[PATCH] emacs: mua: check for misplaced secure mml tags

[PATCH] emacs: mua: check for misplaced secure mml tags

[Mark Walters]

Emacs message-send seems to ignore a secure mml tag anywhere except at
the start of the body. Since this is almost certainly not desired we
check for it, and require user confirmation before sending.

As the setup before message-send or message-send-and-exit is getting
more complicated it is convenient to unify the two correspoinding
notmuch functions.
---

In id:87d1kazlof.fsf@zancas.localnet bremner pointed out there are
some oddities in message mode's handling of the mml secure tag -- that
is ignored if it is not at the start of the body. This definitely
causes a problem with the postpone/resume patch, but could also cause
a problem in normal use.

Since accidentally sending a message unencrypted is rather bad we
check for it. This might also mean that the current postpone/resume
code (which works in many cases) might be useable until a full
solution is found.

Best wishes

Mark


emacs/notmuch-mua.el | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 55bc267..aeb60e2 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -490,15 +490,38 @@ will be addressed to all recipients of the source message."
     (notmuch-mua-reply query-string sender reply-all)
     (deactivate-mark)))
 
+(defun notmuch-mua-misplaced-secure-tag ()
+  "Return t if there is a misplaced secure mml tag.
+
+Emacs message-send will (probably) ignore a secure mml tag
+anywhere except at the start of the body. Since this is almost
+certainly not desired we check for it -- this function returns
+non-nil if there is such a tag."
+  (save-excursion
+    (message-goto-body)
+    (unless (eobp)
+      (forward-char)
+      (search-forward "<#secure" nil 't))))
+
+(defun notmuch-mua-send-common (arg &optional exit)
+  (interactive "P")
+  (letf (((symbol-function 'message-do-fcc) #'notmuch-maildir-message-do-fcc))
+	(when (or (not (notmuch-mua-misplaced-secure-tag))
+		  (yes-or-no-p "\
+There is a <#secure> tag not at the start of the body. It is
+likely that the message will be sent unsigned and unencrypted.
+Really send? "))
+	  (if exit
+	      (message-send-and-exit arg)
+	    (message-send arg)))))
+
 (defun notmuch-mua-send-and-exit (&optional arg)
   (interactive "P")
-  (letf (((symbol-function 'message-do-fcc) #'notmuch-maildir-message-do-fcc))
-	(message-send-and-exit arg)))
+  (notmuch-mua-send-common arg 't))
 
 (defun notmuch-mua-send (&optional arg)
   (interactive "P")
-  (letf (((symbol-function 'message-do-fcc) #'notmuch-maildir-message-do-fcc))
-	(message-send arg)))
+  (notmuch-mua-send-common arg))
 
 (defun notmuch-mua-kill-buffer ()
   (interactive)
-- 
2.1.4

Re: [PATCH] emacs: mua: check for misplaced secure mml tags

[David Bremner]

Mark Walters <markwalters1009@gmail.com> writes:

> Emacs message-send seems to ignore a secure mml tag anywhere except at
> the start of the body. Since this is almost certainly not desired we
> check for it, and require user confirmation before sending.
>
> As the setup before message-send or message-send-and-exit is getting
> more complicated it is convenient to unify the two correspoinding
> notmuch functions.

A related question, is people corrupting the #secure tag. I think
someone(tm) still needs to ask upstream for a strict mode that errors on
any unrecognized tag. I'm not sure if there is any easy workaround at
the notmuch level.

d