develooper Front page | perl.perl5.porters | Postings from September 2012

[perl #38387] Net::Cmd does not handle CR and LF correctly

Thread Previous
From:
James E Keenan via RT
Date:
September 14, 2012 18:26
Subject:
[perl #38387] Net::Cmd does not handle CR and LF correctly
Message ID:
rt-3.6.HEAD-11172-1347672359-1270.38387-15-0@perl.org
On Mon May 21 18:59:26 2012, jkeenan wrote:
> On Fri Dec 09 12:52:11 2011, sprout wrote:
> > On Sun Dec 04 06:28:28 2011, jkeenan wrote:
> > > On Tue Jan 31 14:28:54 2006, alexander_bluhm@genua.de wrote:
> > > > 
> > > > The escaping of CR and LF in Net::Cmd->dataend is somewhat broken.
> > > > A sequence "a\r" is escaped as "a\015\015\012.\015\012".
> > > > There is even a test for this behavior.  But it does not conform
> > > > to RFC 2821 Section 2.3.7:
> > > > 
> > > >    In addition, the appearance of "bare" "CR" or "LF" characters in
> > > > text
> > > >    (i.e., either without the other) has a long history of causing
> > > >    problems in mail implementations and applications that use
the mail
> > > >    system as a tool.  SMTP client implementations MUST NOT transmit
> > > >    these characters except when they are intended as line
terminators
> > > >    and then MUST, as indicated above, transmit them only as a <CRLF>
> > > >    sequence.
> > > > 
> > > > So sending the sequence "\015\015" is illegal because the first
> > > > "\015" is not followed by a "\012".
> > > > 
> > > > I have made a patch for that bug.  I have also added a lot of other
> > > > test cases to the t/datasend.t test.  I wrote these tests, after
> > > > we had encountered real world SMTP problems with different versions
> > > > of Net::Cmd.
> > > > 
> > > 
> > > My layperson's impression is that the original poster's criticism of
> > > Net::Cmd::datasend() with respect to RFC 2821 Sec 2.3.7 is correct. 
> > > (http://www.ietf.org/rfc/rfc2821.txt).  I modified the patch to
apply to
> > > blead; see attached.  I haven't examined the tests in detail, but they
> > PASS.
> > > 
> > > Of course, Perl code in the wild may have adapted to the
suboptimal code
> > > in datasend(), so we have to evaluate this carefully.  Please review.
> > 
> > This distribution is listed in Maintainers.pl with upstream as ‘undef’,
> > meaning that its status has yet to be discussed.
> > 
> 
> When and where does such a discussion take place?

1. That question still stands, four months later.

2. Should the patch be applied?

Thank you very much.
Jim Keenan

---
via perlbug:  queue: perl5 status: open
https://rt.perl.org:443/rt3/Ticket/Display.html?id=38387

Thread Previous


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About