[PATCH] emacs: mua: check for misplaced secure mml tags

Mark Walters markwalters1009 at gmail.com
Tue Sep 27 13:34:51 PDT 2016 

Emacs message-send seems to ignore a secure mml tag anywhere except at
the start of the body. Since this is almost certainly not desired we
check for it, and require user confirmation before sending.

As the setup before message-send or message-send-and-exit is getting
more complicated it is convenient to unify the two correspoinding
notmuch functions.
---

In id:87d1kazlof.fsf at zancas.localnet bremner pointed out there are
some oddities in message mode's handling of the mml secure tag -- that
is ignored if it is not at the start of the body. This definitely
causes a problem with the postpone/resume patch, but could also cause
a problem in normal use.

Since accidentally sending a message unencrypted is rather bad we
check for it. This might also mean that the current postpone/resume
code (which works in many cases) might be useable until a full
solution is found.

Best wishes

Mark


emacs/notmuch-mua.el | 31 +++++++++++++++++++++++++++----
 1 file changed, 27 insertions(+), 4 deletions(-)

diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 55bc267..aeb60e2 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -490,15 +490,38 @@ will be addressed to all recipients of the source message."
     (notmuch-mua-reply query-string sender reply-all)
     (deactivate-mark)))
 
+(defun notmuch-mua-misplaced-secure-tag ()
+  "Return t if there is a misplaced secure mml tag.
+
+Emacs message-send will (probably) ignore a secure mml tag
+anywhere except at the start of the body. Since this is almost
+certainly not desired we check for it -- this function returns
+non-nil if there is such a tag."
+  (save-excursion
+    (message-goto-body)
+    (unless (eobp)
+      (forward-char)
+      (search-forward "<#secure" nil 't))))
+
+(defun notmuch-mua-send-common (arg &optional exit)
+  (interactive "P")
+  (letf (((symbol-function 'message-do-fcc) #'notmuch-maildir-message-do-fcc))
+	(when (or (not (notmuch-mua-misplaced-secure-tag))
+		  (yes-or-no-p "\
+There is a <#secure> tag not at the start of the body. It is
+likely that the message will be sent unsigned and unencrypted.
+Really send? "))
+	  (if exit
+	      (message-send-and-exit arg)
+	    (message-send arg)))))
+
 (defun notmuch-mua-send-and-exit (&optional arg)
   (interactive "P")
-  (letf (((symbol-function 'message-do-fcc) #'notmuch-maildir-message-do-fcc))
-	(message-send-and-exit arg)))
+  (notmuch-mua-send-common arg 't))
 
 (defun notmuch-mua-send (&optional arg)
   (interactive "P")
-  (letf (((symbol-function 'message-do-fcc) #'notmuch-maildir-message-do-fcc))
-	(message-send arg)))
+  (notmuch-mua-send-common arg))
 
 (defun notmuch-mua-kill-buffer ()
   (interactive)
-- 
2.1.4

More information about the notmuch mailing list