Re: [PATCH v4 3/5] dump: Disallow \n in message IDs

diff --git a/fe/4c5441f39a9d0432298c6df54dc3d3e79b5782 b/fe/4c5441f39a9d0432298c6df54dc3d3e79b5782
new file mode 100644 (file)
index 0000000..f36b60e
--- /dev/null
+++ b/fe/4c5441f39a9d0432298c6df54dc3d3e79b5782
@@ -0,0 +1,138 @@
+Return-Path: <jani@nikula.org>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id D66A0431FAF\r
+       for <notmuch@notmuchmail.org>; Thu,  3 Jan 2013 09:19:12 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.7\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5\r
+       tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id GLIaA6Xn33Ie for <notmuch@notmuchmail.org>;\r
+       Thu,  3 Jan 2013 09:19:12 -0800 (PST)\r
+Received: from mail-bk0-f51.google.com (mail-bk0-f51.google.com\r
+       [209.85.214.51]) (using TLSv1 with cipher RC4-SHA (128/128 bits))\r
+       (No client certificate requested)\r
+       by olra.theworths.org (Postfix) with ESMTPS id 33BA6431FAE\r
+       for <notmuch@notmuchmail.org>; Thu,  3 Jan 2013 09:19:12 -0800 (PST)\r
+Received: by mail-bk0-f51.google.com with SMTP id ik5so6861629bkc.38\r
+       for <notmuch@notmuchmail.org>; Thu, 03 Jan 2013 09:19:11 -0800 (PST)\r
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\r
+       d=google.com; s=20120113;\r
+       h=x-received:from:to:cc:subject:in-reply-to:references:user-agent\r
+       :date:message-id:mime-version:content-type:x-gm-message-state;\r
+       bh=weg9zmvlX5oI7ii9MuCExFpek3nkOZ49dPt7RsXx6cM=;\r
+       b=OHlGToXKfiJJrf2nxkR+mh9yORAKv+N9NLCPz+SHIsz8FAU8agsIvQIn2nWThSc4q3\r
+       TquirsvzIG54BI1gXeZCSP4IAicW3MCm69rj96gJv2qrzr5dDJKNCTYcG4PAtFg888q0\r
+       jM4zZN99uHVtuigO6Mo5GtaO1L+Xv+Vb994cL1Ww/8ZP2l7r9R0SM0YlKR8SVo6Vt9uG\r
+       g5/1uEnoF/JDSEztPOlKfJf2cSSIGRQRDAEyZVKDK7bsEG0eohlR4G5ItAXRYpZLIg2a\r
+       rp4pEMG40nxi83sQjMxBDKfIffEvBSffGQ7VOZBH02AWAG7t1rOm5DHJ0k3mj1WYS2AJ\r
+       dSDQ==\r
+X-Received: by 10.204.148.134 with SMTP id p6mr23785251bkv.75.1357233550728;\r
+       Thu, 03 Jan 2013 09:19:10 -0800 (PST)\r
+Received: from localhost ([2001:4b98:dc0:43:216:3eff:fe1b:25f3])\r
+       by mx.google.com with ESMTPS id u3sm34662405bkw.9.2013.01.03.09.19.08\r
+       (version=SSLv3 cipher=OTHER); Thu, 03 Jan 2013 09:19:09 -0800 (PST)\r
+From: Jani Nikula <jani@nikula.org>\r
+To: Austin Clements <amdragon@MIT.EDU>, notmuch@notmuchmail.org\r
+Subject: Re: [PATCH v4 3/5] dump: Disallow \n in message IDs\r
+In-Reply-To: <1356936162-2589-4-git-send-email-amdragon@mit.edu>\r
+References: <1356936162-2589-1-git-send-email-amdragon@mit.edu>\r
+       <1356936162-2589-4-git-send-email-amdragon@mit.edu>\r
+User-Agent: Notmuch/0.14+235~gdaf492b (http://notmuchmail.org) Emacs/23.2.1\r
+       (x86_64-pc-linux-gnu)\r
+Date: Thu, 03 Jan 2013 18:19:02 +0100\r
+Message-ID: <87sj6igp6h.fsf@nikula.org>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain; charset=us-ascii\r
+X-Gm-Message-State:\r
+ ALoCoQk7dkZ4EVax45iSmdEH4CpjQoyF79IJK+j57UHP5ztnuKHF52mVUAjLBePfNwxZ+Z4o8c7c\r
+Cc: tomi.ollila@iki.fi\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Thu, 03 Jan 2013 17:19:13 -0000\r
+\r
+On Mon, 31 Dec 2012, Austin Clements <amdragon@MIT.EDU> wrote:\r
+> When we switch to using regular Xapian queries in the dump format, \n\r
+> will cause problems, so we disallow it.  Specially, while Xapian can\r
+> quote and parse queries containing \n without difficultly, quoted\r
+> queries containing \n still span multiple lines, which breaks the\r
+> line-orientedness of the dump format.  Strictly speaking, we could\r
+> still round-trip these, but it would significantly complicate restore\r
+> as well as scripts that deal with tag dumps.  This complexity would\r
+> come at absolutely no benefit: because of the RFC 2822 unfolding\r
+> rules, no amount of standards negligence can produce a message with a\r
+> message ID containing a line break (not even Outlook can do it!).\r
+>\r
+> Hence, we simply disallow it.\r
+> ---\r
+>  notmuch-dump.c       |    9 +++++++++\r
+>  test/random-corpus.c |    4 +++-\r
+>  2 files changed, 12 insertions(+), 1 deletion(-)\r
+>\r
+> diff --git a/notmuch-dump.c b/notmuch-dump.c\r
+> index d2dad40..29d79da 100644\r
+> --- a/notmuch-dump.c\r
+> +++ b/notmuch-dump.c\r
+> @@ -132,6 +132,15 @@ notmuch_dump_command (unused (void *ctx), int argc, char *argv[])\r
+>      if (output_format == DUMP_FORMAT_SUP) {\r
+>          fputs (")\n", output);\r
+>      } else {\r
+> +        if (strchr (message_id, '\n')) {\r
+> +            /* This will produce a line break in the output, which\r
+> +             * would be difficult to handle in tools.  However,\r
+> +             * it's also impossible to produce an email containing\r
+> +             * a line break in a message ID because of unfolding,\r
+> +             * so we can safely disallow it. */\r
+> +            fprintf (stderr, "Error: cannot dump message id containing line break: %s\n", message_id);\r
+> +            return 1;\r
+\r
+How about just skipping the message in the dump, with a warning, instead\r
+of bailing out? If the user is desperate to do a backup for whatever\r
+reason, I don't think it's a good idea to require deleting the message\r
+from the db before dump can succeed. The fs holding the db might be\r
+remounted ro and all that.\r
+\r
+And perhaps the message id in the error message should be wrapped in\r
+quotes, because it will span multiple lines due to having a\r
+newline... ;)\r
+\r
+Otherwise, LGTM.\r
+\r
+Jani.\r
+\r
+> +        }\r
+>          if (hex_encode (notmuch, message_id,\r
+>                          &buffer, &buffer_size) != HEX_SUCCESS) {\r
+>                  fprintf (stderr, "Error: failed to hex-encode msg-id %s\n",\r
+> diff --git a/test/random-corpus.c b/test/random-corpus.c\r
+> index f354d4b..8b7748e 100644\r
+> --- a/test/random-corpus.c\r
+> +++ b/test/random-corpus.c\r
+> @@ -96,7 +96,9 @@ random_utf8_string (void *ctx, size_t char_count)\r
+>          buf = talloc_realloc (ctx, buf, gchar, buf_size);\r
+>      }\r
+>  \r
+> -    randomchar = random_unichar ();\r
+> +    do {\r
+> +        randomchar = random_unichar ();\r
+> +    } while (randomchar == '\n');\r
+>  \r
+>      written = g_unichar_to_utf8 (randomchar, buf + offset);\r
+>  \r
+> -- \r
+> 1.7.10.4\r