artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c46e1f2) | patch
relax ORCPT syntax validation
authorop <op@openbsd.org>
Wed, 3 Jan 2024 08:11:15 +0000 (08:11 +0000)
committerop <op@openbsd.org>
Wed, 3 Jan 2024 08:11:15 +0000 (08:11 +0000)
commitcd8603db2179ddaf0e3435f73d0712e5493a5bce
treefcd1d24e620f2a74a95b88e331f5971e434ac206tree | snapshot
parentc46e1f290c1678a5707f07f455aa6485d5b05b8ecommit | diff
relax ORCPT syntax validation

We expected the ORCPT parameter to be a valid rfc822 address.  This is
wrong on multiple levels:

 - any other IANA-registered "addr-type" can be used
 - the parameter may be encoded and we didn't decode it prior validation
 - RFC3461 explicitly states that "[..] the address associated with the
   ORCPT keyword is NOT constrained to conform to the syntax rules for
   that 'addr-type'".

Instead, just validate the xtext and preserve the ORCPT value as-is.

Issue originally reported by Tim Kuijsten, Tassilo Philipp and others.

ok millert@
usr.sbin/smtpd/envelope.c diff | blob | history
usr.sbin/smtpd/mta.c diff | blob | history
usr.sbin/smtpd/mta_session.c diff | blob | history
usr.sbin/smtpd/smtp_session.c diff | blob | history
usr.sbin/smtpd/smtpd.h diff | blob | history
usr.sbin/smtpd/util.c diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim