[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#51733: 27.1; Detect impossible email addresses better
From: |
Lars Ingebrigtsen |
Subject: |
bug#51733: 27.1; Detect impossible email addresses better |
Date: |
Wed, 19 Jan 2022 14:31:11 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Eli Zaretskii <eliz@gnu.org> writes:
> I'm not asking to _replace_ RFC2047 support, I'm saying that we should
> also support email addresses that were already decoded, for the use
> cases where that could be more convenient or where the wire level is
> unavailable.
These already exist. The applications can call *-name-suspicious-p
(etc) individually, if they want to.
> Why would you object to extending these functions so that they could
> support decoded email addresses? What harm could that possibly do?
That's the point -- when doing DWIM parsing, the function can't reliably
say whether a string is a suspicious email address, because the attacker
may construct a name part, that when decoded, confuses the address
parser, and thereby escapes domain/local part checking. (Think of
various combinations of names that contain "@" and "," characters.)
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- bug#51733: 27.1; Detect impossible email addresses better, (continued)
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better,
Lars Ingebrigtsen <=
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/18