bug#51733: 27.1; Detect impossible email addresses better

bug-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#51733: 27.1; Detect impossible email addresses better

From:	Andreas Schwab
Subject:	bug#51733: 27.1; Detect impossible email addresses better
Date:	Wed, 19 Jan 2022 15:39:07 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.0.91 (gnu/linux)

On Jan 19 2022, Lars Ingebrigtsen wrote:

> Andreas Schwab <schwab@linux-m68k.org> writes:
>
>> On Jan 19 2022, Lars Ingebrigtsen wrote:
>>
>>> Consider somebody sending you an email containing @", characters in the
>>> name part, and then you decode the address, and then run the parsing
>>> function.  The attacker would then have a wide attack surface to trick
>>> the checker into checking the wrong parts of the address.
>>
>> Isn't that the whole point of textsec?
>
> It's perfectly valid to have a
>
> From: "larsi@example.com" <larsi@other.com>
>
> address.  It's unambigious, and the responses will go to
> larsi@other.com.

What's your point?

-- 
Andreas Schwab, schwab@linux-m68k.org
GPG Key fingerprint = 7578 EB47 D4E5 4D69 2510  2552 DF73 E780 A9DA AEC1
"And now for something completely different."

[Prev in Thread]

Current Thread

[Next in Thread]

bug#51733: 27.1; Detect impossible email addresses better, (continued)

Prev by Date: bug#51733: 27.1; Detect impossible email addresses better
Next by Date: bug#51733: 27.1; Detect impossible email addresses better
Previous by thread: bug#51733: 27.1; Detect impossible email addresses better
Next by thread: bug#51733: 27.1; Detect impossible email addresses better
Index(es):
- Date
- Thread