Without this check, it's trivial to crash the nmweb daemon with a ValueError by putting a non-numeric value in befores or afters. --- contrib/notmuch-web/nmweb.py | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/contrib/notmuch-web/nmweb.py b/contrib/notmuch-web/nmweb.py index eaeeb507..21276b66 100755 --- a/contrib/notmuch-web/nmweb.py +++ b/contrib/notmuch-web/nmweb.py @@ -65,9 +65,12 @@ class search: befores = web.input(befores=None).befores else: befores = '4294967296' # 2^32 - if int(afters) > 0 or int(befores) < 4294967296: - redir = True - terms += ' %s..%s' % (afters, befores) + try: + if int(afters) > 0 or int(befores) < 4294967296: + redir = True + terms += ' %s..%s' % (afters, befores) + except ValueError: + pass if redir: raise web.seeother('/search/%s' % quote_plus(terms)) web.header('Content-type', 'text/html') -- 2.15.1 _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch