From a5bc80fb5b01fd00243844063b729cef2049cee2 Mon Sep 17 00:00:00 2001 From: op Date: Tue, 5 Dec 2023 13:38:25 +0000 Subject: [PATCH] reject headers that start with a space or tab If the first header starts with a space but still contains a colon character, it is added to the body mail effectively appending it to the Received header due to the folding rules. Issue reported by Crystal Kolipe ok millert@, giovanni@ --- usr.sbin/smtpd/rfc5322.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/usr.sbin/smtpd/rfc5322.c b/usr.sbin/smtpd/rfc5322.c index a6f15056d59..79f55327de0 100644 --- a/usr.sbin/smtpd/rfc5322.c +++ b/usr.sbin/smtpd/rfc5322.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rfc5322.c,v 1.3 2021/06/14 17:58:16 eric Exp $ */ +/* $OpenBSD: rfc5322.c,v 1.4 2023/12/05 13:38:25 op Exp $ */ /* * Copyright (c) 2018 Eric Faurot @@ -149,7 +149,8 @@ _rfc5322_next(struct rfc5322_parser *parser, struct rfc5322_result *res) case RFC5322_NONE: case RFC5322_HEADER_END: - if (line && (pos = strchr(line, ':'))) { + if (line && line[0] != ' ' && line[0] != '\t' && + (pos = strchr(line, ':'))) { len = pos - line; if (buf_grow(&parser->hdr, len + 1) == -1) return -1; -- 2.20.1