-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
improve smtpcode() input validation #190
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As usual, I'm wondering how this came to your attention. And as you'd guess, I love this PR: it's directed by making failing tests pass, and it's unlikely to break any patches. Please add a CHANGES entry.
smtpcode.c
Outdated
err += get_digit(&ch); code = ch - '0'; | ||
/* valid SMTP codes are >= 200 */ | ||
if (ch < '2') | ||
err = 1; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I expected err++
given how it's being used elsewhere
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In theory one could send so much crap that it will eventually overflow and pass as good, but why would one send 2^32 errors just to fool us to think the mail was accepted?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would happen if the input is closed during the loop, after 200 for instance for 200
EOF?
But the check on the content would prevent the loop to go till the end.
replacing for(;;) by while(err == 0) would cut my superstition.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But that would break that this loop reads in all lines of a multiline reply.
e4cc593
to
d910d91
Compare
b120689
to
b187f97
Compare
…cter The server reply must be of the form (\d\d\d-[^\r\n]*\r\n)* \d\d\d [^\r\n]*\r\n Until now it was neither verified that the first 3 characters were digits, nor that the following character was really SPACE or MINUS. In case any of these restrictions violated return a high, invalid, SMTP code, that will cause all callers to return permanent error. While at it make sure noone can send an absurdly low number as status code, and return an error in that case, too.
Solaris does not seems to like the previous layout of the makefile. While the bug is still not identified, this version seems to avoid it.
b187f97
to
ea28e34
Compare
One could basically pass anything in the first 3 characters of a line, and if it happened to have combined ASCII codes below 400 it would be taken as acceptance.