Re: (Not-so) hypothetical question: What to do about NULs?

[Andy Bradford]

Thus said Ken Hornstein on Tue, 21 Feb 2023 07:17:19 -0500:

> I'm sitting down to write or modify  nmh code. Right now we have a lot
> of code  that assumes NUL-terminated  C strings are safe  to represent
> email everywhere. My question is: is that a valid assumption?

I don't think  nmh should produce anything that contains  NUL bytes, but
whether or  not it should  accept such is  a different question  (as you
mention the 16 million byte line of text in an email message that I keep
getting from a certain sender that  cannot be bothered to follow the RFC
which clearly states  that base64 MIME data should be  78 characters and
clearly not longer than 998).

When I  was poking around  in the POP code  I didn't notice  any special
handling  of  NUL  bytes.  It's  possible  that  this  would  result  in
truncation. If that's what we do now, I suspect it's alright to continue
to do so; at  least until we find legitimate emails in  the wild that do
not conform (again think 16M character lines).

nmh's  POP code  has been  silently  truncating long  lines (e.g.  those
greater  than 1023  bytes) for  years and  crashing on  lines that  were
longer than 32,767 bytes). I  only recently discovered this while trying
to figure out what to do with  a 16M character line. I went back through
old emails and sure  enough, I had a lot of  truncation. I never noticed
because most of them were in long lines of HTML that I don't ever bother
reading.

So I guess what I'm saying is, I think it's alright to continue to treat
messages as C-strings (until it isn't).

Andy