git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Eric Sunshine <sunshine@sunshineco.com>
To: Jan Viktorin <viktorin@rehivetech.com>
Cc: Git List <git@vger.kernel.org>,
	"brian m. carlson" <sandals@crustytoothpaste.net>
Subject: Re: [PATCH v2] send-email: provide whitelist of SMTP AUTH mechanisms
Date: Sun, 9 Aug 2015 13:19:58 -0400	[thread overview]
Message-ID: <CAPig+cRenkDWeQWR_QFvy_mrH=n5=hz6kaB3PMd_LLbPWN3U1g@mail.gmail.com> (raw)
In-Reply-To: <CAPig+cQwFxVtO1C_RAumGP6_et21ggORB4jhpcUtBYNznNH1qA@mail.gmail.com>

On Sun, Aug 2, 2015 at 2:57 PM, Eric Sunshine <sunshine@sunshineco.com> wrote:
> On Sun, Aug 2, 2015 at 12:42 PM, Jan Viktorin <viktorin@rehivetech.com> wrote:
>> @@ -1136,6 +1141,10 @@ sub smtp_auth_maybe {
>>                 Authen::SASL->import(qw(Perl));
>>         };
>>
>> +       if($smtp_auth !~ /^(\b[A-Z0-9-_]{1,20}\s*)*$/) {
>> +               die "invalid smtp auth: '${smtp_auth}'";
>> +       }
>
> Style: space after 'if'

By the way, I notice that Authen::SASL::Perl implementation itself
normalizes the incoming mechanism to uppercase, if necessary:

    $mechanism =~ s/^\s*\b(.*)\b\s*$/$1/g;
    $mechanism =~ s/-/_/g;
    $mechanism =  uc $mechanism;

Since it doesn't require uppercase, it's not clear how much benefit
there is to adding a strict regex check to git-send-email.

  parent reply	other threads:[~2015-08-09 17:20 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-08-02 16:42 [PATCH v2] send-email: provide whitelist of SMTP AUTH mechanisms Jan Viktorin
2015-08-02 18:57 ` Eric Sunshine
2015-08-05  7:17   ` Jan Viktorin
2015-08-09 18:13     ` Eric Sunshine
2015-08-10 10:06       ` Jan Viktorin
2015-08-10 23:43         ` Eric Sunshine
2015-08-09 17:19   ` Eric Sunshine [this message]
2015-08-09 17:45     ` Eric Sunshine
2015-08-11 23:39 ` [PATCH v3] " Jan Viktorin
2015-08-12  0:01   ` Eric Sunshine

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAPig+cRenkDWeQWR_QFvy_mrH=n5=hz6kaB3PMd_LLbPWN3U1g@mail.gmail.com' \
    --to=sunshine@sunshineco.com \
    --cc=git@vger.kernel.org \
    --cc=sandals@crustytoothpaste.net \
    --cc=viktorin@rehivetech.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).