There's a difference between "having a hard time" and
"knowing that it cannot possibly happen". You may be right,
but I'd like to see a stronger statement. If there's some
doubt, then I don't think it's worth the risk. This
shouldn't occur often, and I don't see any problem with
letting the user deal with it.
Well, I was trying to be charitable ... but let me say something stronger.
I do not see any way this attack could possibly succeed.
An "attack" doesn't have to be malicious, it can be
user/programmer/whoever error.
I guess in my mind an attack is something that is deliberate and malicious,
but that's just semantics. Moving on ...
My concern is that something like boss=?utf8?Q?=2cX=excluded,
where X is a invalid UTF byte, will get converted to
boss=?utf8?Q?=2c?=excluded, which is a legal encoding of
boss,excluded. If you can guarantee that kind of thing won't
ever happen in an nmh draft, great.
I guess I don't really see why someone would do:
From: boss=?utf8?Q?=2cX=excluded
When they could do:
From: boss=?utf8?Q?=2c?=excluded
Or even:
From: boss, excluded
But if you're concerned about what I have to call a non-problem, there's
an easy solution. Simply don't do %(decode) on address headers in the
replcomps (we don't do this now). That ensures that there's not a problem.
--Ken
_______________________________________________
Nmh-workers mailing list
Nmh-workers(_at_)nongnu(_dot_)org
https://lists.nongnu.org/mailman/listinfo/nmh-workers