Bugs item #1030228, was opened at 2004-09-18 05:28 Message generated for change (Comment added) made by tkikuchi You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1030228&group_id=103 Category: (un)subscribing Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Mark Sapiro (msapiro) Assigned to: Tokio Kikuchi (tkikuchi) Summary: Mass Subscribe address with control character - can't delete Initial Comment: Mailman 2.1.4 We mass subscribed an automatically generated list of addresses. One of these contained an ascii Vertical-Tab character. The (somewhat munged for privacy) address in the mass subscribe list was lauxxxxxher@comcast.net<VT>rixxxxxher where <VT> represents ascii Vertical Tab (hex 0B). The address was subscribed OK and then noticed to be bad. We followed the link from the member list to that member's option page an attempted to unsubscribe it and "encountered a bug". This happened twice in succession and then a third time about an hour later. The error log entry from the first try is attached (with the same address munging). Another list administrator tried the same thing the next morning and that time it worked. We don't know why what we think was the same unsubscribe procedure didn't work 3 times and then worked the next day. the following is in Utils.py # TBD: what other characters should be disallowed? _badchars = re.compile(r'[][()<>|;^,/\200-\377]') A fix might be to add the range \000-\037 to the _badchars re, but this may not be correct. It is not clear whether they should be allowed. RFC 2822 allows "non white space" control characters in domain-literals, but not in local-parts of addresses. However, RFC 2821 (SMTP) says: A domain (or domain name) consists of one or more dot-separated components. These components ("labels" in DNS terminology) are restricted for SMTP purposes to consist of a sequence of letters, digits, and hyphens drawn from the ASCII character set. Thus, it seems that for Mailman purposes it would be safe to not allow any of \000-\037 in addresses. ----------------------------------------------------------------------
Comment By: Tokio Kikuchi (tkikuchi) Date: 2004-09-21 00:55
Message: Logged In: YES user_id=67709 sorry, I am now updating the patch. ---------------------------------------------------------------------- Comment By: Mark Sapiro (msapiro) Date: 2004-09-20 20:47 Message: Logged In: YES user_id=1123998 I see the patch changes Utils.py as follows: -_badchars = re.compile(r'[][()<>|;^,/\200-\377]') +_badchars = re.compile(r'[][()<>|;^,\000-\037\200-\377]') Per discussion on mailman-developers list, I think \177 should also be disallowed: +_badchars = re.compile(r'[][()<>|;^,\000-\037\177-\377]') ---------------------------------------------------------------------- Comment By: Tokio Kikuchi (tkikuchi) Date: 2004-09-20 05:20 Message: Logged In: YES user_id=67709 uploading a patch to fix this and other. ---------------------------------------------------------------------- Comment By: Terri Oda (spot) Date: 2004-09-18 05:54 Message: Logged In: YES user_id=110886 As a side note, if you have problems with illegal characters in subscribed addresses, here's the relevant FAQ entry: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.013.htp ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1030228&group_id=103