# HG changeset patch # User meillo@marmaro.de # Date 1278419288 -7200 # Node ID 6b78aaced5e1ee0243137e555a435cf4ed8c9b7a # Parent b072426cc6bbe88e64f8f12857e490930225e7ec check max length of addresses in SMTP dialog (based on Paolo's patch) get_address() does now return false if the address was too long diff -r b072426cc6bb -r 6b78aaced5e1 src/smtp_in.c --- a/src/smtp_in.c Tue Jul 06 13:46:51 2010 +0200 +++ b/src/smtp_in.c Tue Jul 06 14:28:08 2010 +0200 @@ -78,6 +78,7 @@ /* this is a quick hack: we expect the address to be syntactically correct and containing the mailbox only, though we first check for size in smtp_in(). + Return false if address is too long. */ static gboolean get_address(gchar * line, gchar * addr) @@ -97,10 +98,14 @@ } /* get address: */ - while (*p && !isspace(*p) && (q < addr + MAX_ADDRESS - 1)) { + while (*p && !isspace(*p)) { + if (q >= addr + MAX_ADDRESS-1) { + *q = '\0'; + return FALSE; + } *(q++) = *(p++); } - *q = 0; + *q = '\0'; return TRUE; } @@ -213,7 +218,6 @@ smtp_printf(out, "503 MAIL FROM: already given.\r\n"); break; } - if (get_size(buffer, &msize)) { DEBUG(5) debugf("smtp_in(): get_size: msize=%ld, conf.mms=%d\n", msize, conf.max_msg_size); @@ -222,6 +226,10 @@ break; } } + if (!get_address(buffer, buf)) { + smtp_printf(out, "553 Address too long.\r\n"); + break; + } msg = create_message(); msg->received_host = remote_host ? g_strdup(remote_host) : NULL; @@ -230,7 +238,6 @@ /* get transfer id and increment for next one */ msg->transfer_id = (psc->next_id)++; - get_address(buffer, buf); if (remote_host) { addr = create_address(buf, TRUE); } else { @@ -261,8 +268,11 @@ smtp_printf(out, "503 need MAIL FROM: before RCPT TO:\r\n"); break; } + if (!get_address(buffer, buf)) { + smtp_printf(out, "553 Address too long.\r\n"); + break; + } - get_address(buffer, buf); if (remote_host) { addr = create_address(buf, TRUE); } else {