[Bug 253759] sendmail does not quote GECOS information for From header
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 15 Apr 2024 15:43:05 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253759
Michael Osipov <michaelo@FreeBSD.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |michaelo@FreeBSD.org
--- Comment #1 from Michael Osipov <michaelo@FreeBSD.org> ---
So the bug is truly in sendmail:
https://github.com/freebsd/freebsd-src/blob/303dea74c2cb3a41fba455fce8577993e637c3da/contrib/sendmail/src/srvrsmtp.c#L5470-L5481
The fullname/GECOS is neither basically quoted nor escaped.
In old ssmtp it is at least quoted:
https://salsa.debian.org/debian/ssmtp/-/blob/master/ssmtp.c?ref_type=heads#L463-473
In postfix it is handled perfectly:
https://github.com/vdukhovni/postfix/blob/a6993c3a48ebc3ac6cefd9913dab4b8c23b66ab8/postfix/src/smtp/smtp_proto.c#L1436-L1438,
it does even escape double quotes in full names.
sendmail has this idiom:
863 if (!rfc822_string(p))
864 {
865 /*
866 ** Quote a full name with special characters
867 ** as a comment so crackaddr() doesn't destroy
868 ** the name portion of the address.
869 */
870
871 p = addquotes(p, e->e_rpool);
872 }
from ./src/util.c
These spots needs to be analyzed:
osipovmi@deblndw011x:~/var/Projekte/freebsd/src/contrib/sendmail (main =)
$ grep -r q_fullname .
./src/alias.c: a->q_fullname = NULL;
./src/parseaddr.c: a->q_fullname == NULL ?
"(none)" : a->q_fullname);
./src/recipient.c: if (a->q_fullname == NULL)
./src/recipient.c: a->q_fullname =
ctladdr->q_fullname;
./src/recipient.c: new->q_fullname =
sm_rpool_strdup_x(e->e_rpool,
./src/sendmail.h: char *q_fullname; /* full name if known
*/
./src/srvrsmtp.c: if (a->q_fullname == NULL)
./src/srvrsmtp.c: message(fmtbuf, a->q_fullname, a->q_user,
MyHostName);
--
You are receiving this mail because:
You are the assignee for the bug.