GNU bug report logs - #47616
27.1; hardening mail-envelope-from

Previous Next

Package: emacs;

Reported by: Francesco Potortì <pot <at> gnu.org>

Date: Tue, 6 Apr 2021 12:43:02 UTC

Severity: normal

Tags: fixed

Found in version 27.1

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Francesco Potortì <pot <at> gnu.org>
Cc: 47616 <at> debbugs.gnu.org
Subject: bug#47616: 27.1; hardening mail-envelope-from
Date: Thu, 06 May 2021 12:22:53 +0200

Francesco Potortì <pot <at> gnu.org> writes:

> Hardening mail-envelope-from from sendmail.el by narrowing to the
> headers, as the doc says, corrects the problem that I observed.

Thanks -- I don't think we should change mail-envelope-from itself here,
because it may conceivably be called from other contexts.  Instead the
callers in sendmail/smtpmail should be altered to narrow to the headers
before calling it, and I've now done this in Emacs 28.  (This uncovered
a similar bug in smtpmail.el, too.)

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 4 years and 9 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.