From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Konstantin Kliakhandler Newsgroups: gmane.emacs.bugs Subject: bug#23759: 25.1.50; 25.1.50; open-tls-stream creates malformed gnutls-cli command if trusted cert files don't exist Date: Fri, 8 Jul 2016 01:40:13 +0300 Message-ID: References: <87y46ahz23.fsf@gmail.com> <87wpl0gnjf.fsf@lifelogs.com> <87k2gzhjjc.fsf_-_@lifelogs.com> <8760shcr2o.fsf@lifelogs.com> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/alternative; boundary=e89a8f83a483bd7a950537135fea X-Trace: ger.gmane.org 1467931284 655 80.91.229.3 (7 Jul 2016 22:41:24 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 7 Jul 2016 22:41:24 +0000 (UTC) Cc: 23759@debbugs.gnu.org To: Ted Zlatanov , Noam Postavsky Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Fri Jul 08 00:41:14 2016 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1bLHyr-0002gZ-JH for geb-bug-gnu-emacs@m.gmane.org; Fri, 08 Jul 2016 00:41:13 +0200 Original-Received: from localhost ([::1]:42618 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bLHyq-0000oR-Op for geb-bug-gnu-emacs@m.gmane.org; Thu, 07 Jul 2016 18:41:12 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:58558) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bLHyk-0000fm-Ie for bug-gnu-emacs@gnu.org; Thu, 07 Jul 2016 18:41:07 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bLHyg-0003Xn-BV for bug-gnu-emacs@gnu.org; Thu, 07 Jul 2016 18:41:05 -0400 Original-Received: from debbugs.gnu.org ([208.118.235.43]:57506) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bLHyg-0003Xj-6S for bug-gnu-emacs@gnu.org; Thu, 07 Jul 2016 18:41:02 -0400 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1bLHyf-0007lq-QQ for bug-gnu-emacs@gnu.org; Thu, 07 Jul 2016 18:41:01 -0400 X-Loop: help-debbugs@gnu.org Resent-From: Konstantin Kliakhandler Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org Resent-Date: Thu, 07 Jul 2016 22:41:01 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 23759 X-GNU-PR-Package: emacs X-GNU-PR-Keywords: security Original-Received: via spool by 23759-submit@debbugs.gnu.org id=B23759.146793124129830 (code B ref 23759); Thu, 07 Jul 2016 22:41:01 +0000 Original-Received: (at 23759) by debbugs.gnu.org; 7 Jul 2016 22:40:41 +0000 Original-Received: from localhost ([127.0.0.1]:41610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLHyK-0007l4-VZ for submit@debbugs.gnu.org; Thu, 07 Jul 2016 18:40:41 -0400 Original-Received: from mail-wm0-f54.google.com ([74.125.82.54]:36982) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1bLHyJ-0007kp-JE for 23759@debbugs.gnu.org; Thu, 07 Jul 2016 18:40:40 -0400 Original-Received: by mail-wm0-f54.google.com with SMTP id k123so7782821wme.0 for <23759@debbugs.gnu.org>; Thu, 07 Jul 2016 15:40:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=slumpy-org.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=VQ42Vf1fFsN5AcHFOq18wJ+iCJfQyvjtwWIauSUmHyw=; b=JCZw70Jslku66/xgxj/XTZhr57d6GlFOe1VWUEkivlGuXmNOtblkIxCDNXPhtkPJCP Q7Gy3po4txvaNNgsfFMPzH29sztjTcxR5DPTNVyeAGGU0h1HyvQoBVzv6zkfqhcmqXi+ ZbWgmExypSV/7eHNb415iLL9sgD62EGLbR51LZ79fVDbrnpf3gMFKj2qrRPBOuVIsAqz ILHCq8g5w1i1R3RN51CENdd5YKQ8CeHRYPQNNqumgzIFgj4mF0pyIsZvtpppm9mODwHG vZXgd3KtPQG+y9s9Iq9J/bumYY8C3MBiFVsMd1twTDxxwksP8l28zTjj+aewQ1zqN1Nz 0M5A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=VQ42Vf1fFsN5AcHFOq18wJ+iCJfQyvjtwWIauSUmHyw=; b=d6btdtwR6WDXet9/XUICFjvr2bIy3kRrVhkOIVSUbX8P1YPCLcDKZHz/h5+HuyQ3BB KmUMAYU5IZWRzhYm4Iv34uFsF0FNPOn1B/xXzNrVhNqNgw5XuPtvYui4dSM0uG/1VnyP XU7/MJu3bAve+SIB7cM0WsnjBO1ecPRQwWoyFMlJgrHKR6N7ubJjzhx+pgt8CCQ/Or74 1AZq6357o/4kD2h9zaTxHCnHsOYSGgv2ws07CN93WTL/pVQyZoplrVvIwn0ChoZ3t6dW Yj2IERSdaFnzBpCDbeojZlQq3GsLRvhxWigAHvqDYWtjnYsXKnQhjQlNGs4RQe7+XiNr jfwQ== X-Gm-Message-State: ALyK8tJ9gP2aAjU15AIKSheuBHCdX8lHMSGBmDrJrNhM0F01VZDsfgIj1H+QslNRFDB90D/YlwTXwaSicIYVHQ7K X-Received: by 10.194.126.131 with SMTP id my3mr2147836wjb.19.1467931233701; Thu, 07 Jul 2016 15:40:33 -0700 (PDT) Original-Received: by 10.28.99.214 with HTTP; Thu, 7 Jul 2016 15:40:13 -0700 (PDT) In-Reply-To: <8760shcr2o.fsf@lifelogs.com> X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: "bug-gnu-emacs" Xref: news.gmane.org gmane.emacs.bugs:120609 Archived-At: --e89a8f83a483bd7a950537135fea Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Hello Ted, Sorry, I saw the message but didn't get a chance to act on it. Writing a joking remark on a mobile phone takes much less time and effort... Anyway, T> Perhaps there can be a way to say T> "if this %t is empty, remove the preceding --argument as well" T> in the format string? That would simplify the whole thing, like so: T> "gnutls-cli --x509cafile %T -p %p %h" T> ...becomes "gnutls-cli -p PORT HOST" T> when the %T parameter is nil. Just an idea... I toyed with this idea, and even implemented something of the sort, but from a bit different different direction - I added another replacement variable - %c - and made the list tls-program now contain pairs with (string . value-of-c), e.g. ("gnutls-cli %c %T -p %p %h" . "--x509cafile") have both %c and %T replaced (together) as appropriate. The problem with this approach is, what about people who customized this setting? So, I made it backward compatible with the old standard. Eventually however, it turned into a an ugly big mess due to the backward compatability and I decided against submitting. There is a similar problem of backward compatibility in your approach - what if someone customized it in such a way that wasn't expecting an argument to be removed, and it would create a vulnerability in their setup? I also don't see a simple way to do it nicely, but have no objections on those grounds, of course. Finally, I would do the patch but am uncertain whether it would be better to wait for your results from emacs-devel and remove the ssl3 bit as well (or just go ahead and do it). Let me know and I'll send the appropriate patch. Best, Kosta --=20 Konstantin Kliakhandler http://slumpy.org )=C2=B0) )=C2=B0( (=C2=B0( On Thu, 7 Jul 2016 at 20:10 Ted Zlatanov wrote: > Kosta: ping, I noted some minor needed improvements in my last message, > maybe you missed it... Thanks! > > Ted > --e89a8f83a483bd7a950537135fea Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hello Ted,

Sorry, I saw the message but= didn't get a chance to act on it. Writing a joking remark on a mobile = phone takes much less time and effort...

Anyway,= =C2=A0

T= > Perhaps there can be a way to say=C2=A0
T> "if this=C2=A0%t is empty, remove the preceding --argument= as well"
T= > =C2=A0in the format=C2=A0string? That would simplify the whole thing, like so:

T> "gnutls-cli --x509cafile %= T -p %p %h"

T>= ...becomes "gnutls-cli -p PORT HOST"=C2=A0
T> when the %T parameter is nil. J= ust=C2=A0an idea...=

I toyed with this idea, and eve= n implemented something of the sort, but from a bit different different dir= ection - I added another replacement variable - %c - and made the list tls-= program now contain pairs with (string . value-of-c), e.g. ("gnutls-cli %c %T -p %p %h" . "--= x509cafile") have both %c and %T replaced (together) as appropriate.= =C2=A0

The problem with thi= s approach is, what about people who customized this setting? So, I made it= backward compatible with the old standard. Eventually however, it turned i= nto a an ugly big mess due to the backward compatability and I decided agai= nst submitting.=C2=A0

There= is a similar problem of backward compatibility in your approach - what if = someone customized it in such a way that wasn't expecting an argument t= o be removed, and it would create a vulnerability in their setup? I also do= n't see a simple way to do it nicely, but have no objections on those g= rounds, of course.

Finally,= I would do the patch but am uncertain whether it would be better to wait f= or your results from emacs-devel and remove the ssl3 bit as well (or just g= o ahead and do it). Let me know and I'll send the appropriate patch.

<= div>Best,
Kosta

--=C2=A0
Konsta= ntin Kliakhandler
=C2=A0 =C2=A0 http://slumpy.org
=C2=A0 =C2=A0 =C2=A0 =C2=A0=C2=A0=C2=A0 )= =C2=B0) )=C2=B0( (=C2=B0(

On Thu, 7 Jul 201= 6 at 20:10 Ted Zlatanov <tzz@lifelogs.com> wrote:
Kosta: pin= g, I noted some minor needed improvements in my last message,
maybe you missed it... Thanks!

Ted
--e89a8f83a483bd7a950537135fea--