emo/busybox
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sendmail: fix for long headers (by Vladimir)

Browse Source 
Signed-off-by: Vladimir Dronnikov <dronnikov@gmail.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Vladimir Dronnikov 2009-10-17 03:35:10 +02:00 committed by Denys Vlasenko
parent 2ace0ad2d7
commit 8dbe9bba8e
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
mailutils/sendmail.c
View File

@ -229,10 +229,15 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv)
rcptto(sane_address(s+5)); rcptto(sane_address(s+5));
free(s); free(s);
// N.B. Bcc: vanishes from headers! // N.B. Bcc: vanishes from headers!
// other headers go verbatim // other headers go verbatim
// N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
} else if (strchr(s, ':')) { // N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
// Continuation is denoted by prefixing additional lines with whitespace(s).
// Thanks (stefan.seyfried at googlemail.com) for pointing this out.
} else if (strchr(s, ':') || (list && skip_whitespace(s) != s)) {
addheader: addheader:
// N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
if (MAX_HEADERS && ++nheaders >= MAX_HEADERS) if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
goto bail; goto bail;
llist_add_to_end(&list, s); llist_add_to_end(&list, s);