mailinfo: warn if CRLF found in decoded base64/QP email

When SMTP servers receive 8-bit email messages, possibly with only
LF as line ending, some of them decide to change said LF to CRLF.

Some mailing list softwares, when receive 8-bit email messages,
decide to encode those messages in base64 or quoted-printable.

If an email is transfered through above mail servers, then distributed
by such mailing list softwares, the recipients will receive an email
contains a patch mungled with CRLF encoded inside another encoding.

Thus, such CR (in CRLF) couldn't be dropped by "mailsplit".
Hence, the mailed patch couldn't be applied cleanly.
Such accidents have been observed in the wild [1].

Instead of silently rejecting those messages, let's give our users
some warnings if such CR (as part of CRLF) is found.

[1]: https://nmbug.notmuchmail.org/nmweb/show/m2lf9ejegj.fsf%40guru.guru-group.fi

Signed-off-by: Đoàn Trần Công Danh <congdanhqx@gmail.com>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
This commit is contained in:
Đoàn Trần Công Danh 2021-05-10 00:12:10 +07:00 committed by Junio C Hamano
parent dd9323b7fb
commit 0b689562ca
7 changed files with 121 additions and 0 deletions

View File

@ -994,6 +994,11 @@ static void handle_filter_flowed(struct mailinfo *mi, struct strbuf *line,
const char *rest;
if (!mi->format_flowed) {
if (len >= 2 &&
line->buf[len - 2] == '\r' &&
line->buf[len - 1] == '\n') {
mi->have_quoted_cr = 1;
}
handle_filter(mi, line);
return;
}
@ -1033,6 +1038,12 @@ static void handle_filter_flowed(struct mailinfo *mi, struct strbuf *line,
handle_filter(mi, line);
}
static void summarize_quoted_cr(struct mailinfo *mi)
{
if (mi->have_quoted_cr)
warning(_("quoted CRLF detected"));
}
static void handle_body(struct mailinfo *mi, struct strbuf *line)
{
struct strbuf prev = STRBUF_INIT;
@ -1051,6 +1062,8 @@ static void handle_body(struct mailinfo *mi, struct strbuf *line)
handle_filter(mi, &prev);
strbuf_reset(&prev);
}
summarize_quoted_cr(mi);
mi->have_quoted_cr = 0;
if (!handle_boundary(mi, line))
goto handle_body_out;
}
@ -1100,6 +1113,7 @@ static void handle_body(struct mailinfo *mi, struct strbuf *line)
if (prev.len)
handle_filter(mi, &prev);
summarize_quoted_cr(mi);
flush_inbody_header_accum(mi);

View File

@ -24,6 +24,7 @@ struct mailinfo {
struct strbuf charset;
unsigned int format_flowed:1;
unsigned int delsp:1;
unsigned int have_quoted_cr:1;
char *message_id;
enum {
TE_DONTCARE, TE_QP, TE_BASE64

View File

@ -228,4 +228,34 @@ test_expect_success 'mailinfo handles unusual header whitespace' '
test_cmp expect actual
'
check_quoted_cr_mail () {
mail="$1" && shift &&
git mailinfo -u "$@" "$mail.msg" "$mail.patch" \
<"$mail" >"$mail.info" 2>"$mail.err" &&
test_cmp "$mail-expected.msg" "$mail.msg" &&
test_cmp "$mail-expected.patch" "$mail.patch" &&
test_cmp "$DATA/quoted-cr-info" "$mail.info"
}
test_expect_success 'split base64 email with quoted-cr' '
mkdir quoted-cr &&
git mailsplit -oquoted-cr "$DATA/quoted-cr.mbox" >quoted-cr/last &&
test $(cat quoted-cr/last) = 2
'
test_expect_success 'mailinfo warn CR in base64 encoded email' '
sed -e "s/%%$//" -e "s/%%/$(printf \\015)/g" "$DATA/quoted-cr-msg" \
>quoted-cr/0001-expected.msg &&
sed "s/%%/$(printf \\015)/g" "$DATA/quoted-cr-msg" \
>quoted-cr/0002-expected.msg &&
sed -e "s/%%$//" -e "s/%%/$(printf \\015)/g" "$DATA/quoted-cr-patch" \
>quoted-cr/0001-expected.patch &&
sed "s/%%/$(printf \\015)/g" "$DATA/quoted-cr-patch" \
>quoted-cr/0002-expected.patch &&
check_quoted_cr_mail quoted-cr/0001 &&
test_must_be_empty quoted-cr/0001.err &&
check_quoted_cr_mail quoted-cr/0002 &&
grep "quoted CRLF detected" quoted-cr/0002.err
'
test_done

5
t/t5100/quoted-cr-info Normal file
View File

@ -0,0 +1,5 @@
Author: A U Thor
Email: mail@example.com
Subject: sample
Date: Mon, 3 Aug 2020 22:40:55 +0700

2
t/t5100/quoted-cr-msg Normal file
View File

@ -0,0 +1,2 @@
On different distro, %%pytest is suffixed with different patterns.%%
%%

22
t/t5100/quoted-cr-patch Normal file
View File

@ -0,0 +1,22 @@
---%%
configure | 2 +-%%
1 file changed, 1 insertion(+), 1 deletion(-)%%
%%
diff --git a/configure b/configure%%
index db3538b3..f7c1c095 100755%%
--- a/configure%%
+++ b/configure%%
@@ -814,7 +814,7 @@ if [ $have_python3 -eq 1 ]; then%%
printf "%%Checking for python3 pytest (>= 3.0)... "%%
conf=$(mktemp)%%
printf "[pytest]\nminversion=3.0\n" > $conf%%
- if pytest-3 -c $conf --version >/dev/null 2>&1; then%%
+ if "$python" -m pytest -c $conf --version >/dev/null 2>&1; then%%
printf "Yes.\n"%%
have_python3_pytest=1%%
else%%
-- %%
2.28.0%%
_______________________________________________
example mailing list -- list@example.org
To unsubscribe send an email to list-leave@example.org

47
t/t5100/quoted-cr.mbox Normal file
View File

@ -0,0 +1,47 @@
From nobody Mon Sep 17 00:00:00 2001
From: A U Thor <mail@example.com>
To: list@example.org
Subject: [PATCH v2] sample
Date: Mon, 3 Aug 2020 22:40:55 +0700
Message-Id: <msg-id@example.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
T24gZGlmZmVyZW50IGRpc3RybywgDXB5dGVzdCBpcyBzdWZmaXhlZCB3aXRoIGRpZmZlcmVudCBw
YXR0ZXJucy4KCi0tLQogY29uZmlndXJlIHwgMiArLQogMSBmaWxlIGNoYW5nZWQsIDEgaW5zZXJ0
aW9uKCspLCAxIGRlbGV0aW9uKC0pCgpkaWZmIC0tZ2l0IGEvY29uZmlndXJlIGIvY29uZmlndXJl
CmluZGV4IGRiMzUzOGIzLi5mN2MxYzA5NSAxMDA3NTUKLS0tIGEvY29uZmlndXJlCisrKyBiL2Nv
bmZpZ3VyZQpAQCAtODE0LDcgKzgxNCw3IEBAIGlmIFsgJGhhdmVfcHl0aG9uMyAtZXEgMSBdOyB0
aGVuCiAgICAgcHJpbnRmICINQ2hlY2tpbmcgZm9yIHB5dGhvbjMgcHl0ZXN0ICg+PSAzLjApLi4u
ICIKICAgICBjb25mPSQobWt0ZW1wKQogICAgIHByaW50ZiAiW3B5dGVzdF1cbm1pbnZlcnNpb249
My4wXG4iID4gJGNvbmYKLSAgICBpZiBweXRlc3QtMyAtYyAkY29uZiAtLXZlcnNpb24gPi9kZXYv
bnVsbCAyPiYxOyB0aGVuCisgICAgaWYgIiRweXRob24iIC1tIHB5dGVzdCAtYyAkY29uZiAtLXZl
cnNpb24gPi9kZXYvbnVsbCAyPiYxOyB0aGVuCiAgICAgICAgIHByaW50ZiAiWWVzLlxuIgogICAg
ICAgICBoYXZlX3B5dGhvbjNfcHl0ZXN0PTEKICAgICBlbHNlCi0tIAoyLjI4LjAKX19fX19fX19f
X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KZXhhbXBsZSBtYWlsaW5nIGxp
c3QgLS0gbGlzdEBleGFtcGxlLm9yZwpUbyB1bnN1YnNjcmliZSBzZW5kIGFuIGVtYWlsIHRvIGxp
c3QtbGVhdmVAZXhhbXBsZS5vcmcK
From nobody Mon Sep 17 00:00:00 2001
From: A U Thor <mail@example.com>
To: list@example.org
Subject: [PATCH v2] sample
Date: Mon, 3 Aug 2020 22:40:55 +0700
Message-Id: <msg-id2@example.com>
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
T24gZGlmZmVyZW50IGRpc3RybywgDXB5dGVzdCBpcyBzdWZmaXhlZCB3aXRoIGRpZmZlcmVudCBw
YXR0ZXJucy4NCg0KLS0tDQogY29uZmlndXJlIHwgMiArLQ0KIDEgZmlsZSBjaGFuZ2VkLCAxIGlu
c2VydGlvbigrKSwgMSBkZWxldGlvbigtKQ0KDQpkaWZmIC0tZ2l0IGEvY29uZmlndXJlIGIvY29u
ZmlndXJlDQppbmRleCBkYjM1MzhiMy4uZjdjMWMwOTUgMTAwNzU1DQotLS0gYS9jb25maWd1cmUN
CisrKyBiL2NvbmZpZ3VyZQ0KQEAgLTgxNCw3ICs4MTQsNyBAQCBpZiBbICRoYXZlX3B5dGhvbjMg
LWVxIDEgXTsgdGhlbg0KICAgICBwcmludGYgIg1DaGVja2luZyBmb3IgcHl0aG9uMyBweXRlc3Qg
KD49IDMuMCkuLi4gIg0KICAgICBjb25mPSQobWt0ZW1wKQ0KICAgICBwcmludGYgIltweXRlc3Rd
XG5taW52ZXJzaW9uPTMuMFxuIiA+ICRjb25mDQotICAgIGlmIHB5dGVzdC0zIC1jICRjb25mIC0t
dmVyc2lvbiA+L2Rldi9udWxsIDI+JjE7IHRoZW4NCisgICAgaWYgIiRweXRob24iIC1tIHB5dGVz
dCAtYyAkY29uZiAtLXZlcnNpb24gPi9kZXYvbnVsbCAyPiYxOyB0aGVuDQogICAgICAgICBwcmlu
dGYgIlllcy5cbiINCiAgICAgICAgIGhhdmVfcHl0aG9uM19weXRlc3Q9MQ0KICAgICBlbHNlDQot
LSANCjIuMjguMA0KX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f
X18KZXhhbXBsZSBtYWlsaW5nIGxpc3QgLS0gbGlzdEBleGFtcGxlLm9yZwpUbyB1bnN1YnNjcmli
ZSBzZW5kIGFuIGVtYWlsIHRvIGxpc3QtbGVhdmVAZXhhbXBsZS5vcmcK