Security: Mutt and mailcap rules
Kevin J. McCarthy
kevin at 8t8.us
Sat Jun 22 13:49:03 UTC 2019
On Sat, Jun 22, 2019 at 12:24:16PM +0200, Vincent Lefevre wrote:
>After reading the code, it appears that OPTMAILCAPSANITIZE is not
>used for %s:
>
> else if (*cptr == 's' && filename != NULL)
> {
> mutt_buffer_quote_filename (quoted, filename);
> mutt_buffer_addstr (buf, mutt_b2s (quoted));
> needspipe = FALSE;
> }
It's sanitized externally by mutt_rfc1524_expand_filename() for
receive-mode usage. See mutt_view_attachment(),
mutt_print_attachment(), and autoview_handler().
>If the filename is expected to be always sanitized, this should
>probably be double-checked here to be sure and potentially avoid
>future security bugs.
No, the setup code is complicated, as you can see from the above listed
functions. Send mode directly uses the filename if a nametemplate isn't
required.
--
Kevin J. McCarthy
GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.mutt.org/pipermail/mutt-dev/attachments/20190622/eaf6ebe5/attachment.asc>
More information about the Mutt-dev
mailing list