From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on dcvr.yhbt.net X-Spam-Level: X-Spam-ASN: X-Spam-Status: No, score=-4.2 required=3.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, T_SCC_BODY_TEXT_LINE shortcircuit=no autolearn=ham autolearn_force=no version=3.4.6 Received: from localhost (dcvr.yhbt.net [127.0.0.1]) by dcvr.yhbt.net (Postfix) with ESMTP id 0CAC71F406; Mon, 27 Nov 2023 22:21:00 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=80x24.org; s=selector1; t=1701123660; bh=hsSWLr6DZtEH/9grjSmeAiwfVa2I/DWAyc6ByqCF1E4=; h=Date:From:To:Cc:Subject:From; b=Wj2/Flj6RyDQl7HN1QRi+IxKaUB8I3q861p+JJItFZk9xHb3YOwEGkDT2SCVliTVY eC0/MfRysuUO+vp9U02GBNyEYoLHI4DSgpVvFC5gy0B/4QvIO7ne/Hlahmh8k1732c q+3Kg0TKvGkYBhtQsKlOsbtlnxYsQvGCz+g1WSE0= Date: Mon, 27 Nov 2023 22:20:59 +0000 From: Eric Wong To: meta@public-inbox.org Cc: "Eric W. Biederman" Subject: [PATCH] disallow NUL characters in Message-ID and List-Id Message-ID: <20231127222059.M964164@dcvr> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline List-Id: While MTAs seem to stop '\0' from appearing in headers, users fetching archives via git remain susceptible to having '\0' land in archives. So we'll filter them out of Xapian and SQLite DBs to avoid interopability problems with CLI tools since there's no known messages in lore or any of my archives which feature them. Avoiding '\0' will ensure all indexed Message-IDs and List-Ids can be specified from the command-line (although some characters will still require $(printf) contortions). As with Message-ID, List-Id fields with /\n\t\r/ characters will also be stripped for indexing. I will assume whatever went wrong with the References: header in could also happen to the List-Id header. This is inspired by commit aca47e05a6026c12c768753c87e6ff769ef6bee4 (Import: Don't copy nulls from emails into git, 2018-07-07) --- lib/PublicInbox/MID.pm | 2 +- lib/PublicInbox/SearchIdx.pm | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/PublicInbox/MID.pm b/lib/PublicInbox/MID.pm index 97cf3a54..36c05855 100644 --- a/lib/PublicInbox/MID.pm +++ b/lib/PublicInbox/MID.pm @@ -115,7 +115,7 @@ sub uniq_mids ($;$) { my @ret; $seen ||= {}; foreach my $mid (@$mids) { - $mid =~ tr/\n\t\r//d; + $mid =~ tr/\n\t\r\0//d; if (length($mid) > MAX_MID_SIZE) { warn "Message-ID: <$mid> too long, truncating\n"; $mid = substr($mid, 0, MAX_MID_SIZE); diff --git a/lib/PublicInbox/SearchIdx.pm b/lib/PublicInbox/SearchIdx.pm index 32598b7c..f569428c 100644 --- a/lib/PublicInbox/SearchIdx.pm +++ b/lib/PublicInbox/SearchIdx.pm @@ -414,6 +414,7 @@ sub index_list_id ($$$) { for my $l ($hdr->header_raw('List-Id')) { $l =~ /<([^>]+)>/ or next; my $lid = lc $1; + $lid =~ tr/\n\t\r\0//d; # same rules as Message-ID $doc->add_boolean_term('G' . $lid); index_phrase($self, $lid, 1, 'XL'); # probabilistic }