GNU bug report logs -
#47616
27.1; hardening mail-envelope-from
Previous Next
Reported by: Francesco Potortì <pot <at> gnu.org>
Date: Tue, 6 Apr 2021 12:43:02 UTC
Severity: normal
Tags: fixed
Found in version 27.1
Fixed in version 28.1
Done: Lars Ingebrigtsen <larsi <at> gnus.org>
Bug is archived. No further changes may be made.
Full log
Message #18 received at 47616 <at> debbugs.gnu.org (full text, mbox):
>Francesco Potortì <pot <at> gnu.org> writes:
>> Hardening mail-envelope-from from sendmail.el by narrowing to the
>> headers, as the doc says, corrects the problem that I observed.
>
>Thanks -- I don't think we should change mail-envelope-from itself here,
>because it may conceivably be called from other contexts. Instead the
>callers in sendmail/smtpmail should be altered to narrow to the headers
>before calling it, and I've now done this in Emacs 28. (This uncovered
>a similar bug in smtpmail.el, too.)
That makes sense, in principle. I would argue for adding a comment to
mail-envelope-from stating that since it calls mail-fetch-field it
should be called only after narrowing to the headers. Or maybe even
adding a note in the doc string, as done in mail-fetch-field.
This bug report was last modified 4 years and 10 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.