[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#51733: 27.1; Detect impossible email addresses better
From: |
Lars Ingebrigtsen |
Subject: |
bug#51733: 27.1; Detect impossible email addresses better |
Date: |
Wed, 19 Jan 2022 15:33:54 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) |
Andreas Schwab <schwab@linux-m68k.org> writes:
> On Jan 19 2022, Lars Ingebrigtsen wrote:
>
>> Consider somebody sending you an email containing @", characters in the
>> name part, and then you decode the address, and then run the parsing
>> function. The attacker would then have a wide attack surface to trick
>> the checker into checking the wrong parts of the address.
>
> Isn't that the whole point of textsec?
It's perfectly valid to have a
From: "larsi@example.com" <larsi@other.com>
address. It's unambigious, and the responses will go to
larsi@other.com.
Of course, it's... suspicious... but not on the Unicode level. (I'll
also be adding some non-Unicode bits to textsec, like
<a href="http://foo.bar">http://other.bar</a>
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
- bug#51733: 27.1; Detect impossible email addresses better, (continued)
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better,
Lars Ingebrigtsen <=
- bug#51733: 27.1; Detect impossible email addresses better, Andreas Schwab, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/18
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/18
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/18
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/18
- bug#51733: 27.1; Detect impossible email addresses better, Michael Albinus, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Eli Zaretskii, 2022/01/19
- bug#51733: 27.1; Detect impossible email addresses better, Lars Ingebrigtsen, 2022/01/19