Don't respect RFC 5322, that allows some crazy characters in email

localpart, like !#$&'*/=?^`{|}~ ... and all the other ones that
can be double quoted, just refuse them.

ok gilles@ eric@

1 files changed, 6 insertions, 2 deletions

diff --git a/usr.sbin/smtpd/util.c b/usr.sbin/smtpd/util.c
index e6bc282e943..d1f4a7138b9 100644
--- a/usr.sbin/smtpd/util.c
+++ b/usr.sbin/smtpd/util.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: util.c,v 1.63 2012/07/10 16:11:43 chl Exp $	*/
+/*	$OpenBSD: util.c,v 1.64 2012/07/11 17:20:00 chl Exp $	*/
 
 /*
  * Copyright (c) 2000,2001 Markus Friedl.  All rights reserved.
@@ -259,7 +259,11 @@ hostname_match(char *hostname, char *pattern)
 int
 valid_localpart(const char *s)
 {
-#define IS_ATEXT(c)     (isalnum((int)(c)) || strchr("!#$%&'*+-/=?^_`{|}~", (c)))
+/*
+ * RFC 5322 defines theses characters as valid: !#$%&'*+-/=?^_`{|}~
+ * some of them are potentially dangerous, and not so used after all.
+ */
+#define IS_ATEXT(c)     (isalnum((int)(c)) || strchr("%+-_", (c)))
 nextatom:
         if (! IS_ATEXT(*s) || *s == '\0')
                 return 0;