From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 67914431FAF for ; Wed, 14 Mar 2012 15:08:11 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fpYRoe7Gsagu for ; Wed, 14 Mar 2012 15:08:10 -0700 (PDT) Received: from dmz-mailsec-scanner-2.mit.edu (DMZ-MAILSEC-SCANNER-2.MIT.EDU [18.9.25.13]) by olra.theworths.org (Postfix) with ESMTP id B4BD4431FAE for ; Wed, 14 Mar 2012 15:08:10 -0700 (PDT) X-AuditID: 1209190d-b7fbf6d0000008ba-19-4f6116c8f306 Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) by dmz-mailsec-scanner-2.mit.edu (Symantec Messaging Gateway) with SMTP id 2C.76.02234.8C6116F4; Wed, 14 Mar 2012 18:08:08 -0400 (EDT) Received: from outgoing.mit.edu (OUTGOING-AUTH.MIT.EDU [18.7.22.103]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id q2EM87P8013018; Wed, 14 Mar 2012 18:08:08 -0400 Received: from awakening.csail.mit.edu (awakening.csail.mit.edu [18.26.4.91]) (authenticated bits=0) (User authenticated as amdragon@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.6/8.12.4) with ESMTP id q2EM85X9029698 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Wed, 14 Mar 2012 18:08:06 -0400 (EDT) Received: from amthrax by awakening.csail.mit.edu with local (Exim 4.77) (envelope-from ) id 1S7wMX-0000rs-O4; Wed, 14 Mar 2012 18:08:05 -0400 From: Austin Clements To: Jani Nikula , notmuch@notmuchmail.org Subject: Re: [PATCH] emacs: fix MML quoting in replies In-Reply-To: <1330849538-24558-1-git-send-email-jani@nikula.org> References: <87fwdptbir.fsf@dehydrator.spatula.rdu.redhat.com> <1330849538-24558-1-git-send-email-jani@nikula.org> User-Agent: Notmuch/0.11.1+252~gdf1a6d5 (http://notmuchmail.org) Emacs/23.3.1 (i486-pc-linux-gnu) Date: Wed, 14 Mar 2012 18:08:05 -0400 Message-ID: <87k42momyi.fsf@awakening.csail.mit.edu> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrAIsWRmVeSWpSXmKPExsUixCmqrXtCLNHfYNU3LYum6c4W12/OZHZg 8rh1/zW7x7NVt5gDmKK4bFJSczLLUov07RK4Mpbe6GUsaOCpePVpLlsD40XOLkZODgkBE4mv q6+xQdhiEhfurQeyuTiEBPYxShxc8QrK2cAo8WT/elYI5ySTxJIpj6AySxglnj6/xQzSzyag IbFt/3JGEFtEwEri3MPXLCC2sICZxKrmw0wgNqeAg8TLXZuBajiAmoskNu4UAQmLCiRKrO+8 D1bCIqAqMfvIbLCRvEDnTT9xhBXCFpQ4OfMJ2EhmAS2JG/9eMk1gFJiFJDULSWoBI9MqRtmU 3Crd3MTMnOLUZN3i5MS8vNQiXSO93MwSvdSU0k2M4ICU5N3B+O6g0iFGAQ5GJR7erPp4fyHW xLLiytxDjJIcTEqivL1cif5CfEn5KZUZicUZ8UWlOanFhxglOJiVRHhNQXK8KYmVValF+TAp aQ4WJXFeVa13fkIC6YklqdmpqQWpRTBZGQ4OJQneBlGgRsGi1PTUirTMnBKENBMHJ8hwHqDh fCIgw4sLEnOLM9Mh8qcYFaXEeXmBMS8kAJLIKM2D64UljFeM4kCvCPO+EAaq4gEmG7juV0CD mYAGl3yLAxlckoiQkmpgTAvxD/wSciYw/Jtze2GmisCmlmdZPDNz7169r+a/bNXlFt8mG1eL I98Yl8t+7Vy6+5ef/8UXmQv5RVokgpMr+aclMe0Iuac1I2nJcoHuGQzlcWkrP66ocbENv/5c 6m3VooWpT1/oW3/eG3Bcaa6a9O4n6YqObjsefxD0eCgtGSjxzXDBpsVvlViKMxINtZiLihMB umAkEPMCAAA= X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 22:08:11 -0000 On Sun, 4 Mar 2012 10:25:38 +0200, Jani Nikula wrote: > The reply MML quoting added in commit ae438cc unintentionally MML > quotes also the signature/encryption MML tags added via > message-setup-hook, causing the reply not to be signed/encrypted. > > MML quote just the original message in the temp buffer before > inserting it to the message buffer, to not interfere with message mode > hooks or message construction in general. > > See [1] and [2] for bug reports. > > Thanks to Tim Bielawa for testing. > > [1] id:"87hay78x6l.fsf@wyzanski.jamesvasile.com" > [2] id:"1330812262-28272-1-git-send-email-tbielawa@redhat.com". > > Signed-off-by: Jani Nikula > --- > emacs/notmuch-mua.el | 10 ++++------ > 1 files changed, 4 insertions(+), 6 deletions(-) > > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el > index 4be7c13..13244eb 100644 > --- a/emacs/notmuch-mua.el > +++ b/emacs/notmuch-mua.el > @@ -95,6 +95,9 @@ list." > (goto-char (point-min)) > (setq headers (mail-header-extract))))) > (forward-line 1) > + ;; Original message may contain (malicious) MML tags. We must > + ;; properly quote them in the reply. > + (mml-quote-region (point) (point-max)) Under what circumstances can the (re-search-forward "^$" nil t) above this code fail? If it does fail, is it possible for the (forward-line 1) to move past an adversary-controlled line of text and fail to quote that line?