INN commit: trunk/nnrpd (post.c)

INN Commit rra at isc.org
Tue Aug 4 12:36:39 UTC 2015


    Date: Tuesday, August 4, 2015 @ 05:36:38
  Author: iulius
Revision: 9924

nnrpd:  improve validation of e-mail addresses

Check that if an article has a From: header field beginning
with '@' chars, it also has another '@' afterwards in the field.

It will prevent From: header fields like "@a.b" or "@@@a.b" from
being accepted.

Modified:
  trunk/nnrpd/post.c

--------+
 post.c |   19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

Modified: post.c
===================================================================
--- post.c	2015-07-14 16:48:11 UTC (rev 9923)
+++ post.c	2015-08-04 12:36:38 UTC (rev 9924)
@@ -1114,22 +1114,29 @@
     }
 
     strlcpy(frombuf, HDR(HDR__FROM), sizeof(frombuf));
-    for (p = frombuf;p < frombuf + sizeof(frombuf);)
+    /* Unfold the From: header field. */
+    for (p = frombuf; p < frombuf + sizeof(frombuf); )
 	if ((p = strchr(p, '\n')) == NULL)
 	    break;
 	else
 	    *p++ = ' ';
+    /* Try to rewrite the From: header field in a cleaner format. */
     HeaderCleanFrom(frombuf);
-    p = strchr(frombuf, '@');
-    if (p) {
+    /* Now perform basic checks of the From: header field.
+     * Pass leading '@' chars because they are not part of an address. */
+    p = frombuf;
+    while (*p == '@') {
+        p++;
+    }
+    p = strchr(p, '@');
+    if (p != NULL) {
 	p = strrchr(p+1, '.');
-	if (!p) {
+	if (p == NULL) {
 	    if (modgroup)
 		free(modgroup);
 	    return "From: address not in Internet syntax";
 	}
-    }
-    else {
+    } else {
 	if (modgroup)
 	    free(modgroup);
 	return "From: address not in Internet syntax";



More information about the inn-committers mailing list