[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] mhshow: invalid QUOTED-PRINTABLE encoding
From: |
Paul Fox |
Subject: |
Re: [Nmh-workers] mhshow: invalid QUOTED-PRINTABLE encoding |
Date: |
Mon, 20 Mar 2006 13:18:39 -0500 |
> > i believe there was consensus that a) this behavior was a result
> > of a problem with the original content encoding, and that b) the
> > nmh decoder should be more tolerant when decoding, and simply
> > pass mis-codings through untouched.
>
> I'd have to think *real* hard about that. I suspect that
> passing mis-codings through without a complaint is possibly
> setting us up for a nasty security exposure. I'm not
> convinced that it isn't possible to create an intentional bad
> encoding that causes issues further down the line.
interesting. mh certainly wouldn't be the first mailer to make
this mistake, if what you think is true.
for instance a sourceforge message i received today had these headers:
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
and it contained the following URL,
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
this displays in mutt as:
http://sel.as-us.falkag.net/sel?cmd=lnk&kid^Q0944&bid$1720&dat^R1642
nmh aborts when it reaches the "=ln", and displays nothing at
all. i wouldn't mind an error message -- it's the aborting
that's the real nuisance.
paul
=---------------------
paul fox, address@hidden (arlington, ma, where it's 29.7 degrees)
Re: [Nmh-workers] mhshow: invalid QUOTED-PRINTABLE encoding, pmaydell, 2006/03/20
Re: [Nmh-workers] mhshow: invalid QUOTED-PRINTABLE encoding, Joel Uckelman, 2006/03/20