From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Lars Ingebrigtsen Newsgroups: gmane.emacs.bugs Subject: bug#51733: 27.1; Detect impossible email addresses better Date: Wed, 19 Jan 2022 15:33:54 +0100 Message-ID: <875yqfaj71.fsf@gnus.org> References: <87czn8etuz.7.fsf@jidanni.org> <875yqi5kk7.fsf@gnus.org> <83zgnuuucu.fsf@gnu.org> <83r196uqni.fsf@gnu.org> <87sftm3ye5.fsf@gnus.org> <87iluh4ety.fsf@gnus.org> <87ee55474p.fsf@gnus.org> <87a6ft46mr.fsf@gnus.org> <874k6146ay.fsf@gnus.org> <87zgnt2qz9.fsf@gnus.org> <87v8yh2ot4.fsf@gnus.org> <87r1952omd.fsf@gnus.org> <831r14vq70.fsf@gnu.org> <8735lkdqll.fsf@gnus.org> <834k60t03u.fsf@gnu.org> <87h79zdgxe.fsf@gnus.org> <87o8477spw.fsf@igel.home> <87r193akvf.fsf@gnus.org> <87k0ev7rb6.fsf@igel.home> <87ilufakb1.fsf@gnus.org> <87fspj7qzh.fsf@igel.home> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="34921"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) Cc: 51733@debbugs.gnu.org To: Andreas Schwab Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Wed Jan 19 16:26:58 2022 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nACrS-0008su-8R for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 19 Jan 2022 16:26:58 +0100 Original-Received: from localhost ([::1]:43868 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nACrR-0005mW-Bj for geb-bug-gnu-emacs@m.gmane-mx.org; Wed, 19 Jan 2022 10:26:57 -0500 Original-Received: from eggs.gnu.org ([209.51.188.92]:50440) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nAC3C-0005mx-FA for bug-gnu-emacs@gnu.org; Wed, 19 Jan 2022 09:35:02 -0500 Original-Received: from debbugs.gnu.org ([209.51.188.43]:60499) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nAC3B-00075E-W9 for bug-gnu-emacs@gnu.org; Wed, 19 Jan 2022 09:35:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1nAC3B-0003zh-J7; Wed, 19 Jan 2022 09:35:01 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Lars Ingebrigtsen Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org, bugs@gnus.org Resent-Date: Wed, 19 Jan 2022 14:35:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 51733 X-GNU-PR-Package: emacs,gnus Original-Received: via spool by 51733-submit@debbugs.gnu.org id=B51733.164260285615286 (code B ref 51733); Wed, 19 Jan 2022 14:35:01 +0000 Original-Received: (at 51733) by debbugs.gnu.org; 19 Jan 2022 14:34:16 +0000 Original-Received: from localhost ([127.0.0.1]:53401 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAC2N-0003yO-AO for submit@debbugs.gnu.org; Wed, 19 Jan 2022 09:34:16 -0500 Original-Received: from quimby.gnus.org ([95.216.78.240]:36098) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nAC2J-0003xy-12 for 51733@debbugs.gnu.org; Wed, 19 Jan 2022 09:34:09 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org; s=20200322; h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date: References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=mXSxiLlfsc5CvMXeYO1Ij3mFcZQHrLJ0/PLPENp02WY=; b=IfJgrM+SUWlxFNtFzQcBFwPCkb RrPKcOk7lLJL5LoAbJsV2/Y0dz7b1jN/M/9qd2wrGB3FsP2FDZ7WE2xvciI/uuwDH2e8h287KT/kA hzNc9kuZt95MQzVr704m/Ez141AGHNBpmyTDAyqIlrKtD5s5n5MtfeoiW7fxA1GZWWRY=; Original-Received: from [84.212.220.105] (helo=giant) by quimby.gnus.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nAC29-0003di-Qd; Wed, 19 Jan 2022 15:34:00 +0100 Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAABGdBTUEAALGPC/xhBQAAACBj SFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAAGFBMVEU5MEFBV5OSe3mv S0jgzsGgFi/fqD3////on9Q6AAAAAWJLR0QHFmGI6wAAAAd0SU1FB+YBEw4XJq4Vr58AAAGpSURB VDjLjZBRcuMwCIbJDexMD1Bh9T1jojx3VDYHWC0ncKv7H6GAZDvO5GEZjwX6gB8BoDaOo/82G6DZ ycDpAcB/gbXJExhgzT0dNR6aPIB2d+7g9Awc9Xo9Btja9hesUXff9QgjvndFSxs2vXAOoYNhBxcA HMM+915xAQxhn3tdYIDjHjXIA5wx5gMICt6YESPzZKqI7UHhDKPeMdtPq9As5vCGEZA9dOyeJzGD NXLSkFXmDjhHhTTHBlDrKG7gQoQO9DpONHfwpS6ZjgItmaREB5gceIVWZxKJoGk40UT6NY2MUxK5 wtVdooJz18hURAhsbPWp0LyOSyTXP5CvNvVESWzeT9bna6f4AdgBzdNsW+CsEgUTxHh3ELVdW8Yk 8hd7he2EpHgxk4EE6V/lip7n8vwlIoUEaq33Wpk/hBLpyT/iZqDWb+ZUVNO8A6h8T6UImbuDxeOk 05tzXzpYrLXaklI5AE0sNwc9o6YGpINKupXbEcgG6PYCqDo9gdZKtV8DkkTuUToCzSxeUZcnoJ3a vLWD0sO6nq6igLaLI+iNX4Am+EhN/RePAOvmkHezkwAAACV0RVh0ZGF0ZTpjcmVhdGUAMjAyMi0w MS0xOVQxNDoyMzozOCswMDowMPx+KhEAAAAldEVYdGRhdGU6bW9kaWZ5ADIwMjItMDEtMTlUMTQ6 MjM6MzgrMDA6MDCNI5KtAAAAAElFTkSuQmCC X-Now-Playing: The Cure's _The Top_: "Wailing wall" In-Reply-To: <87fspj7qzh.fsf@igel.home> (Andreas Schwab's message of "Wed, 19 Jan 2022 15:13:54 +0100") X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane-mx.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.io gmane.emacs.bugs:224612 Archived-At: Andreas Schwab writes: > On Jan 19 2022, Lars Ingebrigtsen wrote: > >> Consider somebody sending you an email containing @", characters in the >> name part, and then you decode the address, and then run the parsing >> function. The attacker would then have a wide attack surface to trick >> the checker into checking the wrong parts of the address. > > Isn't that the whole point of textsec? It's perfectly valid to have a From: "larsi@example.com" address. It's unambigious, and the responses will go to larsi@other.com. Of course, it's... suspicious... but not on the Unicode level. (I'll also be adding some non-Unicode bits to textsec, like http://other.bar -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no