diff options
| -rw-r--r-- | usr.sbin/smtpd/lka_session.c | 4 | ||||
| -rw-r--r-- | usr.sbin/smtpd/smtpd.h | 11 | ||||
| -rw-r--r-- | usr.sbin/smtpd/util.c | 8 |
3 files changed, 14 insertions, 9 deletions
diff --git a/usr.sbin/smtpd/lka_session.c b/usr.sbin/smtpd/lka_session.c index cdf65824c76..53472fb930c 100644 --- a/usr.sbin/smtpd/lka_session.c +++ b/usr.sbin/smtpd/lka_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lka_session.c,v 1.62 2013/12/26 17:25:32 eric Exp $ */ +/* $OpenBSD: lka_session.c,v 1.63 2014/02/04 10:38:06 eric Exp $ */ /* * Copyright (c) 2011 Gilles Chehade <gilles@poolp.org> @@ -85,7 +85,7 @@ struct modifiers { { "strip", mod_strip }, { "raw", NULL }, /* special case, must stay last */ }; -static const char *unsafe = "*?"; +static const char *unsafe = MAILADDR_ESCAPE; static int init; diff --git a/usr.sbin/smtpd/smtpd.h b/usr.sbin/smtpd/smtpd.h index da1026c1d95..1bd804c0575 100644 --- a/usr.sbin/smtpd/smtpd.h +++ b/usr.sbin/smtpd/smtpd.h @@ -1,4 +1,4 @@ -/* $OpenBSD: smtpd.h,v 1.443 2014/02/04 09:50:31 eric Exp $ */ +/* $OpenBSD: smtpd.h,v 1.444 2014/02/04 10:38:06 eric Exp $ */ /* * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org> @@ -59,6 +59,15 @@ #define PATH_FILTERS "/usr/libexec/smtpd" #define PATH_TABLES "/usr/libexec/smtpd" + +/* + * RFC 5322 defines these characters as valid, some of them are + * potentially dangerous and need to be escaped. + */ +#define MAILADDR_ALLOWED "!#$%&'*/?^`{|}~+-=_" +#define MAILADDR_ESCAPE "!#$%&'*/?^`{|}~" + + #define F_STARTTLS 0x01 #define F_SMTPS 0x02 #define F_TLS_OPTIONAL 0x04 diff --git a/usr.sbin/smtpd/util.c b/usr.sbin/smtpd/util.c index 47f23994731..5db00535f30 100644 --- a/usr.sbin/smtpd/util.c +++ b/usr.sbin/smtpd/util.c @@ -1,4 +1,4 @@ -/* $OpenBSD: util.c,v 1.107 2014/02/04 09:50:31 eric Exp $ */ +/* $OpenBSD: util.c,v 1.108 2014/02/04 10:38:06 eric Exp $ */ /* * Copyright (c) 2000,2001 Markus Friedl. All rights reserved. @@ -444,11 +444,7 @@ hostname_match(const char *hostname, const char *pattern) int valid_localpart(const char *s) { -/* - * RFC 5322 defines theses characters as valid: !#$%&'*+-/=?^_`{|}~ - * some of them are potentially dangerous, and not so used after all. - */ -#define IS_ATEXT(c) (isalnum((unsigned char)(c)) || strchr("*!%+-/=_", (c))) +#define IS_ATEXT(c) (isalnum((unsigned char)(c)) || strchr(MAILADDR_ALLOWED, (c))) nextatom: if (! IS_ATEXT(*s) || *s == '\0') return 0; |