[prev in list] [next in list] [prev in thread] [next in thread]
List: busybox
Subject: [PATCH 1/7] sendmail: avoid sending mail to wrong addresses
From: Aaro Koskinen <aaro.koskinen () iki ! fi>
Date: 2013-02-24 22:45:06
Message-ID: 1361745912-9406-2-git-send-email-aaro.koskinen () iki ! fi
[Download RAW message or body]
If we get an address we cannot parse properly, we currently just strip
the unknown characters and still try to send it. This is considered
harmful as the resulting address may still be valid but different from
what the user originally intended.
Instead, skip sending to an address we cannot fully understand and
print the characters what we have scanned so far. Leading and trailing
whitespace is allowed and silently stripped.
Signed-off-by: Aaro Koskinen <aaro.koskinen@iki.fi>
---
mailutils/sendmail.c | 17 ++++++++++++++++-
1 file changed, 16 insertions(+), 1 deletion(-)
diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c
index c426e9d..4f73512 100644
--- a/mailutils/sendmail.c
+++ b/mailutils/sendmail.c
@@ -94,9 +94,22 @@ static char *sane_address(char *str)
{
char *s = str;
char *p = s;
+ int leading_space = 1;
+ int trailing_space = 0;
+
while (*s) {
- if (isalnum(*s) || '_' == *s || '-' == *s || '.' == *s || '@' == *s) {
+ if (isspace(*s)) {
+ trailing_space = !leading_space;
+ } else {
*p++ = *s;
+ if ((!isalnum(*s) && !strchr("_-.@", *s)) ||
+ trailing_space) {
+ *p = '\0';
+ bb_error_msg("Bad address: %s", str);
+ *str = '\0';
+ return str;
+ }
+ leading_space = 0;
}
s++;
}
@@ -106,6 +119,8 @@ static char *sane_address(char *str)
static void rcptto(const char *s)
{
+ if (!*s)
+ return;
// N.B. we don't die if recipient is rejected, for the other recipients may be accepted
if (250 != smtp_checkp("RCPT TO:<%s>", s, -1))
bb_error_msg("Bad recipient: <%s>", s);
--
1.7.10.4
_______________________________________________
busybox mailing list
busybox@busybox.net
http://lists.busybox.net/mailman/listinfo/busybox
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic