Header lines may be wrapped for technical and standards compliance reasons. When we display message headers via the web, we currently include those technical line wraps intact. We should omit them. For example, we display:
https://www.openwall.com/lists/oss-security/2024/07/23/2
Subject: [OSSA-2024-002] OpenStack Nova: Incomplete file access fix and
regression for QCOW2 backing files and VMDK flat descriptors
(CVE-2024-40767)
but it should be:
Subject: [OSSA-2024-002] OpenStack Nova: Incomplete file access fix and regression for QCOW2 backing files and VMDK flat descriptors (CVE-2024-40767)
I thought this had something to do with:
/* skip adjacent linear-white-space between previous
* encoded-word */
r = --p;
if (done != header) {
while (r > done && islinearwhitespace(*(--r)))
;
if (r > done)
r = p;
}
buffer_append(dst, done, r - done);
and suspected this logic could be buggy or incomplete, but e.g. omitting if (r > done) r = p; made no difference.
Header lines may be wrapped for technical and standards compliance reasons. When we display message headers via the web, we currently include those technical line wraps intact. We should omit them. For example, we display:
https://www.openwall.com/lists/oss-security/2024/07/23/2
but it should be:
I thought this had something to do with:
and suspected this logic could be buggy or incomplete, but e.g. omitting
if (r > done) r = p;made no difference.