[PATCH 0/2] Check for misplaced secure mml tags

Mark Walters markwalters1009 at gmail.com
Sun Oct 2 07:05:29 PDT 2016


This is new (essentially completely rewritten) version of
id:1475008491-28175-1-git-send-email-markwalters1009 at gmail.com

This version is stricter in its checking. I believe emacs only
processes a secure tag if it as the start of the body and followed by
a newline. Thus if there is a secure tag anywhere else (including in
the headers), or it is not followed by a newline we query the user.

The logic is a little convoluted but it seems to work in all cases I
have tried.

The extra strictness over the previous version is partly based on
experience from my current (not yet posted) version of the postpone
code. I will store the secure tag in a header while it is saved (so
checking the header seems worth doing), and one version restored the
secure tag. but not on its own line and that caused problems.

We could consider adding other checks later -- generally I think
sending a malformed email is bad but not terrible, but accidentally
sending a message unencrypted is terrible so we should be stricter
here.

Finally, there are other possible corruptions of a secure tag, but
this seems a good start.

Best wishes

Mark


Mark Walters (2):
  emacs: mua: extract a common message-send function.
  emacs: mua: check for misplaced secure mml tags

 emacs/notmuch-mua.el | 38 ++++++++++++++++++++++++++++++++++----
 1 file changed, 34 insertions(+), 4 deletions(-)

-- 
2.1.4



More information about the notmuch mailing list