From: Aaron Ecay <aaronecay@gmail.com>
To: notmuch@notmuchmail.org
Subject: [PATCH 2/2] emacs: Quote MML tags in replies
Date: Sun, 29 Jan 2012 01:07:08 -0500 [thread overview]
Message-ID: <1327817229-18124-2-git-send-email-aaronecay@gmail.com> (raw)
In-Reply-To: <1327817229-18124-1-git-send-email-aaronecay@gmail.com>
Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail. If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.
---
NEWS | 18 ++++++++++++++++++
emacs/notmuch-mua.el | 3 ++-
test/emacs | 1 -
3 files changed, 20 insertions(+), 2 deletions(-)
diff --git a/NEWS b/NEWS
index 2acdce5..c8b90c7 100644
--- a/NEWS
+++ b/NEWS
@@ -56,6 +56,24 @@ Compatibility with GMime 2.6
However, a bug in current GMime 2.6 causes notmuch not to report
signatures where the signer key is unavailable (GNOME bug 668085).
+Notmuch 0.11.1 (2012-xx-xx)
+===========================
+
+Emacs Interface
+---------------
+
+Quote MML tags in replies
+
+ MML tags are text codes that Emacs uses to indicate attachments
+ (among other things) in messages being composed. The Emacs
+ interface did not quote MML tags in the quoted text of a reply. If
+ a user could be tricked into replying to a maliciously formatted
+ message and not editing out the MML tags from the quoted text, this
+ could lead to files from the user's machine being attached to the
+ outgoing message. The Emacs interface now quotes these tags in
+ reply text, so that they cannot have an effect on the outgoing
+ message.
+
Notmuch 0.11 (2012-01-13)
=========================
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 023645e..32c376d 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -116,7 +116,8 @@ list."
(push-mark))
(set-buffer-modified-p nil)
- (message-goto-body))
+ (message-goto-body)
+ (mml-quote-region (point) (mark)))
(defun notmuch-mua-forward-message ()
(message-forward)
diff --git a/test/emacs b/test/emacs
index a57513a..affcca4 100755
--- a/test/emacs
+++ b/test/emacs
@@ -274,7 +274,6 @@ EOF
test_expect_equal_file OUTPUT EXPECTED
test_begin_subtest "Quote MML tags on reply"
-test_subtest_known_broken
add_message '[from]="1337 h4xor <test@test.com>"' \
'[to]="Unsuspecting rube <luser@securityhole.com>"' \
'[subject]="hackety hack hack"' \
--
1.7.9
next prev parent reply other threads:[~2012-01-29 6:07 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-19 18:43 [PATCH] emacs: Quote MML tags in replies Aaron Ecay
2012-01-19 22:23 ` Pieter Praet
2012-01-19 22:46 ` Austin Clements
2012-01-19 22:52 ` Aaron Ecay
2012-01-19 23:19 ` Pieter Praet
2012-01-19 22:48 ` Austin Clements
2012-01-19 22:56 ` Aaron Ecay
2012-01-19 23:21 ` Pieter Praet
2012-01-20 3:26 ` Aaron Ecay
2012-01-22 6:39 ` Pieter Praet
2012-01-26 19:16 ` Austin Clements
2012-01-29 6:07 ` [PATCH 1/2] emacs: Add tests for quoting of " Aaron Ecay
2012-01-29 6:07 ` Aaron Ecay [this message]
2012-01-30 8:23 ` [PATCH 2/2] emacs: Quote " Tomi Ollila
2012-01-30 21:15 ` [PATCH 1/2] emacs: Add tests for quoting of " David Bremner
2012-01-20 7:33 ` [PATCH] emacs: Quote " David Edmondson
2012-01-20 12:14 ` David Bremner
2012-02-01 2:49 ` emacs: quote " Dmitry Kurochkin
2012-02-01 2:49 ` [PATCH v3 1/2] test: add tests for quoting of " Dmitry Kurochkin
2012-02-01 13:54 ` [PATCH v4 " Pieter Praet
2012-02-01 20:36 ` [PATCH v5 " Pieter Praet
2012-02-01 2:49 ` [PATCH v3 2/2] emacs: quote " Dmitry Kurochkin
2012-02-01 13:51 ` Pieter Praet
2012-02-01 14:18 ` Dmitry Kurochkin
2012-02-01 20:35 ` Pieter Praet
2012-02-01 20:37 ` [PATCH] test: replace occurrences of $PWD with vars that are more stable Pieter Praet
2012-02-01 23:09 ` Dmitry Kurochkin
2012-02-03 10:20 ` Pieter Praet
2012-02-03 10:28 ` Dmitry Kurochkin
2012-02-25 13:54 ` David Bremner
2012-02-02 4:01 ` David Bremner
2012-02-02 4:01 ` [PATCH v4 1/2] test: add tests for quoting of MML tags in replies David Bremner
2012-02-02 4:01 ` [PATCH v4 2/2] emacs: quote " David Bremner
2012-02-03 10:22 ` Pieter Praet
2012-02-03 10:24 ` [PATCH v6 1/3] test: add tests for quoting of MML tags in replies Pieter Praet
2012-02-03 10:24 ` [PATCH v6 2/3] emacs: quote " Pieter Praet
2012-02-03 10:24 ` [PATCH v6 3/3] post-merge fixes Pieter Praet
2012-02-04 19:05 ` David Bremner
2012-02-03 12:54 ` MML Quoting patches David Bremner
2012-02-03 14:28 ` Pieter Praet
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1327817229-18124-2-git-send-email-aaronecay@gmail.com \
--to=aaronecay@gmail.com \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).