[PATCH v4] git-send-email: Use sanitized address when reading mbox body

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Addresses that are mentioned on the trailers in the commit log
('Signed-off-by: ' etc.) are added to @cc (unless suppressed),
passed to the SMTP server. However, these hand-written
addresses may be malformed (e.g. having unquoted commas and
other punctuation marks in the display-name part).

The code was already calling `sanitize_address()` for suppression
purposes, so we just have to use the result ($sc) for adding to @cc.

Note that sanitization is only done for the message body, as
`git format-patch` already RFC 2047-encodes mbox headers, so
those are generally trusted to be sane. Also note that
`sanitize_address()` does not process the mailbox addresses,
so it is up to `sendmail` to handle special characters there
(e.g. there are mailboxes in regular use with '+'-es in them).

Signed-off-by: Csókás, Bence <csokas.bence@xxxxxxxxx>
---

Notes:
    Changes in v4:
    * t9001: use ${SQ} instead of double quotes
    * re-worded message again
    Changes in v3:
    * more testcases
    * clarified wording in message
    Changes in v2:
    * added testcase to t9001
    * added rationale behind trusting mbox headers and the address-parts

 git-send-email.perl   |  4 ++--
 t/t9001-send-email.sh | 43 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 45 insertions(+), 2 deletions(-)

diff --git a/git-send-email.perl b/git-send-email.perl
index f0be4b4560..72044e5ef3 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -1847,9 +1847,9 @@ sub pre_process_file {
 					$what, $_) unless $quiet;
 				next;
 			}
-			push @cc, $c;
+			push @cc, $sc;
 			printf(__("(body) Adding cc: %s from line '%s'\n"),
-				$c, $_) unless $quiet;
+				$sc, $_) unless $quiet;
 		}
 	}
 	close $fh;
diff --git a/t/t9001-send-email.sh b/t/t9001-send-email.sh
index 58699f8e4e..64a4ab3736 100755
--- a/t/t9001-send-email.sh
+++ b/t/t9001-send-email.sh
@@ -1299,6 +1299,49 @@ test_expect_success $PREREQ 'utf8 sender is not duplicated' '
 	test_line_count = 1 msgfrom
 '
 
+test_expect_success $PREREQ 'setup expect for cc list' "
+cat >expected-cc <<\EOF
+!recipient@xxxxxxxxxxx!
+!author@xxxxxxxxxxx!
+!one@xxxxxxxxxxx!
+!os@xxxxxxxxxxx!
+!odd_?=mail@xxxxxxxxxxx!
+!doug@xxxxxxxxxxx!
+!codev@xxxxxxxxxxx!
+!thor.au@xxxxxxxxxxx!
+EOF
+"
+
+test_expect_success $PREREQ 'cc list is sanitized' '
+	clean_fake_sendmail &&
+	test_commit weird_cc_body &&
+	test_when_finished "git reset --hard HEAD^" &&
+	git commit --amend -F - <<-EOF &&
+	Test Cc: sanitization.
+
+	Cc: Person, One <one@xxxxxxxxxxx>
+	Cc: Ronnie O${SQ}Sullivan <os@xxxxxxxxxxx>
+	Reviewed-by: Füñný Nâmé <odd_?=mail@xxxxxxxxxxx>
+	Reported-by: bugger on Jira
+	Reported-by: Douglas Reporter <doug@xxxxxxxxxxx> [from Jira profile]
+	BugID: 12345
+	Co-developed-by: "C. O. Developer" <codev@xxxxxxxxxxx>
+	Signed-off-by: A. U. Thor <thor.au@xxxxxxxxxxx>
+	EOF
+	git send-email -1 --to=recipient@xxxxxxxxxxx \
+		--smtp-server="$(pwd)/fake.sendmail" >actual-show-all-headers &&
+	test_cmp expected-cc commandline1 &&
+	test_grep "^(body) Adding cc: \"Person, One\" <one@xxxxxxxxxxx>" actual-show-all-headers &&
+	test_grep "^(body) Adding cc: Ronnie O${SQ}Sullivan <os@xxxxxxxxxxx>" actual-show-all-headers &&
+	test_grep "^(body) Adding cc: =?UTF-8?q?F=C3=BC=C3=B1n=C3=BD=20N=C3=A2m=C3=A9?="\
+" <odd_?=mail@xxxxxxxxxxx>" actual-show-all-headers &&
+	test_grep "^(body) Ignoring Reported-by .* bugger on Jira" actual-show-all-headers &&
+	test_grep "^(body) Adding cc: Douglas Reporter <doug@xxxxxxxxxxx>" actual-show-all-headers &&
+	test_grep ! "12345" actual-show-all-headers &&
+	test_grep "^(body) Adding cc: \"C. O. Developer\" <codev@xxxxxxxxxxx>" actual-show-all-headers &&
+	test_grep "^(body) Adding cc: \"A. U. Thor\" <thor.au@xxxxxxxxxxx>" actual-show-all-headers
+'
+
 test_expect_success $PREREQ 'sendemail.composeencoding works' '
 	clean_fake_sendmail &&
 	git config sendemail.composeencoding iso-8859-1 &&
-- 
2.34.1






[Index of Archives]     [Linux Kernel Development]     [Gcc Help]     [IETF Annouce]     [DCCP]     [Netdev]     [Networking]     [Security]     [V4L]     [Bugtraq]     [Yosemite]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux SCSI]     [Fedora Users]

  Powered by Linux