Re: possible infinite recursion in notmuch-cli

Subject:Re: possible infinite recursion in notmuch-cli

Date:Sun, 26 Dec 2021 09:05:59 -0400

To:Daniel Kahn Gillmor ,notmuch mailing list

Cc:

From:David Bremner


Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:


> After some discussion with amdragon on IRC, i believe that this is only
> relevant to notmuch when actively decrypting a message -- OpenPGP's
> ability to embed compression makes it possible to write a PGP/MIME
> message that is a quine: that is, when decompressed, it would expand to
> itself, which would send our parser into an infinite loop.
>
> Since we're not decrypting during indexing, only notmuch-show and
> notmuch-reply are probably affected by this problem. (but if someone
> implements indexing of encrypted messages, then we'd have to worry about
> this in the indexer as well)

This is indeed our current situation.

> The simple and generalized solution would be to limit the recursive
> depth of our walk of the MIME tree; probably a large limit of something
> like 30 or 50 would not trigger any real-world problems, and would halt
> a runaway recursion well before most modern machines ran out of
> resources.

So do I understand correctly that to test this proposed fix, we would
not need to generate a MIME-quine (which sounds challenging) but just a
very deep MIME tree?

_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-leave@notmuchmail.org

Thread: