bug#51733: 27.1; Detect impossible email addresses better

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51733: 27.1; Detect impossible email addresses better

From:	Lars Ingebrigtsen
Subject:	bug#51733: 27.1; Detect impossible email addresses better
Date:	Wed, 19 Jan 2022 15:09:54 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux)

Andreas Schwab <schwab@linux-m68k.org> writes:

> The why not allow to run the textsec on the decoded header directly?

Consider somebody sending you an email containing @", characters in the
name part, and then you decode the address, and then run the parsing
function.  The attacker would then have a wide attack surface to trick
the checker into checking the wrong parts of the address.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

[Prev in Thread]

Current Thread

[Next in Thread]

bug#51733: 27.1; Detect impossible email addresses better, (continued)

Prev by Date: bug#51733: 27.1; Detect impossible email addresses better
Next by Date: bug#51733: 27.1; Detect impossible email addresses better
Previous by thread: bug#51733: 27.1; Detect impossible email addresses better
Next by thread: bug#51733: 27.1; Detect impossible email addresses better
Index(es):
- Date
- Thread