SECURITY: Sanitize email id for use as mutex key

2024-11-22 16:02:46 +08:00 · 2019-07-24 13:45:02 +01:00 · 2019-07-24 13:45:02 +01:00 · b3e5f7a8c6
commit b3e5f7a8c6
parent 1d38bf7e2c
1 changed files with 2 additions and 1 deletions
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@ -67,7 +67,8 @@ module Email

    def process!
      return if is_blacklisted?
-      DistributedMutex.synchronize(@message_id) do
+      id_hash = Digest::SHA1.hexdigest(@message_id)
+      DistributedMutex.synchronize("process_email_#{id_hash}") do
        begin
          return if IncomingEmail.exists?(message_id: @message_id)
          ensure_valid_address_lists