* lisp/mail/smtpmail.el: (smtpmail-send-queued-mail): Avoid 'load'

(smtpmail-send-it): Send metadata directly to the
files without bothering to write it into a temp buffer.

diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el
index 8bc3cc78d95e0cbbc462e80dd0ee3f2bfa6e92af..9b045b255845ba69d9f7e65dd41ce37145497882 100644 (file)
--- a/lisp/mail/smtpmail.el
+++ b/lisp/mail/smtpmail.el
@@ -150,7 +150,8 @@ and sent with `smtpmail-send-queued-mail'."
   :group 'smtpmail)
 
 (defcustom smtpmail-queue-dir "~/Mail/queued-mail/"
-  "Directory where `smtpmail.el' stores queued mail."
+  "Directory where `smtpmail.el' stores queued mail.
+This directory should not be writable by other users."
   :type 'directory
   :group 'smtpmail)
 
@@ -360,9 +361,7 @@ for `smtpmail-try-auth-method'.")
                     smtpmail-queue-dir))
                   (file-data (convert-standard-filename file-data))
                   (file-elisp (concat file-data ".el"))
-                  (buffer-data (create-file-buffer file-data))
-                  (buffer-elisp (create-file-buffer file-elisp))
-                  (buffer-scratch "*queue-mail*"))
+                  (buffer-data (create-file-buffer file-data)))
              (unless (file-exists-p smtpmail-queue-dir)
                (make-directory smtpmail-queue-dir t))
              (with-current-buffer buffer-data
@@ -377,22 +376,16 @@ for `smtpmail-try-auth-method'.")
                 nil t)
                (insert-buffer-substring tembuf)
                (write-file file-data)
-               (set-buffer buffer-elisp)
-               (erase-buffer)
-               (insert (concat
-                        "(setq smtpmail-recipient-address-list '"
+                (write-region
+                 (concat "(setq smtpmail-recipient-address-list '"
                         (prin1-to-string smtpmail-recipient-address-list)
-                        ")\n"))
-               (write-file file-elisp)
-               (set-buffer (generate-new-buffer buffer-scratch))
-               (insert (concat file-data "\n"))
-               (append-to-file (point-min)
-                               (point-max)
-                                (expand-file-name smtpmail-queue-index-file
-                                                  smtpmail-queue-dir)))
-             (kill-buffer buffer-scratch)
-             (kill-buffer buffer-data)
-             (kill-buffer buffer-elisp))))
+                        ")\n")
+                 nil file-elisp nil 'silent)
+               (write-region (concat file-data "\n") nil
+                              (expand-file-name smtpmail-queue-index-file
+                                                smtpmail-queue-dir)
+                              t 'silent))
+             (kill-buffer buffer-data))))
       (kill-buffer tembuf)
       (if (bufferp errbuf)
          (kill-buffer errbuf)))))
@@ -412,7 +405,21 @@ for `smtpmail-try-auth-method'.")
       (goto-char (point-min))
       (while (not (eobp))
        (setq file-msg (buffer-substring (point) (line-end-position)))
-       (load file-msg)
+        ;; FIXME: Avoid `load' which can execute arbitrary code and is hence
+        ;; a source of security holes.  Better read the file and extract the
+        ;; data "by hand".
+       ;;(load file-msg)
+        (with-temp-buffer
+          (insert-file-contents (concat file-msg ".el"))
+          (goto-char (point-min))
+          (pcase (read (current-buffer))
+            (`(setq smtpmail-recipient-address-list ',v)
+             (skip-chars-forward " \n\t")
+             (unless (eobp) (message "Ignoring trailing text in %S"
+                                     (concat file-msg ".el")))
+             (setq smtpmail-recipient-address-list v))
+            (sexp (error "Unexpected code in %S: %S"
+                         (concat file-msg ".el") sexp))))
        ;; Insert the message literally: it is already encoded as per
        ;; the MIME headers, and code conversions might guess the
        ;; encoding wrongly.