In general, I don't think the question is easy to answer.
What if an attacker, or mistake, moves the divider
between the display name and angle address? And it's
even more complicated because an "address" can be an nmh
alias.
I am trying to envision this attack you describe, and I am
having a hard time.
There's a difference between "having a hard time" and
"knowing that it cannot possibly happen". You may be right,
but I'd like to see a stronger statement. If there's some
doubt, then I don't think it's worth the risk. This
shouldn't occur often, and I don't see any problem with
letting the user deal with it.
Secondly ... I am actually skeptical that this could even be
considered an attack vector. Assuming no buffer overflows,
what, exactly, would an attacker be trying to accomplish?
I don't see what buffer overflows have to do with anything
here, not all attacks require them. And motivations are of
no concern to me: if it can happen and it's undesired
behavior, we've done something wrong. Even if it can happen
by mistake. And if it can happen by mistake, it can happen
with intent.
An "attack" doesn't have to be malicious, it can be
user/programmer/whoever error.
My concern is that something like boss=?utf8?Q?=2cX=excluded,
where X is a invalid UTF byte, will get converted to
boss=?utf8?Q?=2c?=excluded, which is a legal encoding of
boss,excluded. If you can guarantee that kind of thing won't
ever happen in an nmh draft, great.
David
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers