Closed Bug 216191 Opened 22 years ago Closed 20 years ago

Multiline descriptions give Bugzilla email indigestion

Categories

(Bugzilla :: Email Notifications, defect)

Product:
Bugzilla
Component:
Email Notifications
Version:
2.16.3
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 101380

People

(Reporter: preed, Assigned: preed)

Details

From developers@: however, in mozilla (and galeon), you can copy some multiline text and paste that into the field. you can't do this in ie. this causes problems, because most of the fields that get put into headers assume only a single line. so you get email like this: From: Patrick Tullmann <his@email.address> To: another@email.address Subject: [Bug 30210: ESX Server: vmkernel] Failed to get Return-Path: <one.more@email.address> X-OriginalArrivalTime: 13 Aug 2003 21:20:26.0456 (UTC) FILETIME=[B6D61D80:01C361E0] Failed to get number of running VMs: -1 X-Bugzilla-Reason: Change the actual summary was: Failed to get Failed to get number of running VMs: -1 This is to be expected when non-standard headers accidentally get put into emails... most MTAs will dump the stuff they don't understand to below the last header they do understand, so they themselves can add headers. Marking security for now, since it would be possible for people to add email headers this way, which is probably not necessarily a good thing (tm).
Couple of things I forgot: Jonathan Schatz (jon@vmware.com) found this, and it affects 2.16.3 all the way through the CVS tip.
couple more things: >This is to be expected when non-standard headers accidentally get put into >emails... most MTAs will dump the stuff they don't understand to below the last >header they do understand, so they themselves can add headers. it's not that. the real problem is that when you send email and you add in headers like this: X-Foo: bar Subject: Subject the headers are parsed until they find a line that doesn't start with "Something:". Technically, i think they're supposed to look for 2 newlines to seperate the headers from the body, but i think most mta's skip this part of the rfc. Also, so far in my testing, this is only a problem with mozilla based browsers in X11 environments. Konqueror and lynx seem to do the right thing. i don't have access to any other browers to check this out in.
Whiteboard: [wanted for 2.16.4] [wanted for 2.17.5]
Target Milestone: --- → Bugzilla 2.16
After a short discussion in IRC, we decided this isn't a security bug. Although this does allow you to insert arbitrary headers into the outgoing email, it's nothing you couldn't do by forging the entire email anyway, since email is such a fragile system :) Which basically makes this just an annoyance.
Group: webtools-security
Whiteboard: [wanted for 2.16.4] [wanted for 2.17.5]
Target Milestone: Bugzilla 2.16 → Bugzilla 2.18
Unloved bugs targetted for 2.18 but untouched since 9-15-2003 are being retargeted to 2.20 If you plan to act on one immediately, go ahead and pull it back to 2.18.
Target Milestone: Bugzilla 2.18 → Bugzilla 2.20
*** This bug has been marked as a duplicate of 101380 ***
Status: NEW → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
clearing target of DUPLICATE/WONTFIX/INVALID/WORKSFORME so they'll show up as untriaged if they get reopened.
Target Milestone: Bugzilla 2.20 → ---
QA Contact: matty_is_a_geek → default-qa
You need to log in before you can comment on or make changes to this bug.