From e9c0fb0621da65883b7570c358ff82bdbfeb0afb Mon Sep 17 00:00:00 2001
From: David Taylor <david@taylorhq.com>
Date: Wed, 24 Jul 2019 13:45:02 +0100
Subject: [PATCH] SECURITY: Sanitize email id for use as mutex key

---
 lib/email/receiver.rb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index 42615bebf3..18452eb067 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -67,7 +67,8 @@ module Email
 
     def process!
       return if is_blacklisted?
-      DistributedMutex.synchronize(@message_id) do
+      id_hash = Digest::SHA1.hexdigest(@message_id)
+      DistributedMutex.synchronize("process_email_#{id_hash}") do
         begin
           return if IncomingEmail.exists?(message_id: @message_id)
           ensure_valid_address_lists