[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#40397: 28.0.50; epg decrypt does not verify signed content in smime
From: |
Noam Postavsky |
Subject: |
bug#40397: 28.0.50; epg decrypt does not verify signed content in smime |
Date: |
Mon, 06 Apr 2020 12:32:29 -0400 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.3 (windows-nt) |
Sebastian Fieber <sebastian.fieber@web.de> writes:
> On So, Apr 05 2020, Noam Postavsky <npostavs@gmail.com> wrote:
>
>> Sebastian Fieber <sebastian.fieber@web.de> writes:
>>
>>> - (while (search-forward "\r\n" nil t)
>>> + (while (search-forward-regexp "\r\n|\^M\n" nil t)
>>
>> This can't be right, it would search for a literal "|" on an otherwise
>> empty line. And if you put "\\|" which is what I think you meant, then
>> both alternatives would be the same, so it still doesn't make sense.
>
> Yes, and there is another problem with this. Should have tested this mit
> emacs -Q. Let me fix that and prepare a new patch.
This hunk looks a bit suspicious to me as well, I don't think you can
apply operators like "?" to anchors.
@@ -759,7 +782,7 @@ MIME-Version header before proceeding."
(mb enable-multibyte-characters)
beg)
(goto-char (point-min))
- (search-forward-regexp "^\n" nil 'move) ;; There might be no body.
+ (search-forward-regexp "^?\n" nil 'move) ;; There might be no body.
(setq beg (point))
(with-current-buffer
(generate-new-buffer " *mm*")
> Since you have looked over the patch: What do you think about the
> approach to internally structure application/pkcs7-mime parts like
> multipart parts containing the mime type with text properties until the
> decrypted, maybe verified singlepart in the car of the handle?
Sorry, I'm not familiar enough with how this code is currently
structured to say anything intelligent about that.
bug#40397: 28.0.50; epg decrypt does not verify signed content in smime, Sebastian Fieber, 2020/04/07