[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nmh-workers] Quoted printable problem

From: Lyndon Nerenberg
Subject: Re: [Nmh-workers] Quoted printable problem
Date: Mon, 17 Dec 2012 17:31:33 -0800

On 2012-12-17, at 4:16 PM, Ralph Corderoy wrote:

> I agree with Lyndon.  Unless we find a major MUA has taken to spewing
> this errant guff, making it a de facto standard, bailing out with
> reference to the RFC seems fine.  It may persuade the recipient to play
> detective on the source.

There is an even better reason: security.  Since a multipart wrapped in QP (or 
base64) is undefined, there is no correct way to deal with it, and therefore 
nobody will deal with it "correctly" – if that was even possible.  This means 
broken parsers generating stack overflows, ripe for exploitation by viruses.  I 
would *really* like to see the raw source for a couple of these messages, as 
I'm starting to wonder if these aren't actual virus payloads.

There are reasons we have standards, and this is one of the many cases where it 
is important to adhere to them. 


reply via email to

[Prev in Thread] Current Thread [Next in Thread]