Re: [PATCH resend] git-send-email: Use sanitized address when reading mbox body

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi!

On 6/24/24 17:50, Junio C Hamano wrote:
another sensible choice coming from that "strings on trailers may
not even be addresses" position may be not to add the $c to the Cc:
list, if $sc (the sanitized address) and $c (the original address)
are different.  That is, "the simple regexp check currently used to
trigger 'Ignoring ...' message thought that the string looked like
an address, but when we ask sanitize_address, it turns out that it
was not, really."

Maybe. Though we would need to run through the sanitized address through `unquote_rfc2047()` first. But I don't think it's necessary; if someone feeds us an "unsanitary" address (for instance, there is whitespace between the angle brackets), we should try to make sense of it, and worst case, the SMTP server rejects it, as it does now.

In any case, if we were to move forward with this topic (whether
"send to corrected $sc instead" or "$c is suspicious, do not add it
to $cc" is picked as the direction), the motivation behind the
design decision to treat the address taken from a trailer line
differently needs to be explained better, I think. [...]
Your proposed commit log message is the place to help them.

Okay. So in short, I should add justification for trusting mbox headers and not the message body, correct?

Oh, before I forget, is this something we can test easily in t9001?
We would want to protect a new behaviour from accidental breakage,
so adding a test or two would be a good thing.

Maybe, I'll look into it.

Bence





[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux