[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Emacs-diffs] Changes to emacs/lisp/gnus/mm-uu.el,v
|
From: |
Miles Bader |
|
Subject: |
[Emacs-diffs] Changes to emacs/lisp/gnus/mm-uu.el,v |
|
Date: |
Mon, 20 Nov 2006 02:43:10 +0000 |
CVSROOT: /cvsroot/emacs
Module name: emacs
Changes by: Miles Bader <miles> 06/11/20 02:43:10
Index: mm-uu.el
===================================================================
RCS file: /cvsroot/emacs/emacs/lisp/gnus/mm-uu.el,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -b -r1.27 -r1.28
--- mm-uu.el 15 Oct 2006 02:49:45 -0000 1.27
+++ mm-uu.el 20 Nov 2006 02:43:10 -0000 1.28
@@ -373,8 +373,16 @@
mm-security-handle 'gnus-details
(format "Clear verification not supported by `%s'.\n" mml2015-use))))
(goto-char (point-min))
- (if (re-search-forward "\n[\t ]*\n" nil t)
- (delete-region (point-min) (point)))
+ (forward-line)
+ ;; We need to be careful not to strip beyond the armor headers.
+ ;; Previously, an attacker could replace the text inside our
+ ;; markup with trailing garbage by injecting whitespace into the
+ ;; message.
+ (while (looking-at "Hash:") ; The only header allowed in cleartext
+ (forward-line)) ; signatures according to RFC2440.
+ (when (looking-at "[\t ]*$")
+ (forward-line))
+ (delete-region (point-min) (point))
(if (re-search-forward mm-uu-pgp-beginning-signature nil t)
(delete-region (match-beginning 0) (point-max)))
(goto-char (point-min))
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Emacs-diffs] Changes to emacs/lisp/gnus/mm-uu.el,v,
Miles Bader <=