From 9a69f474e342bab23718c180ebb5fb105968e78e Mon Sep 17 00:00:00 2001
From: Milan Crha <mcrha@redhat.com>
Date: Thu, 30 Sep 2021 14:46:31 +0200
Subject: [PATCH] I#1621 - Prevent IDN homograph attacks

Closes https://gitlab.gnome.org/GNOME/evolution/-/issues/1621
---
 src/e-util/e-misc-utils.c              |  1 +
 src/em-format/e-mail-formatter-utils.c | 12 +++++++-----
 2 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/e-util/e-misc-utils.c b/src/e-util/e-misc-utils.c
index 2caf35c835..9dc738f431 100644
--- a/src/e-util/e-misc-utils.c
+++ b/src/e-util/e-misc-utils.c
@@ -4624,6 +4624,7 @@ e_util_get_uri_tooltip (const gchar *uri)
 	curl = camel_url_new (uri, NULL);
 	address = camel_internet_address_new ();
 	camel_address_decode (CAMEL_ADDRESS (address), curl->path);
+	camel_internet_address_sanitize_ascii_domain (address);
 	who = camel_address_format (CAMEL_ADDRESS (address));
 	g_object_unref (address);
 	camel_url_free (curl);
diff --git a/src/em-format/e-mail-formatter-utils.c b/src/em-format/e-mail-formatter-utils.c
index 26391063a5..929da58db6 100644
--- a/src/em-format/e-mail-formatter-utils.c
+++ b/src/em-format/e-mail-formatter-utils.c
@@ -128,7 +128,7 @@ e_mail_formatter_format_address (EMailFormatter *formatter,
                                  gboolean elipsize)
 {
 	CamelMimeFilterToHTMLFlags flags;
-	gchar *name, *mailto, *addr;
+	gchar *name, *mailto, *addr, *sanitized_addr;
 	gint i = 0;
 	gchar *str = NULL;
 	gint limit = mail_config_get_address_count ();
@@ -148,6 +148,7 @@ e_mail_formatter_format_address (EMailFormatter *formatter,
 
 		switch (a->type) {
 		case CAMEL_HEADER_ADDRESS_NAME:
+			sanitized_addr = camel_utils_sanitize_ascii_domain_in_address (a->v.addr, TRUE);
 			if (name != NULL && *name != '\0') {
 				gchar *real, *mailaddr;
 
@@ -162,23 +163,24 @@ e_mail_formatter_format_address (EMailFormatter *formatter,
 
 				/* rfc2368 for mailto syntax and url encoding extras */
 				if ((real = camel_header_encode_phrase ((guchar *) a->name))) {
-					mailaddr = g_strdup_printf ("%s <%s>", real, a->v.addr);
+					mailaddr = g_strdup_printf ("%s <%s>", real, sanitized_addr ? sanitized_addr : a->v.addr);
 					g_free (real);
 					mailto = camel_url_encode (mailaddr, "?=&()");
 					g_free (mailaddr);
 				} else {
-					mailto = camel_url_encode (a->v.addr, "?=&()");
+					mailto = camel_url_encode (sanitized_addr ? sanitized_addr : a->v.addr, "?=&()");
 				}
 			} else {
-				mailto = camel_url_encode (a->v.addr, "?=&()");
+				mailto = camel_url_encode (sanitized_addr ? sanitized_addr : a->v.addr, "?=&()");
 			}
-			addr = camel_text_to_html (a->v.addr, flags, 0);
+			addr = camel_text_to_html (sanitized_addr ? sanitized_addr : a->v.addr, flags, 0);
 			if (no_links)
 				g_string_append_printf (out, "%s", addr);
 			else if (!show_mails && name && *name)
 				g_string_append_printf (out, "<a href=\"mailto:%s\">%s</a>", mailto, name);
 			else
 				g_string_append_printf (out, "<a href=\"mailto:%s\">%s</a>", mailto, addr);
+			g_free (sanitized_addr);
 			g_free (mailto);
 			g_free (addr);