From: Lars Ingebrigtsen <larsi@gnus.org>
To: Andreas Schwab <schwab@linux-m68k.org>
Cc: 51733@debbugs.gnu.org
Subject: bug#51733: 27.1; Detect impossible email addresses better
Date: Wed, 19 Jan 2022 15:09:54 +0100 [thread overview]
Message-ID: <87ilufakb1.fsf@gnus.org> (raw)
In-Reply-To: <87k0ev7rb6.fsf@igel.home> (Andreas Schwab's message of "Wed, 19 Jan 2022 15:06:53 +0100")
Andreas Schwab <schwab@linux-m68k.org> writes:
> The why not allow to run the textsec on the decoded header directly?
Consider somebody sending you an email containing @", characters in the
name part, and then you decode the address, and then run the parsing
function. The attacker would then have a wide attack surface to trick
the checker into checking the wrong parts of the address.
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
next prev parent reply other threads:[~2022-01-19 14:09 UTC|newest]
Thread overview: 123+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-10 0:29 bug#51733: 27.1; Detect impossible email addresses better 積丹尼 Dan Jacobson
2021-11-10 0:42 ` Lars Ingebrigtsen
2021-11-10 3:34 ` Eli Zaretskii
2021-11-10 4:44 ` Lars Ingebrigtsen
2021-11-10 13:39 ` Eli Zaretskii
2021-11-11 2:52 ` Lars Ingebrigtsen
2021-11-11 7:01 ` Eli Zaretskii
2021-11-11 7:31 ` Lars Ingebrigtsen
2022-01-16 15:47 ` Lars Ingebrigtsen
2022-01-16 16:03 ` Eli Zaretskii
2022-01-16 16:09 ` Lars Ingebrigtsen
2022-01-16 16:14 ` Eli Zaretskii
2022-01-16 16:33 ` Lars Ingebrigtsen
2022-01-16 16:44 ` Eli Zaretskii
2022-01-16 17:03 ` Lars Ingebrigtsen
2022-01-16 17:50 ` Lars Ingebrigtsen
2022-01-16 18:18 ` Eli Zaretskii
2022-01-17 8:59 ` Lars Ingebrigtsen
2022-01-17 10:18 ` Eli Zaretskii
2022-01-17 14:54 ` Lars Ingebrigtsen
2022-01-17 16:47 ` Eli Zaretskii
2022-01-17 17:09 ` Lars Ingebrigtsen
2022-01-17 17:19 ` Eli Zaretskii
2022-01-17 17:26 ` Lars Ingebrigtsen
2022-01-17 17:38 ` Lars Ingebrigtsen
2022-01-17 17:48 ` Eli Zaretskii
2022-01-17 19:08 ` Eli Zaretskii
2022-01-17 20:22 ` Lars Ingebrigtsen
2022-01-18 8:40 ` Lars Ingebrigtsen
2022-01-18 11:26 ` Lars Ingebrigtsen
2022-01-18 11:37 ` Lars Ingebrigtsen
2022-01-18 11:44 ` Lars Ingebrigtsen
2022-01-18 12:00 ` Lars Ingebrigtsen
2022-01-18 12:47 ` Lars Ingebrigtsen
2022-01-18 12:51 ` Lars Ingebrigtsen
2022-01-18 18:44 ` Eli Zaretskii
2022-01-19 9:21 ` Robert Pluim
2022-01-19 9:26 ` Lars Ingebrigtsen
2022-01-19 10:12 ` Robert Pluim
2022-01-19 10:27 ` Lars Ingebrigtsen
2022-01-19 10:42 ` Robert Pluim
2022-01-19 13:46 ` Lars Ingebrigtsen
2022-01-19 17:18 ` Eli Zaretskii
2022-01-20 8:36 ` Lars Ingebrigtsen
2022-01-19 11:53 ` Eli Zaretskii
2022-01-19 12:49 ` Robert Pluim
2022-01-19 12:56 ` Lars Ingebrigtsen
2022-01-19 13:00 ` Lars Ingebrigtsen
2022-01-19 13:03 ` Eli Zaretskii
2022-01-19 12:58 ` Eli Zaretskii
2022-01-19 13:02 ` Lars Ingebrigtsen
2022-01-19 13:06 ` Eli Zaretskii
2022-01-19 13:10 ` Lars Ingebrigtsen
2022-01-19 13:21 ` Eli Zaretskii
2022-01-19 13:25 ` Lars Ingebrigtsen
2022-01-19 13:28 ` Eli Zaretskii
2022-01-19 13:39 ` Robert Pluĭm
2022-01-19 14:00 ` Lars Ingebrigtsen
2022-01-19 14:10 ` Robert Pluĭm
2022-01-19 14:24 ` Lars Ingebrigtsen
2022-01-19 14:30 ` Robert Pluim
2022-01-19 14:36 ` Lars Ingebrigtsen
2022-01-19 14:43 ` Robert Pluim
2022-01-19 16:08 ` Andreas Schwab
2022-01-19 16:47 ` Robert Pluim
2022-01-19 16:51 ` Lars Ingebrigtsen
2022-01-19 16:57 ` Robert Pluim
2022-01-19 9:25 ` Lars Ingebrigtsen
2022-01-19 11:51 ` Eli Zaretskii
2022-01-19 12:54 ` Lars Ingebrigtsen
2022-01-19 13:01 ` Eli Zaretskii
2022-01-19 13:06 ` Lars Ingebrigtsen
2022-01-19 13:11 ` Eli Zaretskii
2022-01-19 13:16 ` Lars Ingebrigtsen
2022-01-19 13:25 ` Eli Zaretskii
2022-01-19 13:31 ` Lars Ingebrigtsen
2022-01-19 13:35 ` Eli Zaretskii
2022-01-19 13:36 ` Andreas Schwab
2022-01-19 13:57 ` Lars Ingebrigtsen
2022-01-19 14:06 ` Andreas Schwab
2022-01-19 14:09 ` Lars Ingebrigtsen [this message]
2022-01-19 14:13 ` Andreas Schwab
2022-01-19 14:33 ` Lars Ingebrigtsen
2022-01-19 14:39 ` Andreas Schwab
2022-01-19 14:44 ` Lars Ingebrigtsen
2022-01-18 18:48 ` Eli Zaretskii
2022-01-18 20:15 ` Eli Zaretskii
2022-01-18 20:31 ` Eli Zaretskii
2022-01-19 13:38 ` Lars Ingebrigtsen
2022-01-18 15:05 ` Eli Zaretskii
2022-01-19 12:49 ` Michael Albinus
2022-01-19 12:59 ` Eli Zaretskii
2022-01-19 13:35 ` Lars Ingebrigtsen
2022-01-18 14:59 ` Eli Zaretskii
2022-01-19 13:56 ` Lars Ingebrigtsen
2022-01-18 14:55 ` Eli Zaretskii
2022-01-19 13:55 ` Lars Ingebrigtsen
2022-01-19 14:14 ` Eli Zaretskii
2022-01-19 14:28 ` Lars Ingebrigtsen
2022-01-19 14:57 ` Eli Zaretskii
2022-01-19 15:45 ` Lars Ingebrigtsen
2022-01-19 16:58 ` Eli Zaretskii
2022-01-19 18:25 ` Lars Ingebrigtsen
2022-01-17 17:42 ` Eli Zaretskii
2022-01-17 17:46 ` Lars Ingebrigtsen
2022-01-17 15:22 ` Eli Zaretskii
2022-01-17 15:25 ` Lars Ingebrigtsen
2022-01-17 15:53 ` Lars Ingebrigtsen
2022-01-17 16:31 ` Lars Ingebrigtsen
2022-01-17 16:52 ` Eli Zaretskii
2022-01-17 16:57 ` Lars Ingebrigtsen
2022-01-17 17:02 ` Eli Zaretskii
2022-01-17 17:04 ` Lars Ingebrigtsen
2022-01-16 18:14 ` Eli Zaretskii
2022-01-16 18:24 ` Eli Zaretskii
2022-01-16 18:34 ` Andreas Schwab
2022-01-16 18:44 ` Eli Zaretskii
2022-01-16 17:53 ` Achim Gratz
2022-01-17 17:13 ` Lars Ingebrigtsen
2022-01-17 17:43 ` 積丹尼 Dan Jacobson
2022-01-17 19:06 ` Eli Zaretskii
2022-01-20 8:57 ` Lars Ingebrigtsen
2022-01-20 15:25 ` 積丹尼 Dan Jacobson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://www.gnu.org/software/emacs/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87ilufakb1.fsf@gnus.org \
--to=larsi@gnus.org \
--cc=51733@debbugs.gnu.org \
--cc=schwab@linux-m68k.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.savannah.gnu.org/cgit/emacs.git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).