fletcher@cs.utexas.edu (Fletcher Mattox) (07/31/90)
We're starting to see addresses on the From: line like: /PN=whoever/O=foo/ADMD=telemail/C=us/@sprint.com Mush wants to parse this address as a filename. Whoops.
schaefer@CSE.OGI.EDU (Barton E. Schaefer) (07/31/90)
On Jul 30, 11:12pm, Fletcher Mattox wrote: } Subject: mush vs X.400 } } We're starting to see addresses on the From: line like: } } /PN=whoever/O=foo/ADMD=telemail/C=us/@sprint.com } } Mush wants to parse this address as a filename. Whoops. Easy to fix. It's in file.c. Relevant hunk of find_files(): 394 /* See if it's a file. This doesn't get written back 395 * onto "buf" since it is supposed to be extracted anyway. 396 */ 397 if (force || *file == '+' || *file == '~' || 398 *file == '|' || *file == '/') { Change line 398 to either omit the '/' comparison or to do a more sophisticated check such as: 398 *file == '|' || *file == '/' && !index(file, '=')) { In fact, I think I'll put that latter one into patch #3, unless someone can suggest a better heuristic. -- Bart Schaefer schaefer@cse.ogi.edu
jpp@specialix.co.uk (John Pettitt) (07/31/90)
fletcher@cs.utexas.edu (Fletcher Mattox) writes: >We're starting to see addresses on the From: line like: > /PN=whoever/O=foo/ADMD=telemail/C=us/@sprint.com >Mush wants to parse this address as a filename. Whoops. You think you have problems, HDB uucp won't pass mail with an address like this because it thinks / is a security problem ! Arrrrrrrggggggghhhhhhhh, Why do the CCITT have to make things so hard ... -- John Pettitt, Specialix International, Email: jpp@specialix.com Tel +44 (0) 9323 54254 Fax +44 (0) 9323 52781 Disclaimer: Me, say that ? Never, it's a forged posting !
fletcher@cs.utexas.edu (Fletcher Mattox) (07/31/90)
Barton E. Schaefer writes:
=On Jul 30, 11:12pm, Fletcher Mattox wrote:
=} Subject: mush vs X.400
=}
=} We're starting to see addresses on the From: line like:
=}
=} /PN=whoever/O=foo/ADMD=telemail/C=us/@sprint.com
=}
=} Mush wants to parse this address as a filename. Whoops.
=
=Change line 398 to either omit the '/' comparison or to do a more
=sophisticated check such as:
=
= 398 *file == '|' || *file == '/' && !index(file, '=')) {
=
=In fact, I think I'll put that latter one into patch #3, unless someone
=can suggest a better heuristic.
I guess I'd rather see @ checked than =. More in the spirit of rfc822.
Even though most MTAs will disallow mail to files, /etc/passwd@big.edu
is still a legitimate address which the = check would disallow. :-)
No biggie, though. I'll settle for =.david@twg.com (David S. Herron) (08/05/90)
In article <1990Jul31.070020.21139@specialix.co.uk> jpp@specialix.co.uk (John Pettitt) writes: >fletcher@cs.utexas.edu (Fletcher Mattox) writes: > >>We're starting to see addresses on the From: line like: > >> /PN=whoever/O=foo/ADMD=telemail/C=us/@sprint.com > >>Mush wants to parse this address as a filename. Whoops. > >You think you have problems, HDB uucp won't pass mail with >an address like this because it thinks / is a security problem ! So side-step UUCP (is he gonna say the B-word?? Yeaaaah..) BSMTP (the B-word) was invented over in BITNET-land for sidesteping "stupid" "idiotic" design assumptions made by IBM in the RSCS protocols. Namely that the obvious place to put the forward-address could only hold 2 strings, each 8 characters long. (We've had it easy in the UUCP world guys..) With BSMTP the long strings (forward & reverse addresses) are hidden inside a file. In BITNET the destination address for the file transfer is the user-ID for a mail transport agent (MAILER@some-host-name). On UUCP it would work approximately the same.. RFC-976 says to treat BSMTP mail as normal rmail stuff but headed to a user-ID of 'a!b!c!...!b-smtp'. (note the `-'). That's probably a good enough way to do it.. You avoid all sorts of problems by hiding the difficult addresses inside the file. The shell command-lines can't get to it for instance and strip away quoting. FYI, a BSMTP file looks like HELO <domain name> MAIL FROM:<user@some.domain.name> RCPT TO:<user@some.where.else> RCPT TO:<user-2@other.some.where.else> ... DATA RFC-822 message body . QUIT And, finally, I have a program in mod.sources (comp.sources.unix) archives for decoding BSMTP files and passing the contents on to the local mail system. It's meant for MMDF sites, but can also be used by sendmail sites and sites which only have /bin/mail. (all from the same binary too...) >Arrrrrrrggggggghhhhhhhh, Why do the CCITT have to make things >so hard ... Because the old protocols we're used to lack a number of Significant Features?? -- <- David Herron, an MMDF weenie, <david@twg.com> <- Formerly: David Herron -- NonResident E-Mail Hack <david@ms.uky.edu> <- <- Sign me up for one "I survived Jaka's Story" T-shirt!