--- /dev/null
+Return-Path: <jani@nikula.org>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 37C43431FAF\r
+ for <notmuch@notmuchmail.org>; Wed, 14 Mar 2012 23:33:29 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.699\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.699 tagged_above=-999 required=5\r
+ tests=[HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id lnl6v3IwCgsF for <notmuch@notmuchmail.org>;\r
+ Wed, 14 Mar 2012 23:33:23 -0700 (PDT)\r
+Received: from mail-pz0-f46.google.com (mail-pz0-f46.google.com\r
+ [209.85.210.46]) (using TLSv1 with cipher RC4-SHA (128/128 bits))\r
+ (No client certificate requested)\r
+ by olra.theworths.org (Postfix) with ESMTPS id DB239431FAE\r
+ for <notmuch@notmuchmail.org>; Wed, 14 Mar 2012 23:33:22 -0700 (PDT)\r
+Received: by dajr28 with SMTP id r28so3974725daj.19\r
+ for <notmuch@notmuchmail.org>; Wed, 14 Mar 2012 23:33:22 -0700 (PDT)\r
+X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;\r
+ d=google.com; s=20120113;\r
+ h=mime-version:in-reply-to:references:date:message-id:subject:from:to\r
+ :cc:content-type:x-gm-message-state;\r
+ bh=nGmn7Y/yzsuBr57ku0+wEEAcwAbfNm5EHzhdB7bdU/s=;\r
+ b=p5XenMw4/G3539hXH5MWNj2eFuOLpVMIGRNWQW7DSpCb1uA+CglBLc5A5i2rj/GkU2\r
+ tKKXx7JT08Y1QI45BDazvinN/qpwjdFCKIVbU5ijnxK/hPGdHn4hOAEIJRGJsj33xOsB\r
+ lXUlom6D6IrJVYSk57RLsTuc21wULzql9E7ga/nECF/LDJ0QwLp37rYV08TLxY+E0kgV\r
+ SEbvK60TXk+rlYkvWYr2DeLEWD2/DE3KvS3CpIz26UINSmMAjAjyI1c/9jL8A7OftZva\r
+ 0cp/iahUhQvXJh9CcjmUrva/QRldQ78isRF0Mf39/e1j0idCwvoV6nqP+XZGCeFy+oQf\r
+ /DJA==\r
+MIME-Version: 1.0\r
+Received: by 10.68.225.73 with SMTP id ri9mr2505847pbc.70.1331793201890; Wed,\r
+ 14 Mar 2012 23:33:21 -0700 (PDT)\r
+Received: by 10.68.136.227 with HTTP; Wed, 14 Mar 2012 23:33:21 -0700 (PDT)\r
+Received: by 10.68.136.227 with HTTP; Wed, 14 Mar 2012 23:33:21 -0700 (PDT)\r
+In-Reply-To: <87k42momyi.fsf@awakening.csail.mit.edu>\r
+References: <87fwdptbir.fsf@dehydrator.spatula.rdu.redhat.com>\r
+ <1330849538-24558-1-git-send-email-jani@nikula.org>\r
+ <87k42momyi.fsf@awakening.csail.mit.edu>\r
+Date: Thu, 15 Mar 2012 08:33:21 +0200\r
+Message-ID:\r
+ <CAB+hUn8FJ-=CA1JZoYMzH0-E+S9Y75TPqgb1w6YKFuU6=S2Xqw@mail.gmail.com>\r
+Subject: Re: [PATCH] emacs: fix MML quoting in replies\r
+From: Jani Nikula <jani@nikula.org>\r
+To: Austin Clements <amdragon@mit.edu>\r
+Content-Type: multipart/alternative; boundary=e89a8ff2437db686d604bb424428\r
+X-Gm-Message-State:\r
+ ALoCoQkJgMZ7Uh1agFGN90xNIYEopUa+r4JUHtxGuOJPOGy5/LxgV5vO407G9OJ7mJwZZHqpRFaU\r
+Cc: notmuch@notmuchmail.org\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Thu, 15 Mar 2012 06:33:29 -0000\r
+\r
+--e89a8ff2437db686d604bb424428\r
+Content-Type: text/plain; charset=UTF-8\r
+\r
+On Mar 15, 2012 12:08 AM, "Austin Clements" <amdragon@mit.edu> wrote:\r
+>\r
+> On Sun, 4 Mar 2012 10:25:38 +0200, Jani Nikula <jani@nikula.org> wrote:\r
+> > The reply MML quoting added in commit ae438cc unintentionally MML\r
+> > quotes also the signature/encryption MML tags added via\r
+> > message-setup-hook, causing the reply not to be signed/encrypted.\r
+> >\r
+> > MML quote just the original message in the temp buffer before\r
+> > inserting it to the message buffer, to not interfere with message mode\r
+> > hooks or message construction in general.\r
+> >\r
+> > See [1] and [2] for bug reports.\r
+> >\r
+> > Thanks to Tim Bielawa <tbielawa@redhat.com> for testing.\r
+> >\r
+> > [1] id:"87hay78x6l.fsf@wyzanski.jamesvasile.com"\r
+> > [2] id:"1330812262-28272-1-git-send-email-tbielawa@redhat.com".\r
+> >\r
+> > Signed-off-by: Jani Nikula <jani@nikula.org>\r
+> > ---\r
+> > emacs/notmuch-mua.el | 10 ++++------\r
+> > 1 files changed, 4 insertions(+), 6 deletions(-)\r
+> >\r
+> > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el\r
+> > index 4be7c13..13244eb 100644\r
+> > --- a/emacs/notmuch-mua.el\r
+> > +++ b/emacs/notmuch-mua.el\r
+> > @@ -95,6 +95,9 @@ list."\r
+> > (goto-char (point-min))\r
+> > (setq headers (mail-header-extract)))))\r
+> > (forward-line 1)\r
+> > + ;; Original message may contain (malicious) MML tags. We must\r
+> > + ;; properly quote them in the reply.\r
+> > + (mml-quote-region (point) (point-max))\r
+>\r
+> Under what circumstances can the (re-search-forward "^$" nil t) above\r
+> this code fail? If it does fail, is it possible for the (forward-line 1)\r
+> to move past an adversary-controlled line of text and fail to quote that\r
+> line?\r
+\r
+It doesn't matter. The quoting is done between point and point-max, and the\r
+message body to cite is extracted right after quoting using: (setq body\r
+(buffer-substring (point) (point-max)))).\r
+\r
+BR,\r
+Jani.\r
+\r
+--e89a8ff2437db686d604bb424428\r
+Content-Type: text/html; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+<p><br>\r
+On Mar 15, 2012 12:08 AM, "Austin Clements" <<a href=3D"mailto=\r
+:amdragon@mit.edu">amdragon@mit.edu</a>> wrote:<br>\r
+><br>\r
+> On Sun, =C2=A04 Mar 2012 10:25:38 +0200, Jani Nikula <<a href=3D"ma=\r
+ilto:jani@nikula.org">jani@nikula.org</a>> wrote:<br>\r
+> > The reply MML quoting added in commit ae438cc unintentionally MML=\r
+<br>\r
+> > quotes also the signature/encryption MML tags added via<br>\r
+> > message-setup-hook, causing the reply not to be signed/encrypted.=\r
+<br>\r
+> ><br>\r
+> > MML quote just the original message in the temp buffer before<br>\r
+> > inserting it to the message buffer, to not interfere with message=\r
+ mode<br>\r
+> > hooks or message construction in general.<br>\r
+> ><br>\r
+> > See [1] and [2] for bug reports.<br>\r
+> ><br>\r
+> > Thanks to Tim Bielawa <<a href=3D"mailto:tbielawa@redhat.com">=\r
+tbielawa@redhat.com</a>> for testing.<br>\r
+> ><br>\r
+> > [1] id:"<a href=3D"mailto:87hay78x6l.fsf@wyzanski.jamesvasil=\r
+e.com">87hay78x6l.fsf@wyzanski.jamesvasile.com</a>"<br>\r
+> > [2] id:"<a href=3D"mailto:1330812262-28272-1-git-send-email-=\r
+tbielawa@redhat.com">1330812262-28272-1-git-send-email-tbielawa@redhat.com<=\r
+/a>".<br>\r
+> ><br>\r
+> > Signed-off-by: Jani Nikula <<a href=3D"mailto:jani@nikula.org"=\r
+>jani@nikula.org</a>><br>\r
+> > ---<br>\r
+> > =C2=A0emacs/notmuch-mua.el | =C2=A0 10 ++++------<br>\r
+> > =C2=A01 files changed, 4 insertions(+), 6 deletions(-)<br>\r
+> ><br>\r
+> > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el<br>\r
+> > index 4be7c13..13244eb 100644<br>\r
+> > --- a/emacs/notmuch-mua.el<br>\r
+> > +++ b/emacs/notmuch-mua.el<br>\r
+> > @@ -95,6 +95,9 @@ list."<br>\r
+> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (goto-char (point-min))=\r
+<br>\r
+> > =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 (setq headers (mail-hea=\r
+der-extract)))))<br>\r
+> > =C2=A0 =C2=A0 =C2=A0 =C2=A0(forward-line 1)<br>\r
+> > + =C2=A0 =C2=A0 =C2=A0;; Original message may contain (malicious)=\r
+ MML tags. We must<br>\r
+> > + =C2=A0 =C2=A0 =C2=A0;; properly quote them in the reply.<br>\r
+> > + =C2=A0 =C2=A0 =C2=A0(mml-quote-region (point) (point-max))<br>\r
+><br>\r
+> Under what circumstances can the (re-search-forward "^$" nil=\r
+ t) above<br>\r
+> this code fail? =C2=A0If it does fail, is it possible for the (forward=\r
+-line 1)<br>\r
+> to move past an adversary-controlled line of text and fail to quote th=\r
+at<br>\r
+> line?</p>\r
+<p>It doesn't matter. The quoting is done between point and point-max, =\r
+and the message body to cite is extracted right after quoting using: (setq =\r
+body (buffer-substring (point) (point-max)))).</p>\r
+<p>BR,<br>\r
+Jani.<br>\r
+</p>\r
+\r
+--e89a8ff2437db686d604bb424428--\r
projects / notmuch-archives.git / commitdiff