INN commit: trunk/nnrpd (post.c)
INN Commit
rra at isc.org
Tue Aug 4 12:36:39 UTC 2015
Date: Tuesday, August 4, 2015 @ 05:36:38
Author: iulius
Revision: 9924
nnrpd: improve validation of e-mail addresses
Check that if an article has a From: header field beginning
with '@' chars, it also has another '@' afterwards in the field.
It will prevent From: header fields like "@a.b" or "@@@a.b" from
being accepted.
Modified:
trunk/nnrpd/post.c
--------+
post.c | 19 +++++++++++++------
1 file changed, 13 insertions(+), 6 deletions(-)
Modified: post.c
===================================================================
--- post.c 2015-07-14 16:48:11 UTC (rev 9923)
+++ post.c 2015-08-04 12:36:38 UTC (rev 9924)
@@ -1114,22 +1114,29 @@
}
strlcpy(frombuf, HDR(HDR__FROM), sizeof(frombuf));
- for (p = frombuf;p < frombuf + sizeof(frombuf);)
+ /* Unfold the From: header field. */
+ for (p = frombuf; p < frombuf + sizeof(frombuf); )
if ((p = strchr(p, '\n')) == NULL)
break;
else
*p++ = ' ';
+ /* Try to rewrite the From: header field in a cleaner format. */
HeaderCleanFrom(frombuf);
- p = strchr(frombuf, '@');
- if (p) {
+ /* Now perform basic checks of the From: header field.
+ * Pass leading '@' chars because they are not part of an address. */
+ p = frombuf;
+ while (*p == '@') {
+ p++;
+ }
+ p = strchr(p, '@');
+ if (p != NULL) {
p = strrchr(p+1, '.');
- if (!p) {
+ if (p == NULL) {
if (modgroup)
free(modgroup);
return "From: address not in Internet syntax";
}
- }
- else {
+ } else {
if (modgroup)
free(modgroup);
return "From: address not in Internet syntax";
More information about the inn-committers
mailing list