From: Stefan Monnier Date: Sat, 20 Oct 2018 02:31:35 +0000 (-0400) Subject: * lisp/mail/smtpmail.el: (smtpmail-send-queued-mail): Avoid 'load' X-Git-Tag: emacs-27.0.90~4271 X-Git-Url: http://git.eshelyaron.com/gitweb/?a=commitdiff_plain;h=d684f5d5bc33249038e779a4b2009fd0761f09d5;p=emacs.git * lisp/mail/smtpmail.el: (smtpmail-send-queued-mail): Avoid 'load' (smtpmail-send-it): Send metadata directly to the files without bothering to write it into a temp buffer. --- diff --git a/lisp/mail/smtpmail.el b/lisp/mail/smtpmail.el index 8bc3cc78d95..9b045b25584 100644 --- a/lisp/mail/smtpmail.el +++ b/lisp/mail/smtpmail.el @@ -150,7 +150,8 @@ and sent with `smtpmail-send-queued-mail'." :group 'smtpmail) (defcustom smtpmail-queue-dir "~/Mail/queued-mail/" - "Directory where `smtpmail.el' stores queued mail." + "Directory where `smtpmail.el' stores queued mail. +This directory should not be writable by other users." :type 'directory :group 'smtpmail) @@ -360,9 +361,7 @@ for `smtpmail-try-auth-method'.") smtpmail-queue-dir)) (file-data (convert-standard-filename file-data)) (file-elisp (concat file-data ".el")) - (buffer-data (create-file-buffer file-data)) - (buffer-elisp (create-file-buffer file-elisp)) - (buffer-scratch "*queue-mail*")) + (buffer-data (create-file-buffer file-data))) (unless (file-exists-p smtpmail-queue-dir) (make-directory smtpmail-queue-dir t)) (with-current-buffer buffer-data @@ -377,22 +376,16 @@ for `smtpmail-try-auth-method'.") nil t) (insert-buffer-substring tembuf) (write-file file-data) - (set-buffer buffer-elisp) - (erase-buffer) - (insert (concat - "(setq smtpmail-recipient-address-list '" + (write-region + (concat "(setq smtpmail-recipient-address-list '" (prin1-to-string smtpmail-recipient-address-list) - ")\n")) - (write-file file-elisp) - (set-buffer (generate-new-buffer buffer-scratch)) - (insert (concat file-data "\n")) - (append-to-file (point-min) - (point-max) - (expand-file-name smtpmail-queue-index-file - smtpmail-queue-dir))) - (kill-buffer buffer-scratch) - (kill-buffer buffer-data) - (kill-buffer buffer-elisp)))) + ")\n") + nil file-elisp nil 'silent) + (write-region (concat file-data "\n") nil + (expand-file-name smtpmail-queue-index-file + smtpmail-queue-dir) + t 'silent)) + (kill-buffer buffer-data)))) (kill-buffer tembuf) (if (bufferp errbuf) (kill-buffer errbuf))))) @@ -412,7 +405,21 @@ for `smtpmail-try-auth-method'.") (goto-char (point-min)) (while (not (eobp)) (setq file-msg (buffer-substring (point) (line-end-position))) - (load file-msg) + ;; FIXME: Avoid `load' which can execute arbitrary code and is hence + ;; a source of security holes. Better read the file and extract the + ;; data "by hand". + ;;(load file-msg) + (with-temp-buffer + (insert-file-contents (concat file-msg ".el")) + (goto-char (point-min)) + (pcase (read (current-buffer)) + (`(setq smtpmail-recipient-address-list ',v) + (skip-chars-forward " \n\t") + (unless (eobp) (message "Ignoring trailing text in %S" + (concat file-msg ".el"))) + (setq smtpmail-recipient-address-list v)) + (sexp (error "Unexpected code in %S: %S" + (concat file-msg ".el") sexp)))) ;; Insert the message literally: it is already encoded as per ;; the MIME headers, and code conversions might guess the ;; encoding wrongly.