Re: [PATCH] Fix mml-quoting in responses where pgp-signing is enabled

unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed

From: Tim Bielawa <tbielawa@redhat.com>
To: Jani Nikula <jani@nikula.org>, notmuch@notmuchmail.org
Subject: Re: [PATCH] Fix mml-quoting in responses where pgp-signing is enabled
Date: Sat, 03 Mar 2012 20:12:12 -0500	[thread overview]
Message-ID: <87fwdptbir.fsf@dehydrator.spatula.rdu.redhat.com> (raw)
In-Reply-To: <87ty25fe9u.fsf@nikula.org>

[-- Attachment #1: Type: text/plain, Size: 2802 bytes --]

On Sun, 04 Mar 2012 01:36:29 +0200, Jani Nikula <jani@nikula.org> wrote:
> On Sat,  3 Mar 2012 17:04:22 -0500, Tim Bielawa <tbielawa@redhat.com> wrote:
> > The addition of mml-quote-region (notmuch-mua.el) in 2c6710e3 breaks
> > automatic signing in replies. When replies are mml-quoted and signing
> > is enabled by default the "<#part sign=pgpmime>" string will appear on
> > line 1. This will be consumed during the application of the
> > mml-quote-region function and transform into the inert string
> > "<#!part sign=pgpmime>". The result is that responses will no longer
> > be signed by default.
> > 
> > This fix moves the point forward one line before applying the quoting
> > function.
> > 
> > Consideration: Clients not signing mail by default. The first line of
> > their responses would be skipped when the quoting function is
> > applied. This string takes this general form:
> > 
> >     On Sat, 03 Mar 2012 12:55:14 -0800, notmuch-request@notmuchmail.org wrote:
> > 
> > Because the string is generated by notmuch I don't believe this fix
> > introduces the possibility for malicious mml commands being omitted
> > from the quoting.
> 
> Hmm, would it work to mml quote the reply *before* extracting it from
> the temp buffer, like below? It would handle not mml quoting the user's
> signature too. Completely untested...
> 
> BR,
> Jani.
> 
> 
> diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
> index 4be7c13..13244eb 100644
> --- a/emacs/notmuch-mua.el
> +++ b/emacs/notmuch-mua.el
> @@ -95,6 +95,9 @@ list."
>  	      (goto-char (point-min))
>  	      (setq headers (mail-header-extract)))))
>        (forward-line 1)
> +      ;; Original message may contain (malicious) MML tags. We must
> +      ;; properly quote them in the reply.
> +      (mml-quote-region (point) (point-max))
>        (setq body (buffer-substring (point) (point-max))))
>      ;; If sender is non-nil, set the From: header to its value.
>      (when sender
> @@ -116,12 +119,7 @@ list."
>      (push-mark))
>    (set-buffer-modified-p nil)
>  
> -  (message-goto-body)
> -  ;; Original message may contain (malicious) MML tags.  We must
> -  ;; properly quote them in the reply.  Note that using `point-max'
> -  ;; instead of `mark' here is wrong.  The buffer may include user's
> -  ;; signature which should not be MML-quoted.
> -  (mml-quote-region (point) (mark)))
> +  (message-goto-body))
>  
>  (defun notmuch-mua-forward-message ()
>    (message-forward)

Works great. Passes unit tests. Definitely a better approach than the
original patch.

> Notmuch test suite complete.
> All 381 tests behaved as expected (2 expected failures).

+1 from me (this message replied to and signed using the new patch)

-- 
Tim Bielawa

[-- Attachment #2: Type: application/pgp-signature, Size: 162 bytes --]

next prev parent reply	other threads:[~2012-03-04  1:12 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-03-03 22:04 [PATCH] Fix mml-quoting in responses where pgp-signing is enabled Tim Bielawa
2012-03-03 23:17 ` Tim Bielawa
2012-03-03 23:36 ` Jani Nikula
2012-03-04  1:12   ` Tim Bielawa [this message]
2012-03-04  8:25     ` [PATCH] emacs: fix MML quoting in replies Jani Nikula
2012-03-05  0:41       ` Mark Walters
2012-03-10 14:57       ` Tomi Ollila
2012-03-11  1:50       ` David Bremner
2012-03-14 22:08       ` Austin Clements
2012-03-15  6:33         ` Jani Nikula
  -- strict thread matches above, loose matches on Subject: below --
2012-03-03 23:54 [PATCH] Fix mml-quoting in responses where pgp-signing is enabled Tim Bielawa

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

  List information: https://notmuchmail.org/

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=87fwdptbir.fsf@dehydrator.spatula.rdu.redhat.com \
    --to=tbielawa@redhat.com \
    --cc=jani@nikula.org \
    --cc=notmuch@notmuchmail.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).