[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] master d684f5d: * lisp/mail/smtpmail.el: (smtpmail-send-qu
|
From: |
Stefan Monnier |
|
Subject: |
[Emacs-diffs] master d684f5d: * lisp/mail/smtpmail.el: (smtpmail-send-queued-mail): Avoid 'load' |
|
Date: |
Fri, 19 Oct 2018 22:31:42 -0400 (EDT) |
branch: master
commit d684f5d5bc33249038e779a4b2009fd0761f09d5
Author: Stefan Monnier <address@hidden>
Commit: Stefan Monnier <address@hidden>
* lisp/mail/smtpmail.el: (smtpmail-send-queued-mail): Avoid 'load'
(smtpmail-send-it): Send metadata directly to the
files without bothering to write it into a temp buffer.
---
lisp/mail/smtpmail.el | 47 +++++++++++++++++++++++++++--------------------
1 file changed, 27 insertions(+), 20 deletions(-)
diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el
index 8bc3cc7..9b045b2 100644
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@@ -150,7 +150,8 @@ and sent with `smtpmail-send-queued-mail'."
:group 'smtpmail)
(defcustom smtpmail-queue-dir "~/Mail/queued-mail/"
- "Directory where `smtpmail.el' stores queued mail."
+ "Directory where `smtpmail.el' stores queued mail.
+This directory should not be writable by other users."
:type 'directory
:group 'smtpmail)
@@ -360,9 +361,7 @@ for `smtpmail-try-auth-method'.")
smtpmail-queue-dir))
(file-data (convert-standard-filename file-data))
(file-elisp (concat file-data ".el"))
- (buffer-data (create-file-buffer file-data))
- (buffer-elisp (create-file-buffer file-elisp))
- (buffer-scratch "*queue-mail*"))
+ (buffer-data (create-file-buffer file-data)))
(unless (file-exists-p smtpmail-queue-dir)
(make-directory smtpmail-queue-dir t))
(with-current-buffer buffer-data
@@ -377,22 +376,16 @@ for `smtpmail-try-auth-method'.")
nil t)
(insert-buffer-substring tembuf)
(write-file file-data)
- (set-buffer buffer-elisp)
- (erase-buffer)
- (insert (concat
- "(setq smtpmail-recipient-address-list '"
+ (write-region
+ (concat "(setq smtpmail-recipient-address-list '"
(prin1-to-string smtpmail-recipient-address-list)
- ")\n"))
- (write-file file-elisp)
- (set-buffer (generate-new-buffer buffer-scratch))
- (insert (concat file-data "\n"))
- (append-to-file (point-min)
- (point-max)
- (expand-file-name smtpmail-queue-index-file
- smtpmail-queue-dir)))
- (kill-buffer buffer-scratch)
- (kill-buffer buffer-data)
- (kill-buffer buffer-elisp))))
+ ")\n")
+ nil file-elisp nil 'silent)
+ (write-region (concat file-data "\n") nil
+ (expand-file-name smtpmail-queue-index-file
+ smtpmail-queue-dir)
+ t 'silent))
+ (kill-buffer buffer-data))))
(kill-buffer tembuf)
(if (bufferp errbuf)
(kill-buffer errbuf)))))
@@ -412,7 +405,21 @@ for `smtpmail-try-auth-method'.")
(goto-char (point-min))
(while (not (eobp))
(setq file-msg (buffer-substring (point) (line-end-position)))
- (load file-msg)
+ ;; FIXME: Avoid `load' which can execute arbitrary code and is hence
+ ;; a source of security holes. Better read the file and extract the
+ ;; data "by hand".
+ ;;(load file-msg)
+ (with-temp-buffer
+ (insert-file-contents (concat file-msg ".el"))
+ (goto-char (point-min))
+ (pcase (read (current-buffer))
+ (`(setq smtpmail-recipient-address-list ',v)
+ (skip-chars-forward " \n\t")
+ (unless (eobp) (message "Ignoring trailing text in %S"
+ (concat file-msg ".el")))
+ (setq smtpmail-recipient-address-list v))
+ (sexp (error "Unexpected code in %S: %S"
+ (concat file-msg ".el") sexp))))
;; Insert the message literally: it is already encoded as per
;; the MIME headers, and code conversions might guess the
;; encoding wrongly.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] master d684f5d: * lisp/mail/smtpmail.el: (smtpmail-send-queued-mail): Avoid 'load',
Stefan Monnier <=