefheaderstyleplugin/briefheaderstyle.cpp
M  +1    -1    plugins/messageviewerheaderplugins/enterpriseheaderstyleplugin/enterpriseheaderstyle.cpp

https://commits.kde.org/kdepim-addons/8208fe9919692ee2f95a9aa09370edf60e85f690