[PATCH v4 3/5] dump: Disallow \n in message IDs

Jani Nikula jani at nikula.org
Thu Jan 3 09:19:02 PST 2013 

On Mon, 31 Dec 2012, Austin Clements <amdragon at MIT.EDU> wrote:
> When we switch to using regular Xapian queries in the dump format, \n
> will cause problems, so we disallow it.  Specially, while Xapian can
> quote and parse queries containing \n without difficultly, quoted
> queries containing \n still span multiple lines, which breaks the
> line-orientedness of the dump format.  Strictly speaking, we could
> still round-trip these, but it would significantly complicate restore
> as well as scripts that deal with tag dumps.  This complexity would
> come at absolutely no benefit: because of the RFC 2822 unfolding
> rules, no amount of standards negligence can produce a message with a
> message ID containing a line break (not even Outlook can do it!).
>
> Hence, we simply disallow it.
> ---
>  notmuch-dump.c       |    9 +++++++++
>  test/random-corpus.c |    4 +++-
>  2 files changed, 12 insertions(+), 1 deletion(-)
>
> diff --git a/notmuch-dump.c b/notmuch-dump.c
> index d2dad40..29d79da 100644
> --- a/notmuch-dump.c
> +++ b/notmuch-dump.c
> @@ -132,6 +132,15 @@ notmuch_dump_command (unused (void *ctx), int argc, char *argv[])
>  	if (output_format == DUMP_FORMAT_SUP) {
>  	    fputs (")\n", output);
>  	} else {
> +	    if (strchr (message_id, '\n')) {
> +		/* This will produce a line break in the output, which
> +		 * would be difficult to handle in tools.  However,
> +		 * it's also impossible to produce an email containing
> +		 * a line break in a message ID because of unfolding,
> +		 * so we can safely disallow it. */
> +		fprintf (stderr, "Error: cannot dump message id containing line break: %s\n", message_id);
> +		return 1;

How about just skipping the message in the dump, with a warning, instead
of bailing out? If the user is desperate to do a backup for whatever
reason, I don't think it's a good idea to require deleting the message
from the db before dump can succeed. The fs holding the db might be
remounted ro and all that.

And perhaps the message id in the error message should be wrapped in
quotes, because it will span multiple lines due to having a
newline... ;)

Otherwise, LGTM.

Jani.

> +	    }
>  	    if (hex_encode (notmuch, message_id,
>  			    &buffer, &buffer_size) != HEX_SUCCESS) {
>  		    fprintf (stderr, "Error: failed to hex-encode msg-id %s\n",
> diff --git a/test/random-corpus.c b/test/random-corpus.c
> index f354d4b..8b7748e 100644
> --- a/test/random-corpus.c
> +++ b/test/random-corpus.c
> @@ -96,7 +96,9 @@ random_utf8_string (void *ctx, size_t char_count)
>  	    buf = talloc_realloc (ctx, buf, gchar, buf_size);
>  	}
>  
> -	randomchar = random_unichar ();
> +	do {
> +	    randomchar = random_unichar ();
> +	} while (randomchar == '\n');
>  
>  	written = g_unichar_to_utf8 (randomchar, buf + offset);
>  
> -- 
> 1.7.10.4

More information about the notmuch mailing list