<<< Date Index >>>     <<< Thread Index >>>

Re: [PATCH] Minor bug when displaying clearsigned messages



Sorry, but the semantics of spaces in armor headers are defined
quite clearly by the spec, no?

Displaying stuff as "signed" that is actually part of the
headers (which aren't signed!) is a security problem.

-- 
Thomas Roessler · Personal soap box at <http://log.does-not-exist.org/>.







On 2006-08-03 12:51:38 +0200, Alain Bench wrote:
> From: Alain Bench <veronatif@xxxxxxx>
> To: Mutt dev ml <mutt-dev@xxxxxxxx>
> Date: Thu, 3 Aug 2006 12:51:38 +0200 (CEST)
> Subject: Re: [PATCH] Minor bug when displaying clearsigned messages
> X-Spam-Level: 
> 
> Hello David,
> 
>  On Wednesday, January 26, 2005 at 14:04:38 -0500, David M. Shaw wrote:
> 
> > A contributor to the gnupg-users mailing list frequently sends
> > clearsigned mails that (after invoking check-traditional-pgp on them)
> > do not display properly. After doing some digging, I think I've found
> > what the problem is. Mutt is looking for a blank line to separate the
> > ascii armor headers from the message data, and his mailer seems to be
> > adding spaces to the end of lines. [...] I've attached an example
> > message to illustrate the problem, and here is a patch that fixes it.
> 
>     I suspect the same disapearing first paragraph problem might well
> happen with GPGME, perhaps calling for the same fix. The attached
> patch-1.5.8.ab.inline_gpgme_buggy_separator.1 could probably take care
> of that.
> 
>     But I don't have the lib and can't check. Could please a GPGME user
> open Dave's example badmail to see (or not to see) the word "foo" in
> body? If it disappears, does my patch reappear it?
> 
> 
> Bye!  Alain.
> -- 
> « Be liberal in what you accept, and conservative in what you send. »
>       Jon Postel / Robustness Principle / RFC 1122