Bug#565981: debbugs: Debbugs::MIME::parse doesn't handle PGP Signed messages with \r correctly
On Wed, Jan 20, 2010 at 11:11:32AM -0800, Don Armstrong wrote:
> On Wed, 20 Jan 2010, Mike Hommey wrote:
> > On Wed, Jan 20, 2010 at 10:19:17AM -0800, Don Armstrong wrote:
> > > On Wed, 20 Jan 2010, Mike Hommey wrote:
> > > > #532828 is an example of a bug with a PGP signed report message with
> > > > \r. Debbugs::MIME::parse doesn't handle this case correctly, leading
> > > > to the returned message being empty after it strips off
> > > > RFC2440-style PGP clearsigning.
> > > >
> > > > # Strip off RFC2440-style PGP clearsigning.
> > > > if (@bodylines and $bodylines[0] =~ /^-----BEGIN PGP SIGNED/) {
> > > > - shift @bodylines while @bodylines and length $bodylines[0];
> > > > + shift @bodylines while @bodylines and $bodylines[0] =~ /\S/;
> > >
> > > This is too broad. It should be:
> > > and length $bodylines[0] and $bodylines[0] ne qq(\r);
> >
> > Isn't that going to miss the "normal" case, where there aren't any \r ?
>
> Nah, because it'll bail out at the point when length $bodylines[0] is
> 0. The problem is when there is a \r, we strip off the \n, but the \r
> sticks around, so length $bodylines[0] is always >=1, and we never
> stop shift-ing. [An alternative is that the code should be striping
> off both the \r and the \n, but I have to look at that code and the
> RFCs again to be certain.]
Ah, I missed the and length... part.
Sorry for the noise.
Cheers,
Mike
Reply to: