Return-Path: <Sebastian@SSpaeth.de>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 0F612429E25
	for <notmuch@notmuchmail.org>; Wed, 17 Aug 2011 05:49:05 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: -0.09
X-Spam-Level: 
X-Spam-Status: No, score=-0.09 tagged_above=-999 required=5
	tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
	RCVD_IN_DNSWL_NONE=-0.0001, T_MIME_NO_TEXT=0.01] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Xc06EBasMO88 for <notmuch@notmuchmail.org>;
	Wed, 17 Aug 2011 05:49:04 -0700 (PDT)
Received: from homiemail-a19.g.dreamhost.com (caiajhbdcagg.dreamhost.com
	[208.97.132.66])
	by olra.theworths.org (Postfix) with ESMTP id 66BA9431FD0
	for <notmuch@notmuchmail.org>; Wed, 17 Aug 2011 05:49:04 -0700 (PDT)
Received: from homiemail-a19.g.dreamhost.com (localhost [127.0.0.1])
	by homiemail-a19.g.dreamhost.com (Postfix) with ESMTP id D6903604079;
	Wed, 17 Aug 2011 05:49:02 -0700 (PDT)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=SSpaeth.de; h=from:to:subject
	:in-reply-to:references:date:message-id:mime-version:
	content-type; q=dns; s=sspaeth.de; b=gWLjVNFlq3CBG/GayJKgZbTF31L
	YmfeUNCF2mRdzb01k5tCwhdHn6yNO6/w3jVytpzZT8ioseGRbHhCLv0cFZLknPGO
	s9J37tPT3b8WmklkzYqUGZev9lfmAaeJvl9uxNVQbs8juMeMW5J+NYZorr5MBq5U
	13dPvAs/b6SBp8Gw=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=SSpaeth.de; h=from:to
	:subject:in-reply-to:references:date:message-id:mime-version:
	content-type; s=sspaeth.de; bh=4j0U88P/LuOykzupuAVPdp6r0Og=; b=T
	MSv8yeYpencJq+pUD5A9XEo4ullcNuobqCb6KwdLqxfQ/QImtfzztBKW+qfDE70m
	juziG0xYp4fbSrCpSsbakB9mEk63oDdxzXNoXS7OS09sOdSq1oxoWMrCoUznqpFn
	AxU3JKdJcGuus6OEBFDBWlrRnW5XBoj0KtzL/Q8TbI=
Received: from spaetzbook.sspaeth.de (mtec-hg-docking-1-dhcp-21.ethz.ch
	[129.132.133.21])
	(using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: fax@sspaeth.de)
	by homiemail-a19.g.dreamhost.com (Postfix) with ESMTPSA id 55C1A60405D; 
	Wed, 17 Aug 2011 05:49:01 -0700 (PDT)
Received: by spaetzbook.sspaeth.de (sSMTP sendmail emulation);
	Wed, 17 Aug 2011 14:48:58 +0200
From: Sebastian Spaeth <Sebastian@SSpaeth.de>
To: Patrick Totzke <patricktotzke@googlemail.com>, notmuch@notmuchmail.org
Subject: Re: [PATCH 2/2] [python] fix unsafe utf-8 decodings
In-Reply-To: <1313530667-10648-1-git-send-email-patricktotzke@gmail.com>
References: <1313155408-17156-1-git-send-email-patricktotzke@gmail.com>
	<1313530667-10648-1-git-send-email-patricktotzke@gmail.com>
User-Agent: Notmuch/0.7-19-gee4579a (http://notmuchmail.org) Emacs/23.2.1
	(x86_64-pc-linux-gnu)
Date: Wed, 17 Aug 2011 14:48:58 +0200
Message-ID: <87wrecqk3p.fsf@SSpaeth.de>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Aug 2011 12:49:05 -0000

--=-=-=
Content-Transfer-Encoding: quoted-printable

On Tue, 16 Aug 2011 22:37:47 +0100, Patrick Totzke <patricktotzke@googlemai=
l.com> wrote:
> This prevents unsafe calls to decode for return
> value None in get_authors/get_subject

Thanks for the heads up, I just pushed a modified version of this. Some
comments on the code below.

Sebastian

> -        tag =3D Tags._get(self._tags).decode('utf-8')
> +        tag =3D Tags._get(self._tags)
> +        if tag:
> +            tag =3D tag.decode('UTF-8')

This was already safe as=20
  if not nmlib.notmuch_tags_valid(self._tags):
was making sure that something useful will be returned.

> -        return Thread._get_authors(self._thread).decode('UTF-8')
> +        authors =3D Thread._get_authors(self._thread)
> +        if authors:
> +            return authors.decode('UTF-8')
> +        return None

> -        return Thread._get_subject(self._thread).decode('UTF-8')
> +        subject =3D Thread._get_subject(self._thread)
> +        if subject:
> +            return subject.decode('UTF-8')
> +        return None

Modified this to say:

foo =3D get_foo()
if foo is None:
   return None
return foo.decode('UTF-8')

Otherwise you would fall into a trap when e.g. the subject is empty and
a '' is returned. Your code would have returned "None". My version will
return ''.

Thanks!

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk5LuLoACgkQVYX1jMgnoGIjrwCeJ9GkxYX2rYmboZLkkJntextG
2h0An2afzUU+q77USkgy6Cuw5xAZQLGr
=X7et
-----END PGP SIGNATURE-----
--=-=-=--