Daniel Kahn Gillmor <d...@fifthhorseman.net> writes:

> After some discussion with amdragon on IRC, i believe that this is only
> relevant to notmuch when actively decrypting a message -- OpenPGP's
> ability to embed compression makes it possible to write a PGP/MIME
> message that is a quine: that is, when decompressed, it would expand to
> itself, which would send our parser into an infinite loop.
> Since we're not decrypting during indexing, only notmuch-show and
> notmuch-reply are probably affected by this problem. (but if someone
> implements indexing of encrypted messages, then we'd have to worry about
> this in the indexer as well)

This is indeed our current situation.

> The simple and generalized solution would be to limit the recursive
> depth of our walk of the MIME tree; probably a large limit of something
> like 30 or 50 would not trigger any real-world problems, and would halt
> a runaway recursion well before most modern machines ran out of
> resources.

So do I understand correctly that to test this proposed fix, we would
not need to generate a MIME-quine (which sounds challenging) but just a
very deep MIME tree?

notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-le...@notmuchmail.org

Reply via email to