From c9fd36c6c10a21808ec741cc38b19d1a83d0e932 Mon Sep 17 00:00:00 2001 From: Austin Clements Date: Tue, 4 Feb 2014 15:46:12 +1900 Subject: [PATCH] Re: [PATCH v3 4/6] cli: sanitize the received header before scanning for replies --- 2c/595180ab8b73dec0e1ea4c0f1c12ec911b8fc6 | 131 ++++++++++++++++++++++ 1 file changed, 131 insertions(+) create mode 100644 2c/595180ab8b73dec0e1ea4c0f1c12ec911b8fc6 diff --git a/2c/595180ab8b73dec0e1ea4c0f1c12ec911b8fc6 b/2c/595180ab8b73dec0e1ea4c0f1c12ec911b8fc6 new file mode 100644 index 000000000..1f47993a7 --- /dev/null +++ b/2c/595180ab8b73dec0e1ea4c0f1c12ec911b8fc6 @@ -0,0 +1,131 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 955E9431FBC + for ; Mon, 3 Feb 2014 12:46:25 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: -0.7 +X-Spam-Level: +X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 + tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id C97kxAQTWejO for ; + Mon, 3 Feb 2014 12:46:19 -0800 (PST) +Received: from dmz-mailsec-scanner-3.mit.edu (dmz-mailsec-scanner-3.mit.edu + [18.9.25.14]) + (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id 3D22C431FAF + for ; Mon, 3 Feb 2014 12:46:19 -0800 (PST) +X-AuditID: 1209190e-f79ee6d000000c40-89-52f0001abacd +Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) + (using TLS with cipher AES256-SHA (256/256 bits)) + (Client did not present a certificate) + by dmz-mailsec-scanner-3.mit.edu (Symantec Messaging Gateway) with SMTP + id FA.EB.03136.A1000F25; Mon, 3 Feb 2014 15:46:18 -0500 (EST) +Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) + by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id s13KkGRF023224; + Mon, 3 Feb 2014 15:46:17 -0500 +Received: from awakening.csail.mit.edu (awakening.csail.mit.edu [18.26.4.91]) + (authenticated bits=0) + (User authenticated as amdragon@ATHENA.MIT.EDU) + by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id s13KkDYF024333 + (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); + Mon, 3 Feb 2014 15:46:15 -0500 +Received: from amthrax by awakening.csail.mit.edu with local (Exim 4.80) + (envelope-from ) + id 1WAQPE-0002Qm-Ud; Mon, 03 Feb 2014 15:46:13 -0500 +Date: Mon, 3 Feb 2014 15:46:12 -0500 +From: Austin Clements +To: Jani Nikula +Subject: Re: [PATCH v3 4/6] cli: sanitize the received header before scanning + for replies +Message-ID: <20140203204611.GL4375@mit.edu> +References: + +MIME-Version: 1.0 +Content-Type: text/plain; charset=us-ascii +Content-Disposition: inline +In-Reply-To: + +User-Agent: Mutt/1.5.21 (2010-09-15) +X-Brightmail-Tracker: + H4sIAAAAAAAAA+NgFmpmleLIzCtJLcpLzFFi42IR4hTV1pVi+BBk0LFWwKJpurPF9ZszmR2Y + PG7df83u8WzVLeYApigum5TUnMyy1CJ9uwSujOM/OxgLVnBXnGx4ydzAeJ+ji5GTQ0LAROJN + fzsrhC0mceHeerYuRi4OIYHZTBKrP/+AcjYwSnzdcAfKOcUk8eH4UyYIZwmjxP9/08D6WQRU + JPomrWcEsdkENCS27V8OZosIKEpsPrkfzGYWkJb49ruZCcQWFoiWOPv+NFicV0Bb4s3MPrC4 + kECdxNXWmywQcUGJkzOfsED0aknc+PcSqIYDbM7yf2AvcAqESWxYOJcZxBYFOmHKyW1sExiF + ZiHpnoWkexZC9wJG5lWMsim5Vbq5iZk5xanJusXJiXl5qUW6xnq5mSV6qSmlmxjBYS3Jt4Px + 60GlQ4wCHIxKPLwde98FCbEmlhVX5h5ilORgUhLlzfnzPkiILyk/pTIjsTgjvqg0J7X4EKME + B7OSCK/fJ6Acb0piZVVqUT5MSpqDRUmcN3HGmyAhgfTEktTs1NSC1CKYrAwHh5IEr9x/oEbB + otT01Iq0zJwShDQTByfIcB6g4VX/QIYXFyTmFmemQ+RPMSpKifOagzQLgCQySvPgemFp5xWj + ONArwrx3Qdp5gCkLrvsV0GAmoMHrXMEGlyQipKQaGCvUnmRbvjOvaNnO5MRSWhm0vUvo19uX + 4UpBHX8u7feNuna7vfzqbuHZDtqdxzikDuQxFq48n6O35GtihMTCwI7JGu/1RWS35h97O22+ + cZ/V/i1W1cfOFl6pX3pWafV9xjUV32Ys/Vjiy37+nKy7+MET1mqJHVGCckf77s3d0Ve0NqC1 + 8fZkByWW4oxEQy3mouJEAL2Whm4WAwAA +Cc: notmuch@notmuchmail.org +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 03 Feb 2014 20:46:25 -0000 + +Quoth Jani Nikula on Feb 03 at 9:51 pm: +> This makes the from guessing agnostic to header folding by spaces or +> tabs. +> --- +> notmuch-reply.c | 12 ++++++++++-- +> 1 file changed, 10 insertions(+), 2 deletions(-) +> +> diff --git a/notmuch-reply.c b/notmuch-reply.c +> index 47993d2..3f7021e 100644 +> --- a/notmuch-reply.c +> +++ b/notmuch-reply.c +> @@ -21,6 +21,7 @@ +> */ +> +> #include "notmuch-client.h" +> +#include "string-util.h" +> #include "sprinter.h" +> +> static void +> @@ -465,14 +466,21 @@ guess_from_in_received_headers (notmuch_config_t *config, +> notmuch_message_t *message) +> { +> const char *received, *addr; +> + char *sanitized; +> +> received = notmuch_message_get_header (message, "received"); +> if (! received) +> return NULL; +> +> - addr = guess_from_in_received_for (config, received); +> + sanitized = sanitize_string (config, received); + +Did you mean to pass "config" as the talloc context for +sanitize_string? It seems like a better context would be "message" or +possibly even NULL, given that you explicitly talloc_free the string. + +> + if (! sanitized) +> + return NULL; +> + +> + addr = guess_from_in_received_for (config, sanitized); +> if (! addr) +> - addr = guess_from_in_received_by (config, received); +> + addr = guess_from_in_received_by (config, sanitized); +> + +> + talloc_free (sanitized); +> +> return addr; +> } -- 2.26.2