Open Bug 273037 Opened 19 years ago Updated 1 year ago
RFC 822 'specials' not being properly quoted as per spec
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040913 Mozilla allows a "display name" in memorized addresses. For one such address I added "Jakarta: Tomcat Users". This results in sending this in the header: To: Jakarta: Tomcat Users <email@example.com> This ended up with a javamail user telling me it crashes his software, I asked him to check with javamail authors, who said the colon ":" is not valid in this field, and that they would not fix this as it was a mozilla header compliance issue. The "To" field requires screening out of non-RFC-allowed characters to avoid crashing javamail. Reproducible: Always Steps to Reproduce: 1. Create an address with a display name containing a colon. 2. Send to a javamail user. Actual Results: 1. Crash of javamail. 2. Complaint by javamail authors. Expected Results: Any "to" field should be RFC-compliant. Perhaps this is a simple URL encoding scheme to fix, I really don't know the RFC, I'm taking the word of the javamail authors. I mark this as critical because it results in a denial of service for javamail users. The crash/hang is for javamail, not for Mozilla. Although I marked this as Linux (because I'm using Fedora Core 2), it is likely the same thing in all platforms.
*** Bug 273036 has been marked as a duplicate of this bug. ***
I assume he's speaking about RFC 822, which states merely that : is a special, and "must" be quoted if not being used as a delimiter. We may be not adhering to this spec. Regardless of it's RFC status, this is still a crasher bug for this javamail app. I receive mails daily where the colon is not quoted, and Mozilla doesn't crash. Nor did Eudora, Outlook or Outlook Express, Pine, nor any other mail client I've used. It should be able to gracefully handle errors, and somethign as simple as a colon in the TO: field line should not crash it. In fact, no character there should crash the app. In fact, the app should never crash due to malformed mails. That's just bad form. Blaming the user is even worse. "You crashed this app. Don't do that again, dummy." is not the way to fix a bug. I'm changing the subject of this bug from: "Non-RFC-compliant "To" field crashes javamail from display name characters" to "RFC 822 'specials' not being properly quoted as per spec" Good luck to the javamail guys in fixing their crasher.
Summary: Non-RFC-compliant "To" field crashes javamail from display name characters → RFC 822 'specials' not being properly quoted as per spec
We're not quoting as per spec when : is used as part of a word (this is an example: where it shoudl eb quoted like "example:"). Still shouldn't crash anything though...
Status: UNCONFIRMED → NEW
Component: Address Book → MailNews: Main Mail Window
Ever confirmed: true
Assignee: sspitzer → bienvenu
Component: MailNews: Main Mail Window → Address Book
According to nsMsgHeaderParser.cpp we're not quoting :s so as not to break some systems which aren't expecting them to be quoted...
Yeah, I can't exactly say I've heard of too many clients that do this. I actually don't know if any do it, and can't say I've ever noticed it before. I think clients these days are generally smart enough to know what's a header and what isn't (usually). So, Wontfix?
I agree it is dumb to not have the client gracefully handle this. Yet if it is part of a standard, it makes sense. Otherwise standards become pointless; not all reasons for a given standard are always obvious up front, even when we know most of the reasons.
Assignee: bienvenu → nobody
Severity: critical → minor
Component: Address Book → MailNews: MIME
OS: Linux → All
Product: Mozilla Application Suite → Core
QA Contact: mime
Hardware: PC → All
Version: unspecified → Trunk
You need to log in before you can comment on or make changes to this bug.