GNU bug report logs - #10536
23.3; Make base64-decode more fault tolerant

Previous Next

Package: emacs;

Reported by: Wolfram Gloger <wmglo <at> dent.med.uni-muenchen.de>

Date: Tue, 17 Jan 2012 17:09:02 UTC

Severity: minor

Tags: patch, wontfix

Found in version 23.3

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 10536 <at> debbugs.gnu.org (full text, mbox):

From: Eli Zaretskii <eliz <at> gnu.org>
To: Robert Pluim <rpluim <at> gmail.com>
Cc: 10536 <at> debbugs.gnu.org, larsi <at> gnus.org, wmglo <at> dent.med.uni-muenchen.de
Subject: Re: bug#10536: 23.3; Make base64-decode more fault tolerant
Date: Wed, 18 Apr 2018 12:48:39 +0300

> From: Robert Pluim <rpluim <at> gmail.com>
> Cc: Lars Ingebrigtsen <larsi <at> gnus.org>,  wmglo <at> dent.med.uni-muenchen.de,  10536 <at> debbugs.gnu.org
> Date: Wed, 18 Apr 2018 11:42:52 +0200
> 
> > Could this "omission" be a sign of malicious stuff in there?  If so,
> > maybe it's better to introduce a variable that would allow this to be
> > tolerated, and by default fail with a message telling the user that if
> > they trust the source of the data, set the variable and retry?
> 
> You mean that someone would deliberately send incorrect base64 in the
> hope that interim attachment scanners would ignore it, but that the
> final recipient's software would be tolerant and decode it?

No, I mean that this omission is either due to a bug at the malicious
end or is somehow related to the malicious part itself (i.e. it is
part of the scam).
This bug report was last modified 6 years and 22 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.