From 5ba9eb49ecd85f9b9ca1f202d81eb577548462cb Mon Sep 17 00:00:00 2001 From: Gilles Chehade Date: Thu, 31 Dec 2009 15:37:56 +0000 Subject: when separating command from parameters in smtp session, the parser tries to use ':' as a separator then fallbacks to ' ' so that it can detect the command names that contain more than one words (MAIL FROM and RCPT TO) or the one word ones (HELO, DATA, ...). this is incorrect and the parser can get confused if the parameter to any command contains a ':', for example "HELO [ipv6:...]" cause the parser to lookup for command "HELO [ipv6". fix this by using ':' as a delimiter for 'mail from' and 'rcpt to', while using ' ' as a delimiter for all other commands. fixes bug 6285/system reported by Lionel Le Folgoc --- usr.sbin/smtpd/smtp_session.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'usr.sbin') diff --git a/usr.sbin/smtpd/smtp_session.c b/usr.sbin/smtpd/smtp_session.c index ca5810b4600..be708f162a2 100644 --- a/usr.sbin/smtpd/smtp_session.c +++ b/usr.sbin/smtpd/smtp_session.c @@ -1,4 +1,4 @@ -/* $OpenBSD: smtp_session.c,v 1.127 2009/12/13 22:02:55 jacekm Exp $ */ +/* $OpenBSD: smtp_session.c,v 1.128 2009/12/31 15:37:55 gilles Exp $ */ /* * Copyright (c) 2008 Gilles Chehade @@ -530,8 +530,16 @@ session_command(struct session *s, char *cmd) char *ep, *args; unsigned int i; - if ((ep = strchr(cmd, ':')) == NULL) + /* + * unlike other commands, "mail from" and "rcpt to" contain a + * space in the command name. + */ + if (strncasecmp("mail from:", cmd, 10) == 0 || + strncasecmp("rcpt to:", cmd, 8) == 0) + ep = strchr(cmd, ':'); + else ep = strchr(cmd, ' '); + if (ep != NULL) { *ep = '\0'; args = ++ep; -- cgit v1.2.3