[comp.mail.sendmail] spurious control chars in addresses

e07@nikhefh.nikhef.nl (Eric Wassenaar) (05/06/91)

If spurious control characters are embedded in recipient or sender
addresses, they may cause havoc since they may be interpreted
incorrectly during expand() or prescan() or rewrite() if they belong
to the set of special characters used internally by sendmail.

IDA tries to prevent this by calling invalidaddr() in the beginning
of parseaddr() before calling prescan(). This is not sufficient
since such invalid control characters may be present in header lines
which would be rewritten incorrectly, if not worse, during the
sequence putheader()/commaize()/remotename().

Below are a few safety measures which are redundant in normal
circumstances, but which prevent possible disaster otherwise.
However, a more structural approach would be needed.


parseaddr.c, module rewrite()
===========

a. When trying to substitute LHS tokens into RHS expansions, change

			if (*rp == MATCHREPL)
			{
				/* substitute from LHS */
				m = &mlist[rp[1] - '1'];
   into
			if (*rp == MATCHREPL && rp[1] >= '1' && rp[1] <= '9')
			{
				/* substitute from LHS */
				m = &mlist[rp[1] - '1'];

b. When trying to call another ruleset, change

		if (*npvp != NULL && **npvp == CALLSUBR)
		{
			...
			rewrite(pvp, atoi(npvp[1]));
   into
		if (*npvp != NULL && **npvp == CALLSUBR &&
		    npvp[1] != NULL && isdigit(npvp[1][0]))
		{
			...
			rewrite(pvp, atoi(npvp[1]));


main.c, module initmacros()
======

c. When defining the MATCHREPL macros $1 through $9, change

	for (c = '0'; c <= '9'; c++)
   into
	for (c = '1'; c <= '9'; c++)	/* $0 has no meaning */


macro.c, module expand()
=======

d. When checking for conditionals and macro expansions, change

	for (xp = xbuf; *s != '\0'; s++)
	{
		...
		  case CONDIF:		/* see if var set */
			c = *++s;
			...

		  case '\001':		/* macro interpolation */
			c = *++s;
			...
   into

	for (xp = xbuf; *s != '\0'; s++)
	{
		...
		  case CONDIF:		/* see if var set */
			if (s[1] == '\0')
				continue;
			c = *++s;
			...

		  case '\001':		/* macro interpolation */
			if (s[1] == '\0')
				continue;
			c = *++s;
			...


Eric Wassenaar
-- 
Organization: NIKHEF-H, National Institute for Nuclear and High-Energy Physics
Address: Kruislaan 409, P.O. Box 41882, 1009 DB Amsterdam, the Netherlands
Phone: +31 20 592 0412, Home: +31 20 6909449, Telefax: +31 20 592 5155
Internet: e07@nikhef.nl