leave the command for mbox delivery unset

The mbox delivery is handled apart from the other delivery methods.
Since the mda is already hardcoded in mda_mbox(), there's no need to
fill the command string in parse.y.  While here also assess that for
mbox deliveries the command is unset at delivery time too.

based on a diff by gilles

ok gilles@, millert@

diff --git a/usr.sbin/smtpd/parse.y b/usr.sbin/smtpd/parse.y
index 2d7e8be..a7c3536 100644 (file)
--- a/usr.sbin/smtpd/parse.y
+++ b/usr.sbin/smtpd/parse.y
@@ -1,4 +1,4 @@
-/*     $OpenBSD: parse.y,v 1.297 2024/02/02 20:54:27 millert Exp $     */
+/*     $OpenBSD: parse.y,v 1.298 2024/02/03 15:50:00 op Exp $  */
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -670,7 +670,6 @@ dispatcher_local_option dispatcher_local_options
 dispatcher_local:
 MBOX {
        dsp->u.local.is_mbox = 1;
-       asprintf(&dsp->u.local.command, "/usr/libexec/mail.local -f %%{mbox.from} -- %%{user.username}");
 } dispatcher_local_options
 | MAILDIR {
        asprintf(&dsp->u.local.command, "/usr/libexec/mail.maildir");

diff --git a/usr.sbin/smtpd/smtpd.c b/usr.sbin/smtpd/smtpd.c
index 789aa17..5499347 100644 (file)
--- a/usr.sbin/smtpd/smtpd.c
+++ b/usr.sbin/smtpd/smtpd.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: smtpd.c,v 1.348 2024/02/02 22:02:12 gilles Exp $      */
+/*     $OpenBSD: smtpd.c,v 1.349 2024/02/03 15:50:00 op Exp $  */
 
 /*
  * Copyright (c) 2008 Gilles Chehade <gilles@poolp.org>
@@ -1437,6 +1437,9 @@ forkmda(struct mproc *p, uint64_t id, struct deliver *deliver)
                return;
        }
 
+       if (dsp->u.local.is_mbox && dsp->u.local.command != NULL)
+               fatalx("serious memory corruption in privileged process");
+       
        if (pipe(pipefd) == -1) {
                (void)snprintf(ebuf, sizeof ebuf, "pipe: %s", strerror(errno));
                m_create(p_dispatcher, IMSG_MDA_DONE, 0, 0, -1);