diff options
| author | Eric Wong <e@yhbt.net> | 2020-07-04 20:25:25 +0000 |
|---|---|---|
| committer | Eric Wong <e@yhbt.net> | 2020-07-05 21:45:28 +0000 |
| commit | 243aa230479edbf58af7bc349df2fde87577f64c (patch) | |
| tree | a58a07b1ba353f6946da98509fc08673eb85a1c8 /t | |
| parent | d75cbb9b69a780b6bbc37e243ada35dfd0c47552 (diff) | |
| download | public-inbox-243aa230479edbf58af7bc349df2fde87577f64c.tar.gz | |
Spammers may send emails with nasty characters which can throw
off git-fast-import. Users with non-existent or weaker spam
filters may be susceptible to corruption in the fast-import
stream as a result.
This was actually quietly fixed in git on 2020-06-01 by
commit 9ab886546cc89f37819e1ef09cb49fd9325b3a41
("smsg: introduce ->populate method"), but no test case
was created.
Reported-by: Eric W. Biederman <ebiederm@xmission.com>
Link: https://public-inbox.org/meta/87imf4qn87.fsf@x220.int.ebiederm.org/
Link: https://public-inbox.org/meta/20200601100657.14700-6-e@yhbt.net/
Diffstat (limited to 't')
| -rw-r--r-- | t/import.t | 24 |
1 files changed, 24 insertions, 0 deletions
@@ -11,6 +11,7 @@ use PublicInbox::Spawn qw(spawn); use Fcntl qw(:DEFAULT SEEK_SET); use File::Temp qw/tempfile/; use PublicInbox::TestCommon; +use MIME::Base64 3.05; # Perl 5.10.0 / 5.9.2 my ($dir, $for_destroy) = tmpdir(); my $git = PublicInbox::Git->new($dir); @@ -103,4 +104,27 @@ eval { }; ok($@, 'Import->add fails on non-existent dir'); +my @cls = qw(PublicInbox::Eml); +SKIP: { + require_mods('PublicInbox::MIME', 1); + push @cls, 'PublicInbox::MIME'; +}; + +$main::badchars = "\n\0\r"; +my $from = '=?UTF-8?B?'. encode_base64("B\ra\nd\0\$main::badchars", ''). '?='; +for my $cls (@cls) { + my $eml = $cls->new(<<EOF); +From: $from <spammer\@example.com> +Message-ID: <$cls\@example.com> + +EOF + ok($im->add($eml), "added $cls message with nasty char in From"); +} +$im->done; +my $bref = $git->cat_file('HEAD'); +like($$bref, qr/^author Ba d \$main::badchars <spammer\@example\.com> /sm, + 'latest commit accepted by spammer'); +$git->qx(qw(fsck --no-progress --strict)); +is($?, 0, 'fsck reported no errors'); + done_testing(); |