diff options
| author | Gilles Chehade <gilles@cvs.openbsd.org> | 2009-02-23 22:59:41 +0000 |
|---|---|---|
| committer | Gilles Chehade <gilles@cvs.openbsd.org> | 2009-02-23 22:59:41 +0000 |
| commit | eed3eb2754e6467918e5709245264710f4f5b2c8 (patch) | |
| tree | 1dd178629bd8dae3ebb1f2616e6b86514b9f997b /usr.sbin | |
| parent | 20422dc2142ac83b59a6ab8d33619f2ede057333 (diff) | |
add valid_message_id() and valid_message_uid() which test that a message id
and uid do not look wrong. this was not needed earlier because we only deal
with message id's coming from trusted sources, but smtpctl will soon have a
new feature which requires us to deal with user provided message id's.
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/smtpd/smtpd.h | 4 | ||||
| -rw-r--r-- | usr.sbin/smtpd/util.c | 49 |
2 files changed, 51 insertions, 2 deletions
diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index 805beb48dd2..22b007aa6b5 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.75 2009/02/22 11:59:12 jacekm Exp $ */ +/* $OpenBSD: smtpd.h,v 1.76 2009/02/23 22:59:40 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -901,3 +901,5 @@ int recipient_to_path(struct path *, char *); int valid_localpart(char *); int valid_domainpart(char *); char *ss_to_text(struct sockaddr_storage *); +int valid_message_id(char *); +int valid_message_uid(char *); diff --git a/usr.sbin/smtpd/util.c b/usr.sbin/smtpd/util.c index 03e4b38c685..803b1bf821e 100644 --- a/usr.sbin/smtpd/util.c +++ b/usr.sbin/smtpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.13 2009/02/22 11:59:12 jacekm Exp $ */ +/* $OpenBSD: util.c,v 1.14 2009/02/23 22:59:40 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@openbsd.org> @@ -211,3 +211,50 @@ ss_to_text(struct sockaddr_storage *ss) return (buf); } + +int +valid_message_id(char *mid) +{ + u_int8_t cnt; + + /* [0-9]{10}\.[a-zA-Z0-9]{16} */ + for (cnt = 0; cnt < 10; ++cnt, ++mid) + if (! isdigit((int)*mid)) + return 0; + + if (*mid++ != '.') + return 0; + + for (cnt = 0; cnt < 16; ++cnt, ++mid) + if (! isalnum((int)*mid)) + return 0; + + return (*mid == '\0'); +} + +int +valid_message_uid(char *muid) +{ + u_int8_t cnt; + + /* [0-9]{10}\.[a-zA-Z0-9]{16}\.[0-9]{0,} */ + for (cnt = 0; cnt < 10; ++cnt, ++muid) + if (! isdigit((int)*muid)) + return 0; + + if (*muid++ != '.') + return 0; + + for (cnt = 0; cnt < 16; ++cnt, ++muid) + if (! isalnum((int)*muid)) + return 0; + + if (*muid++ != '.') + return 0; + + for (cnt = 0; *muid != '\0'; ++cnt, ++muid) + if (! isdigit(*muid)) + return 0; + + return (cnt != 0); +} |