On Sun, 4 Mar 2012 10:25:38 +0200, Jani Nikula <[email protected]> wrote: > The reply MML quoting added in commit ae438cc unintentionally MML > quotes also the signature/encryption MML tags added via > message-setup-hook, causing the reply not to be signed/encrypted. > > MML quote just the original message in the temp buffer before > inserting it to the message buffer, to not interfere with message mode > hooks or message construction in general. > > See [1] and [2] for bug reports. > > Thanks to Tim Bielawa <[email protected]> for testing. > > [1] id:"[email protected]" > [2] id:"[email protected]". > > Signed-off-by: Jani Nikula <[email protected]> > --- > emacs/notmuch-mua.el | 10 ++++------ > 1 files changed, 4 insertions(+), 6 deletions(-) > > diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el > index 4be7c13..13244eb 100644 > --- a/emacs/notmuch-mua.el > +++ b/emacs/notmuch-mua.el > @@ -95,6 +95,9 @@ list." > (goto-char (point-min)) > (setq headers (mail-header-extract))))) > (forward-line 1) > + ;; Original message may contain (malicious) MML tags. We must > + ;; properly quote them in the reply. > + (mml-quote-region (point) (point-max))
Under what circumstances can the (re-search-forward "^$" nil t) above this code fail? If it does fail, is it possible for the (forward-line 1) to move past an adversary-controlled line of text and fail to quote that line? _______________________________________________ notmuch mailing list [email protected] http://notmuchmail.org/mailman/listinfo/notmuch
