| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20200408172853.GA1961925@coredump.intra.peff.net>
Date: Wed, 8 Apr 2020 13:28:53 -0400
From: Jeff King <peff@...f.net>
To: Joe Perches <joe@...ches.com>
Cc: Olaf Hering <olaf@...fle.de>, linux-kernel@...r.kernel.org,
git@...r.kernel.org
Subject: Re: get_maintainer.pl sends bogus addresses to git send-email
On Tue, Apr 07, 2020 at 02:56:19PM -0700, Joe Perches wrote:
> > Syntactically they are rfc822 comments, and send-email _should_ be able
> > to handle them (and does in recent versions).
>
> I'm not certain that comments are allowed _after_ a tld in an
> email address. In any case, I guess it's a good thing I used
> parentheses for the get_maintainer rolestats block.
Oh, it's much more horrible than that. RFC822 contains this example:
Muhammed.(I am the greatest) Ali @(the)Vegas.WBA
which parses to:
Muhammed.Ali@...as.WBA
Perl's Mail::Address does decipher that correctly.
> > > linux-kernel@...r.kernel.org (open list)
> >
> > In this one, I think that the comment will be used as the name field,
> > since there isn't one.
>
> I think that slightly unexpected as the name field is not required.
TBH, so do I. That's all done by Mail::Address's format() method. We
could probably convince it to be less magical, but perhaps it's best to
just leave it alone. Presumably that logic has some historical basis,
and as you note, it's a mistake to be passing these fields into
send-email in the first place.
-Peff
Powered by blists - more mailing lists