Serious software bug in LCR "Send a Messge" violates RFC 5322

Discussions about the Leader and Clerk Resources on lds.org.
Post Reply
ambldsorg
New Member
Posts: 4
Joined: Sat Nov 19, 2022 6:44 am

Serious software bug in LCR "Send a Messge" violates RFC 5322

#1

Post by ambldsorg »

There is a serious software bug in the LCR "Send a Message" that violates RFC 5322 Section 2.1.1:

https://www.rfc-editor.org/rfc/rfc5322#section-2.1.1
2.1.1. Line Length Limits

There are two limits that this specification places on the number of
characters in a line. Each line of characters MUST be no more than
998 characters, and SHOULD be no more than 78 characters, excluding
the CRLF.
The LCR system, and more specifically a component that identifies itself
as ESM_Email_Serivce.JavaMail, does not properly conform to the MUST
portion of the RFC. It does not use quoted-printable to format long text
lines, and it does not split base64 MIME attachments into multiple lines
that are not more than 998 characters in length.

All RFC compliant email generating systems (and certainly the most
common systems like Gmail, Hotmail, Protonmail, Outlook, Thunderbird,
etc.) all conform. Just look at the source of any email that has been
sent from one of these systems and you'll see. They either insert hard
newlines, or use quoted-printable, or sometimes encode the entire text
as base64. Certainly for the case of attachments, all systems identified
above (except LCR), will actually encode an attachment with base64 and
split the data into multiple lines of 72--78 characters long.

This may be the cause of some of the email deliverability problems that
have been reported numerous times on this forum. Even if it is not
directly the cause, I needs to be addressed. It's a perfect example of
"garbage in garbage out" which essentially means that with invalid
inputs it is unpredictable what the output will be. Such huge lines of
text (I've seen attachments that resulted in over eleven million
characters on a single line) will put strains on systems that comply
with the RFC and expect newlines to be found in no more than 1000
characters. Or some email systems may simply truncate lines that exceed
it, resulting in a messge that is incomplete.

Thanks.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

Re: Serious software bug in LCR "Send a Messge" violates RFC 5322

#2

Post by russellhltn »

I suggest you report this via the feedback link in LCR.
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
ambldsorg
New Member
Posts: 4
Joined: Sat Nov 19, 2022 6:44 am

Re: Serious software bug in LCR "Send a Messge" violates RFC 5322

#3

Post by ambldsorg »

Thanks for the suggestion. I reported it via the Send Feedback link in
LCR a few days ago. I haven't heard anything, and I don't know if that
is even monitored or checked by anyone technical enough to understand
the problem, but I sent it anyway.
theglow
New Member
Posts: 8
Joined: Sun Jul 10, 2016 5:57 pm

Re: Serious software bug in LCR "Send a Messge" violates RFC 5322

#4

Post by theglow »

The "send feedback" link at the bottom is generally not a very effective feedback channel (ironically), especially for this.

An RFC violation would be great to report via "Help->Contact Us" which takes you to https://servicenow.churchofjesuschrist.org/gsc?lang=eng and has an option for opening a case. The interface and the tracking for the case are not great (doing anything with a case outside of responding to email generally does not work well, and the person on the other end seems heavily incentivized to close cases), but having an email conversation and occasionally getting issues actually resolved or at least acknowledged are better than nothing.
ambldsorg
New Member
Posts: 4
Joined: Sat Nov 19, 2022 6:44 am

Re: Serious software bug in LCR "Send a Messge" violates RFC 5322

#5

Post by ambldsorg »

Thanks for the suggestion. When I try to use that website, it just sends me to a logout page:

Logout successful
You have successfully logged out.

However, I never clicked anything to perform a logout action.

I'll keep trying.
Post Reply

Return to “Leader and Clerk Resources”