[PATCH v4 2/2] emacs: quote MML tags in replies

Subject: [PATCH v4 2/2] emacs: quote MML tags in replies

Date: Thu, 2 Feb 2012 00:01:33 -0400

Cc:

From: Aaron Ecay <aaronecay@gmail.com>

Emacs message-mode uses certain text strings to indicate how to attach
files to outgoing mail.  If these are present in the text of an email,
and a user is tricked into replying to the message, the user’s files
could be exposed.

Using point-max would include the signature in the quoting as well.
It would probably be fairly odd to want to put an MML tag in one’s
signature, but that doesn’t mean that we should break that usage.
---
 NEWS                 |   11 +++++++++++
 emacs/notmuch-mua.el |    7 ++++++-
 test/emacs           |    1 -
 3 files changed, 17 insertions(+), 2 deletions(-)

diff --git a/NEWS b/NEWS
index 3d2c2a8..a089e67 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,17 @@ Fix error handling in python bindings.
   exceptions to indicate the error condition. Any subsequent calls
   into libnotmuch caused segmentation faults.
 
+Quote MML tags in replies
+
+  MML tags are text codes that Emacs uses to indicate attachments
+  (among other things) in messages being composed.  The Emacs
+  interface did not quote MML tags in the quoted text of a reply.
+  User could be tricked into replying to a maliciously formatted
+  message and not editing out the MML tags from the quoted text.  This
+  could lead to files from the user's machine being attached to the
+  outgoing message.  The Emacs interface now quotes these tags in
+  reply text, so that they do not effect outgoing messages.
+
 
 Notmuch 0.11 (2012-01-13)
 =========================
diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el
index 7114e48..768b693 100644
--- a/emacs/notmuch-mua.el
+++ b/emacs/notmuch-mua.el
@@ -111,7 +111,12 @@ list."
     (insert body))
   (set-buffer-modified-p nil)
 
-  (message-goto-body))
+  (message-goto-body)
+  ;; Original message may contain (malicious) MML tags.  We must
+  ;; properly quote them in the reply.  Note that using `point-max'
+  ;; instead of `mark' here is wrong.  The buffer may include user's
+  ;; signature which should not be MML-quoted.
+  (mml-quote-region (point) (mark)))
 
 (defun notmuch-mua-forward-message ()
   (message-forward)
diff --git a/test/emacs b/test/emacs
index 2a2ce28..de100c5 100755
--- a/test/emacs
+++ b/test/emacs
@@ -274,7 +274,6 @@ EOF
 test_expect_equal_file OUTPUT EXPECTED
 
 test_begin_subtest "Quote MML tags in reply"
-test_subtest_known_broken
 message_id='test-emacs-mml-quoting@message.id'
 add_message [id]="$message_id" \
 	    "[subject]='$test_subtest_name'" \
-- 
1.7.8.3

Previous message (by thread): Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable

Thread:

Aaron Ecay—[PATCH] emacs: Quote MML tags in replies [inbox, notmuch::bug, notmuch::emacs, notmuch::obsolete, notmuch::patch, notmuch::security, unread]
- Pieter Praet—Re: [PATCH] emacs: Quote MML tags in replies [inbox, notmuch::review, unread]
  - Austin Clements—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
    - Aaron Ecay—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
      - Pieter Praet—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
- Austin Clements—Re: [PATCH] emacs: Quote MML tags in replies [inbox, notmuch::review, unread]
  - Aaron Ecay—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
    - Pieter Praet—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
      - Aaron Ecay—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
        Pieter Praet—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
    - Austin Clements—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
      - Aaron Ecay—[PATCH 1/2] emacs: Add tests for quoting of MML tags in replies [inbox, notmuch::obsolete, notmuch::patch, notmuch::test, unread]
        Aaron Ecay—[PATCH 2/2] emacs: Quote MML tags in replies [inbox, notmuch::bug, notmuch::emacs, notmuch::obsolete, notmuch::patch, notmuch::security, unread]
        Tomi Ollila—Re: [PATCH 2/2] emacs: Quote MML tags in replies [inbox, unread]
        David Bremner—Re: [PATCH 1/2] emacs: Add tests for quoting of MML tags in replies [inbox, unread]
- David Edmondson—Re: [PATCH] emacs: Quote MML tags in replies [inbox, signed, unread]
- David Bremner—Re: [PATCH] emacs: Quote MML tags in replies [inbox, unread]
- Dmitry Kurochkin—emacs: quote MML tags in replies [inbox, unread]
  - Dmitry Kurochkin—[PATCH v3 1/2] test: add tests for quoting of MML tags in replies [inbox, notmuch::emacs, notmuch::obsolete, notmuch::patch, notmuch::test, unread]
    - Pieter Praet—[PATCH v4 1/2] test: add tests for quoting of MML tags in replies [inbox, notmuch::obsolete, notmuch::patch, notmuch::test, unread]
      - Pieter Praet—[PATCH v5 1/2] test: add tests for quoting of MML tags in replies [inbox, notmuch::obsolete, notmuch::patch, notmuch::test, unread]
  - Dmitry Kurochkin—[PATCH v3 2/2] emacs: quote MML tags in replies [inbox, notmuch::bug, notmuch::emacs, notmuch::obsolete, notmuch::patch, notmuch::security, unread]
  - Pieter Praet—Re: emacs: quote MML tags in replies [inbox, notmuch::review, unread]
    - Dmitry Kurochkin—Re: emacs: quote MML tags in replies [inbox, unread]
      - Pieter Praet—Re: emacs: quote MML tags in replies [inbox, unread]
        Pieter Praet—[PATCH] test: replace occurrences of $PWD with vars that are more stable [inbox, notmuch::patch, notmuch::pushed, notmuch::test, notmuch::trivial, unread]
        Dmitry Kurochkin—Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable [inbox, notmuch::review, unread]
        Pieter Praet—Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable [inbox, unread]
        Dmitry Kurochkin—Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable [inbox, notmuch::review, unread]
        David Bremner—Re: [PATCH] test: replace occurrences of $PWD with vars that are more stable [inbox, unread]
  - David Bremner— [inbox, unread]
    - David Bremner—[PATCH v4 1/2] test: add tests for quoting of MML tags in replies [inbox, notmuch::obsolete, notmuch::patch, notmuch::test, unread]
    - David Bremner—[PATCH v4 2/2] emacs: quote MML tags in replies [inbox, notmuch::bug, notmuch::emacs, notmuch::obsolete, notmuch::patch, notmuch::security, unread]
    - Pieter Praet—Re: [inbox, unread]
      - Pieter Praet—[PATCH v6 1/3] test: add tests for quoting of MML tags in replies [inbox, notmuch::patch, notmuch::pushed, notmuch::test, unread]
      - Pieter Praet—[PATCH v6 2/3] emacs: quote MML tags in replies [inbox, notmuch::bug, notmuch::emacs, notmuch::fixed, notmuch::patch, notmuch::pushed, notmuch::security, unread]
      - Pieter Praet—[PATCH v6 3/3] post-merge fixes [inbox, notmuch::emacs, notmuch::patch, notmuch::pushed, unread]
        David Bremner—Re: [PATCH v6 3/3] post-merge fixes [inbox, unread]
      - David Bremner—Re: MML Quoting patches. [inbox, unread]
        Pieter Praet—Re: MML Quoting patches. [inbox, unread]