From 43a723bc4d043a147585e55824cfcc364bf2fdf6 Mon Sep 17 00:00:00 2001 From: "Eric S. Raymond" Date: Fri, 17 Jan 2003 15:02:12 +0000 Subject: Sunil changed the sanitization logic. svn path=/trunk/; revision=3790 --- sink.c | 30 ++++++++++++++++++++---------- 1 file changed, 20 insertions(+), 10 deletions(-) (limited to 'sink.c') diff --git a/sink.c b/sink.c index 3ba9e873..369ab024 100644 --- a/sink.c +++ b/sink.c @@ -215,12 +215,11 @@ int smtp_open(struct query *ctl) } static void sanitize(char *s) -/* replace unsafe shellchars by an _ */ +/* replace ' by _ */ { - const static char *ok_chars = " 1234567890!@%-_=+:,./abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; char *cp; - for (cp = s; *(cp += strspn(cp, ok_chars)); /* NO INCREMENT */) + for (cp = s; (cp = strchr (cp, '\'')); cp++) *cp = '_'; } @@ -264,9 +263,13 @@ static int send_bouncemail(struct query *ctl, struct msgblk *msg, char boundary[BUFSIZ], *bounce_to; int sock; static char *fqdn_of_host = NULL; + const char *md1 = "MAILER-DAEMON", *md2 = "MAILER-DAEMON@"; /* don't bounce in reply to undeliverable bounces */ - if (!msg->return_path[0] || strcmp(msg->return_path, "<>") == 0) + if (!msg->return_path[0] || + strcmp(msg->return_path, "<>") == 0 || + strcasecmp(msg->return_path, md1) == 0 || + strncasecmp(msg->return_path, md2, strlen(md2)) == 0) return(FALSE); bounce_to = (run.bouncemail ? msg->return_path : run.postmaster); @@ -1056,7 +1059,6 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, names[--nameslen] = '\0'; /* chop trailing space */ } - /* sanitize names in order to contain only harmless shell chars */ sanitize(names); } @@ -1065,7 +1067,6 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, { from = xstrdup(msg->return_path); - /* sanitize from in order to contain *only* harmless shell chars */ sanitize(from); fromlen = strlen(from); @@ -1079,17 +1080,17 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, /* find length of resulting mda string */ sp = before; while ((sp = strstr(sp, "%s"))) { - length += nameslen - 2; /* subtract %s */ + length += nameslen; /* subtract %s and add '' */ sp += 2; } sp = before; while ((sp = strstr(sp, "%T"))) { - length += nameslen - 2; /* subtract %T */ + length += nameslen; /* subtract %T and add '' */ sp += 2; } sp = before; while ((sp = strstr(sp, "%F"))) { - length += fromlen - 2; /* subtract %F */ + length += fromlen; /* subtract %F and add '' */ sp += 2; } @@ -1102,13 +1103,17 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg, /* need to expand? BTW, no here overflow, because in ** the worst case (end of string) sp[1] == '\0' */ if (sp[1] == 's' || sp[1] == 'T') { + *dp++ = '\''; strcpy(dp, names); dp += nameslen; + *dp++ = '\''; sp++; /* position sp over [sT] */ dp--; /* adjust dp */ } else if (sp[1] == 'F') { + *dp++ = '\''; strcpy(dp, from); dp += fromlen; + *dp++ = '\''; sp++; /* position sp over F */ dp--; /* adjust dp */ } @@ -1463,7 +1468,7 @@ va_dcl #endif /* format and ship a warning message line by mail */ { - char buf[POPBUFSIZE]; + char buf[MSGBUFSIZE+4]; va_list ap; /* @@ -1490,6 +1495,11 @@ va_dcl strcat(buf, "\r\n"); #endif /* HAVE_SNPRINTF */ + /* guard against very long lines */ + buf[MSGBUFSIZE+1] = '\r'; + buf[MSGBUFSIZE+2] = '\n'; + buf[MSGBUFSIZE+3] = '\0'; + stuffline(ctl, buf); } -- cgit v1.2.3