Changeset 3621 in MondoRescue for branches/3.3/mindi-busybox/mailutils/sendmail.c

Timestamp:

Dec 20, 2016, 4:07:32 PM (7 years ago)

Author:

Bruno Cornec

Message:

New 3?3 banch for incorporation of latest busybox 1.25. Changing minor version to handle potential incompatibilities.

Location:

branches/3.3

Files:

• . (copied) (copied from branches/3.2 )
• mindi-busybox/mailutils/sendmail.c (modified) (13 diffs)

branches/3.3/mindi-busybox/mailutils/sendmail.c

@@ -16 +16 @@
 //usage:     "\nStandard options:"
 //usage:     "\n    -t      Read additional recipients from message body"
-//usage:     "\n    -f SENDER   Sender (required)"
+//usage:     "\n    -f SENDER   For use in MAIL FROM:<sender>. Can be empty string"
+//usage:     "\n            Default: -auUSER, or username of current UID"
 //usage:     "\n    -o OPTIONS  Various options. -oi implied, others are ignored"
 //usage:     "\n    -i      -oi synonym. implied and ignored"
@@ -41 +42 @@
 //usage:    )
 
+/* Currently we don't sanitize or escape user-supplied SENDER and RECIPIENT_EMAILs.
+ * We may need to do so. For one, '.' in usernames seems to require escaping!
+ *
+ * From http://cr.yp.to/smtp/address.html:
+ *
+ * SMTP offers three ways to encode a character inside an address:
+ *
+ * "safe": the character, if it is not <>()[].,;:@, backslash,
+ *  double-quote, space, or an ASCII control character;
+ * "quoted": the character, if it is not \012, \015, backslash,
+ *   or double-quote; or
+ * "slashed": backslash followed by the character.
+ *
+ * An encoded box part is either (1) a sequence of one or more slashed
+ * or safe characters or (2) a double quote, a sequence of zero or more
+ * slashed or quoted characters, and a double quote. It represents
+ * the concatenation of the characters encoded inside it.
+ *
+ * For example, the encoded box parts
+ *  angels
+ *  \a\n\g\e\l\s
+ *  "\a\n\g\e\l\s"
+ *  "angels"
+ *  "ang\els"
+ * all represent the 6-byte string "angels", and the encoded box parts
+ *  a\,comma
+ *  \a\,\c\o\m\m\a
+ *  "a,comma"
+ * all represent the 7-byte string "a,comma".
+ *
+ * An encoded address contains
+ *  the byte <;
+ *  optionally, a route followed by a colon;
+ *  an encoded box part, the byte @, and a domain; and
+ *  the byte >.
+ *
+ * It represents an Internet mail address, given by concatenating
+ * the string represented by the encoded box part, the byte @,
+ * and the domain. For example, the encoded addresses
+ *     <God@heaven.af.mil>
+ *     <\God@heaven.af.mil>
+ *     <"God"@heaven.af.mil>
+ *     <@gateway.af.mil,@uucp.local:"\G\o\d"@heaven.af.mil>
+ * all represent the Internet mail address "God@heaven.af.mil".
+ */
+
 #include "libbb.h"
 #include "mail.h"
@@ -93 +140 @@
 static char *sane_address(char *str)
 {
-    char *s = str;
-    char *p = s;
+    char *s;
+
+    trim(str);
+    s = str;
     while (*s) {
-        if (isalnum(*s) || '_' == *s || '-' == *s || '.' == *s || '@' == *s) {
-            *p++ = *s;
+        if (!isalnum(*s) && !strchr("_-.@", *s)) {
+            bb_error_msg("bad address '%s'", str);
+            /* returning "": */
+            str[0] = '\0';
+            return str;
         }
         s++;
     }
-    *p = '\0';
     return str;
 }
 
+// check for an address inside angle brackets, if not found fall back to normal
+static char *angle_address(char *str)
+{
+    char *s, *e;
+
+    trim(str);
+    e = last_char_is(str, '>');
+    if (e) {
+        s = strrchr(str, '<');
+        if (s) {
+            *e = '\0';
+            str = s + 1;
+        }
+    }
+    return sane_address(str);
+}
+
 static void rcptto(const char *s)
 {
+    if (!*s)
+        return;
     // N.B. we don't die if recipient is rejected, for the other recipients may be accepted
     if (250 != smtp_checkp("RCPT TO:<%s>", s, -1))
@@ -112 +182 @@
 }
 
+// send to a list of comma separated addresses
+static void rcptto_list(const char *list)
+{
+    char *str = xstrdup(list);
+    char *s = str;
+    char prev = 0;
+    int in_quote = 0;
+
+    while (*s) {
+        char ch = *s++;
+
+        if (ch == '"' && prev != '\\') {
+            in_quote = !in_quote;
+        } else if (!in_quote && ch == ',') {
+            s[-1] = '\0';
+            rcptto(angle_address(str));
+            str = s;
+        }
+        prev = ch;
+    }
+    if (prev != ',')
+        rcptto(angle_address(str));
+    free(str);
+}
+
 int sendmail_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int sendmail_main(int argc UNUSED_PARAM, char **argv)
 {
     char *opt_connect = opt_connect;
-    char *opt_from;
+    char *opt_from = NULL;
     char *s;
     llist_t *list = NULL;
@@ -122 +217 @@
     unsigned nheaders = 0;
     int code;
+    enum {
+        HDR_OTHER = 0,
+        HDR_TOCC,
+        HDR_BCC,
+    } last_hdr = 0;
+    int check_hdr;
+    int has_to = 0;
 
     enum {
@@ -145 +247 @@
 
     // parse options
-    // -v is a counter, -f is required. -H and -S are mutually exclusive, -a is a list
-    opt_complementary = "vv:f:w+:H--S:S--H:a::";
+    // -v is a counter, -H and -S are mutually exclusive, -a is a list
+    opt_complementary = "vv:w+:H--S:S--H:a::";
     // N.B. since -H and -S are mutually exclusive they do not interfere in opt_connect
     // -a is for ssmtp (http://downloads.openwrt.org/people/nico/man/man8/ssmtp.8.html) compatibility,
@@ -169 +271 @@
     }
     // N.B. list == NULL here
-    //bb_info_msg("OPT[%x] AU[%s], AP[%s], AM[%s], ARGV[%s]", opts, au, ap, am, *argv);
+    //bb_error_msg("OPT[%x] AU[%s], AP[%s], AM[%s], ARGV[%s]", opts, au, ap, am, *argv);
 
     // connect to server
@@ -225 +327 @@
     if (250 != smtp_checkp("EHLO %s", host, -1))
         smtp_checkp("HELO %s", host, 250);
-    free(host);
 
     // perform authentication
@@ -250 +351 @@
     //  file descriptor (e.g. 4), or again from a secured file.
 
-    // got no sender address? -> use system username as a resort
-    // N.B. we marked -f as required option!
-    //if (!G.user) {
-    //  // N.B. IMHO getenv("USER") can be way easily spoofed!
-    //  G.user = xuid2uname(getuid());
-    //  opt_from = xasprintf("%s@%s", G.user, domain);
-    //}
+    // got no sender address? use auth name, then UID username as a last resort
+    if (!opt_from) {
+        opt_from = xasprintf("%s@%s",
+                             G.user ? G.user : xuid2uname(getuid()),
+                             xgethostbyname(host)->h_name);
+    }
+    free(host);
+
     smtp_checkp("MAIL FROM:<%s>", opt_from, 250);
 
@@ -274 +376 @@
             // whether it is single or not character on the line
             if ('.' == s[0] /*&& '\0' == s[1] */)
-                printf(".");
+                bb_putchar('.');
             // dump read line
             send_r_n(s);
@@ -283 +385 @@
         // analyze headers
         // To: or Cc: headers add recipients
+        check_hdr = (0 == strncasecmp("To:", s, 3));
+        has_to |= check_hdr;
         if (opts & OPT_t) {
-            if (0 == strncasecmp("To:", s, 3) || 0 == strncasecmp("Bcc:" + 1, s, 3)) {
-                rcptto(sane_address(s+3));
+            if (check_hdr || 0 == strncasecmp("Bcc:" + 1, s, 3)) {
+                rcptto_list(s+3);
+                last_hdr = HDR_TOCC;
                 goto addheader;
             }
             // Bcc: header adds blind copy (hidden) recipient
             if (0 == strncasecmp("Bcc:", s, 4)) {
-                rcptto(sane_address(s+4));
+                rcptto_list(s+4);
                 free(s);
+                last_hdr = HDR_BCC;
                 continue; // N.B. Bcc: vanishes from headers!
             }
         }
-        if (strchr(s, ':') || (list && isspace(s[0]))) {
+        check_hdr = (list && isspace(s[0]));
+        if (strchr(s, ':') || check_hdr) {
             // other headers go verbatim
             // N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines.
             // Continuation is denoted by prefixing additional lines with whitespace(s).
             // Thanks (stefan.seyfried at googlemail.com) for pointing this out.
+            if (check_hdr && last_hdr != HDR_OTHER) {
+                rcptto_list(s+1);
+                if (last_hdr == HDR_BCC)
+                    continue;
+                    // N.B. Bcc: vanishes from headers!
+            } else {
+                last_hdr = HDR_OTHER;
+            }
  addheader:
             // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks
@@ -310 +425 @@
  reenter:
             // put recipients specified on cmdline
+            check_hdr = 1;
             while (*argv) {
                 char *t = sane_address(*argv);
@@ -315 +431 @@
                 //if (MAX_HEADERS && ++nheaders >= MAX_HEADERS)
                 //  goto bail;
-                llist_add_to_end(&list, xasprintf("To: %s", t));
+                if (!has_to) {
+                    const char *hdr;
+
+                    if (check_hdr && argv[1])
+                        hdr = "To: %s,";
+                    else if (check_hdr)
+                        hdr = "To: %s";
+                    else if (argv[1])
+                        hdr = "To: %s," + 3;
+                    else
+                        hdr = "To: %s" + 3;
+                    llist_add_to_end(&list,
+                            xasprintf(hdr, t));
+                    check_hdr = 0;
+                }
                 argv++;
             }