2 * Copyright (c) 1998-2004, 2006 Sendmail, Inc. and its suppliers.
4 * Copyright (c) 1983, 1995-1997 Eric P. Allman. All rights reserved.
5 * Copyright (c) 1988, 1993
6 * The Regents of the University of California. All rights reserved.
8 * By using this file, you agree to the terms and conditions set
9 * forth in the LICENSE file which can be found at the top level of
10 * the sendmail distribution.
17 SM_RCSID("@(#)$Id: headers.c,v 8.291 2006/03/24 01:01:56 ca Exp $")
19 static HDR *allocheader __P((char *, char *, int, SM_RPOOL_T *));
20 static size_t fix_mime_header __P((HDR *, ENVELOPE *));
21 static int priencode __P((char *));
22 static bool put_vanilla_header __P((HDR *, char *, MCI *));
25 ** SETUPHEADERS -- initialize headers in symbol table
40 for (hi = HdrInfo; hi->hi_field != NULL; hi++)
42 s = stab(hi->hi_field, ST_HEADER, ST_ENTER);
43 s->s_header.hi_flags = hi->hi_flags;
44 s->s_header.hi_ruleset = NULL;
48 ** CHOMPHEADER -- process and save a header line.
50 ** Called by collect, readcf, and readqf to deal with header lines.
53 ** line -- header as a text line.
54 ** pflag -- flags for chompheader() (from sendmail.h)
55 ** hdrp -- a pointer to the place to save the header.
56 ** e -- the envelope including this header.
59 ** flags for this header.
62 ** The header is saved on the header list.
63 ** Contents of 'line' are destroyed.
66 static struct hdrinfo NormalHeader = { NULL, 0, NULL };
69 chompheader(line, pflag, hdrp, e)
75 unsigned char mid = '\0';
86 bool nullheader = false;
91 sm_dprintf("chompheader: ");
92 xputs(sm_debug_file(), line);
96 headeronly = hdrp != NULL;
100 /* strip off options */
103 if (!bitset(pflag, CHHDR_USER) && *p == '?')
108 q = strchr(++p, '?');
115 /* possibly macro conditional */
116 if (c == MACROEXPAND)
125 mid = (unsigned char) *p++;
143 mid = (unsigned char) macid(p);
144 if (bitset(0200, mid))
146 p += strlen(macname(mid)) + 2;
169 setbitn(bitidx(*p), mopts);
177 /* find canonical name */
179 while (isascii(*p) && isgraph(*p) && *p != ':')
182 while (isascii(*p) && isspace(*p))
184 if (*p++ != ':' || fname == fvalue)
187 syserr("553 5.3.0 header syntax error, line \"%s\"", line);
192 /* strip field value on front */
197 /* if the field is null, go ahead and use the default */
198 while (isascii(*p) && isspace(*p))
203 /* security scan: long field names are end-of-header */
204 if (strlen(fname) > 100)
207 /* check to see if it represents a ruleset call */
208 if (bitset(pflag, CHHDR_DEF))
212 (void) expand(fvalue, hbuf, sizeof hbuf, e);
213 for (p = hbuf; isascii(*p) && isspace(*p); )
215 if ((*p++ & 0377) == CALLSUBR)
220 strc = *p == '+'; /* strip comments? */
223 if (strtorwset(p, &endp, ST_ENTER) > 0)
226 s = stab(fname, ST_HEADER, ST_ENTER);
228 s->s_header.hi_ruleset != NULL)
229 sm_syslog(LOG_WARNING, NOQID,
230 "Warning: redefined ruleset for header=%s, old=%s, new=%s",
232 s->s_header.hi_ruleset, p);
233 s->s_header.hi_ruleset = newstr(p);
235 s->s_header.hi_flags |= H_STRIPCOMM;
241 /* see if it is a known type */
242 s = stab(fname, ST_HEADER, ST_FIND);
251 sm_dprintf("no header flags match\n");
253 sm_dprintf("header match, flags=%lx, ruleset=%s\n",
255 hi->hi_ruleset == NULL ? "<NULL>"
259 /* see if this is a resent message */
260 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
261 bitset(H_RESENT, hi->hi_flags))
262 e->e_flags |= EF_RESENT;
264 /* if this is an Errors-To: header keep track of it now */
265 if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly &&
266 bitset(H_ERRORSTO, hi->hi_flags))
267 (void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e);
269 /* if this means "end of header" quit now */
270 if (!headeronly && bitset(H_EOH, hi->hi_flags))
274 ** Horrible hack to work around problem with Lotus Notes SMTP
275 ** mail gateway, which generates From: headers with newlines in
276 ** them and the <address> on the second line. Although this is
277 ** legal RFC 822, many MUAs don't handle this properly and thus
278 ** never find the actual address.
281 if (bitset(H_FROM, hi->hi_flags) && SingleLineFromHeader)
283 while ((p = strchr(fvalue, '\n')) != NULL)
288 ** If there is a check ruleset, verify it against the header.
291 if (bitset(pflag, CHHDR_CHECK))
296 rscheckflags = RSF_COUNT;
297 if (!bitset(hi->hi_flags, H_FROM|H_RCPT))
298 rscheckflags |= RSF_UNSTRUCTURED;
300 /* no ruleset? look for default */
304 s = stab("*", ST_HEADER, ST_FIND);
307 rs = (&s->s_header)->hi_ruleset;
308 if (bitset((&s->s_header)->hi_flags,
310 rscheckflags |= RSF_RMCOMM;
313 else if (bitset(hi->hi_flags, H_STRIPCOMM))
314 rscheckflags |= RSF_RMCOMM;
323 /* - 3 to avoid problems with " at the end */
324 /* should be sizeof(qval), not MAXNAME */
325 for (k = 0; fvalue[k] != '\0' && l < MAXNAME - 3; k++)
329 /* XXX other control chars? */
330 case '\011': /* ht */
331 case '\012': /* nl */
332 case '\013': /* vt */
333 case '\014': /* np */
334 case '\015': /* cr */
341 qval[l++] = fvalue[k];
347 k += strlen(fvalue + k);
351 sm_syslog(LOG_WARNING, e->e_id,
352 "Warning: truncated header '%s' before check with '%s' len=%d max=%d",
353 fname, rs, k, MAXNAME - 1);
355 macdefine(&e->e_macro, A_TEMP,
356 macid("{currHeader}"), qval);
357 macdefine(&e->e_macro, A_TEMP,
358 macid("{hdr_name}"), fname);
360 (void) sm_snprintf(qval, sizeof qval, "%d", k);
361 macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval);
363 if (bitset(H_FROM, hi->hi_flags))
364 macdefine(&e->e_macro, A_PERM,
365 macid("{addr_type}"), "h s");
366 else if (bitset(H_RCPT, hi->hi_flags))
367 macdefine(&e->e_macro, A_PERM,
368 macid("{addr_type}"), "h r");
370 #endif /* _FFR_HDR_TYPE */
371 macdefine(&e->e_macro, A_PERM,
372 macid("{addr_type}"), "h");
373 (void) rscheck(rs, fvalue, NULL, e, rscheckflags, 3,
379 ** Drop explicit From: if same as what we would generate.
380 ** This is to make MH (which doesn't always give a full name)
381 ** insert the full name information in all circumstances.
386 if (!bitset(EF_RESENT, e->e_flags))
388 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
389 !bitset(EF_QUEUERUN, e->e_flags) && sm_strcasecmp(fname, p) == 0)
393 sm_dprintf("comparing header from (%s) against default (%s or %s)\n",
394 fvalue, e->e_from.q_paddr, e->e_from.q_user);
396 if (e->e_from.q_paddr != NULL &&
397 e->e_from.q_mailer != NULL &&
398 bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
399 (strcmp(fvalue, e->e_from.q_paddr) == 0 ||
400 strcmp(fvalue, e->e_from.q_user) == 0))
404 /* delete default value for this header */
405 for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link)
407 if (sm_strcasecmp(fname, h->h_field) == 0 &&
408 !bitset(H_USER, h->h_flags) &&
409 !bitset(H_FORCE, h->h_flags))
413 /* user-supplied value was null */
418 /* make this look like the user entered it */
419 h->h_flags |= H_USER;
425 /* copy conditions from default case */
426 memmove((char *) mopts, (char *) h->h_mflags,
433 /* create a new node */
434 h = (HDR *) sm_rpool_malloc_x(e->e_rpool, sizeof *h);
435 h->h_field = sm_rpool_strdup_x(e->e_rpool, fname);
436 h->h_value = sm_rpool_strdup_x(e->e_rpool, fvalue);
438 memmove((char *) h->h_mflags, (char *) mopts, sizeof mopts);
441 h->h_flags = hi->hi_flags;
442 if (bitset(pflag, CHHDR_USER) || bitset(pflag, CHHDR_QUEUE))
443 h->h_flags |= H_USER;
445 /* strip EOH flag if parsing MIME headers */
447 h->h_flags &= ~H_EOH;
448 if (bitset(pflag, CHHDR_DEF))
449 h->h_flags |= H_DEFAULT;
450 if (cond || mid != '\0')
451 h->h_flags |= H_CHECK;
453 /* hack to see if this is a new format message */
454 if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
455 bitset(H_RCPT|H_FROM, h->h_flags) &&
456 (strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL ||
457 strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL))
459 e->e_flags &= ~EF_OLDSTYLE;
465 ** ALLOCHEADER -- allocate a header entry
468 ** field -- the name of the header field.
469 ** value -- the value of the field.
470 ** flags -- flags to add to h_flags.
471 ** rp -- resource pool for allocations
474 ** Pointer to a newly allocated and populated HDR.
478 allocheader(field, value, flags, rp)
487 /* find info struct */
488 s = stab(field, ST_HEADER, ST_FIND);
490 /* allocate space for new header */
491 h = (HDR *) sm_rpool_malloc_x(rp, sizeof *h);
493 h->h_value = sm_rpool_strdup_x(rp, value);
496 h->h_flags |= s->s_header.hi_flags;
497 clrbitmap(h->h_mflags);
503 ** ADDHEADER -- add a header entry to the end of the queue.
505 ** This bypasses the special checking of chompheader.
508 ** field -- the name of the header field.
509 ** value -- the value of the field.
510 ** flags -- flags to add to h_flags.
517 ** adds the field on the list of headers for this envelope.
521 addheader(field, value, flags, e)
529 HDR **hdrlist = &e->e_header;
531 /* find current place in list -- keep back pointer? */
532 for (hp = hdrlist; (h = *hp) != NULL; hp = &h->h_link)
534 if (sm_strcasecmp(field, h->h_field) == 0)
538 /* allocate space for new header */
539 h = allocheader(field, value, flags, e->e_rpool);
544 ** INSHEADER -- insert a header entry at the specified index
546 ** This bypasses the special checking of chompheader.
549 ** idx -- index into the header list at which to insert
550 ** field -- the name of the header field.
551 ** value -- the value of the field.
552 ** flags -- flags to add to h_flags.
559 ** inserts the field on the list of headers for this envelope.
563 insheader(idx, field, value, flags, e)
570 HDR *h, *srch, *last = NULL;
572 /* allocate space for new header */
573 h = allocheader(field, value, flags, e->e_rpool);
575 /* find insertion position */
576 for (srch = e->e_header; srch != NULL && idx > 0;
577 srch = srch->h_link, idx--)
580 if (e->e_header == NULL)
585 else if (srch == NULL)
587 SM_ASSERT(last != NULL);
593 h->h_link = srch->h_link;
598 ** HVALUE -- return value of a header.
600 ** Only "real" fields (i.e., ones that have not been supplied
601 ** as a default) are used.
604 ** field -- the field name.
605 ** header -- the header list.
608 ** pointer to the value part.
609 ** NULL if not found.
616 hvalue(field, header)
622 for (h = header; h != NULL; h = h->h_link)
624 if (!bitset(H_DEFAULT, h->h_flags) &&
625 sm_strcasecmp(h->h_field, field) == 0)
631 ** ISHEADER -- predicate telling if argument is a header.
633 ** A line is a header if it has a single word followed by
634 ** optional white space followed by a colon.
636 ** Header fields beginning with two dashes, although technically
637 ** permitted by RFC822, are automatically rejected in order
638 ** to make MIME work out. Without this we could have a technically
639 ** legal header such as ``--"foo:bar"'' that would also be a legal
643 ** h -- string to check for possible headerness.
646 ** true if h is a header.
657 register char *s = h;
659 if (s[0] == '-' && s[1] == '-')
662 while (*s > ' ' && *s != ':' && *s != '\0')
668 /* following technically violates RFC822 */
669 while (isascii(*s) && isspace(*s))
675 ** EATHEADER -- run through the stored header and extract info.
678 ** e -- the envelope to process.
679 ** full -- if set, do full processing (e.g., compute
680 ** message priority). This should not be set
681 ** when reading a queue file because some info
682 ** needed to compute the priority is wrong.
683 ** log -- call logsender()?
689 ** Sets a bunch of global variables from information
690 ** in the collected header.
694 eatheader(e, full, log)
695 register ENVELOPE *e;
705 ** Set up macros for possible expansion in headers.
708 macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
709 macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
710 if (e->e_origrcpt != NULL && *e->e_origrcpt != '\0')
711 macdefine(&e->e_macro, A_PERM, 'u', e->e_origrcpt);
713 macdefine(&e->e_macro, A_PERM, 'u', NULL);
715 /* full name of from person */
716 p = hvalue("full-name", e->e_header);
719 if (!rfc822_string(p))
722 ** Quote a full name with special characters
723 ** as a comment so crackaddr() doesn't destroy
724 ** the name portion of the address.
727 p = addquotes(p, e->e_rpool);
729 macdefine(&e->e_macro, A_PERM, 'x', p);
733 sm_dprintf("----- collected header -----\n");
735 for (h = e->e_header; h != NULL; h = h->h_link)
738 sm_dprintf("%s: ", h->h_field);
739 if (h->h_value == NULL)
742 sm_dprintf("<NULL>\n");
746 /* do early binding */
747 if (bitset(H_DEFAULT, h->h_flags) &&
748 !bitset(H_BINDLATE, h->h_flags))
753 xputs(sm_debug_file(), h->h_value);
756 expand(h->h_value, buf, sizeof buf, e);
759 if (bitset(H_FROM, h->h_flags))
760 expand(crackaddr(buf, e),
762 h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
763 h->h_flags &= ~H_DEFAULT;
768 xputs(sm_debug_file(), h->h_value);
772 /* count the number of times it has been processed */
773 if (bitset(H_TRACE, h->h_flags))
776 /* send to this person if we so desire */
777 if (GrabTo && bitset(H_RCPT, h->h_flags) &&
778 !bitset(H_DEFAULT, h->h_flags) &&
779 (!bitset(EF_RESENT, e->e_flags) ||
780 bitset(H_RESENT, h->h_flags)))
783 int saveflags = e->e_flags;
786 (void) sendtolist(denlstring(h->h_value, true, false),
787 NULLADDR, &e->e_sendqueue, 0, e);
791 ** Change functionality so a fatal error on an
792 ** address doesn't affect the entire envelope.
795 /* delete fatal errors generated by this address */
796 if (!bitset(EF_FATALERRS, saveflags))
797 e->e_flags &= ~EF_FATALERRS;
801 /* save the message-id for logging */
802 p = "resent-message-id";
803 if (!bitset(EF_RESENT, e->e_flags))
805 if (sm_strcasecmp(h->h_field, p) == 0)
807 e->e_msgid = h->h_value;
808 while (isascii(*e->e_msgid) && isspace(*e->e_msgid))
810 macdefine(&e->e_macro, A_PERM, macid("{msg_id}"),
815 sm_dprintf("----------------------------\n");
817 /* if we are just verifying (that is, sendmail -t -bv), drop out now */
818 if (OpMode == MD_VERIFY)
821 /* store hop count */
822 if (hopcnt > e->e_hopcount)
824 e->e_hopcount = hopcnt;
825 (void) sm_snprintf(buf, sizeof buf, "%d", e->e_hopcount);
826 macdefine(&e->e_macro, A_TEMP, 'c', buf);
829 /* message priority */
830 p = hvalue("precedence", e->e_header);
832 e->e_class = priencode(p);
834 e->e_timeoutclass = TOC_NONURGENT;
835 else if (e->e_class > 0)
836 e->e_timeoutclass = TOC_URGENT;
839 e->e_msgpriority = e->e_msgsize
840 - e->e_class * WkClassFact
841 + e->e_nrcpts * WkRecipFact;
844 /* check for DSN to properly set e_timeoutclass */
845 p = hvalue("content-type", e->e_header);
850 char pvpbuf[MAXLINE];
851 extern unsigned char MimeTokenTab[256];
853 /* tokenize header */
856 pvp = prescan(p, '\0', pvpbuf, sizeof pvpbuf, NULL,
857 MimeTokenTab, false);
860 /* Check if multipart/report */
861 if (pvp != NULL && pvp[0] != NULL &&
862 pvp[1] != NULL && pvp[2] != NULL &&
863 sm_strcasecmp(*pvp++, "multipart") == 0 &&
864 strcmp(*pvp++, "/") == 0 &&
865 sm_strcasecmp(*pvp++, "report") == 0)
867 /* Look for report-type=delivery-status */
870 /* skip to semicolon separator */
871 while (*pvp != NULL && strcmp(*pvp, ";") != 0)
875 if (*pvp++ == NULL || *pvp == NULL)
878 /* look for report-type */
879 if (sm_strcasecmp(*pvp++, "report-type") != 0)
883 if (*pvp == NULL || strcmp(*pvp, "=") != 0)
887 if (*++pvp != NULL &&
889 "delivery-status") == 0)
890 e->e_timeoutclass = TOC_DSN;
892 /* found report-type, no need to continue */
898 /* message timeout priority */
899 p = hvalue("priority", e->e_header);
902 /* (this should be in the configuration file) */
903 if (sm_strcasecmp(p, "urgent") == 0)
904 e->e_timeoutclass = TOC_URGENT;
905 else if (sm_strcasecmp(p, "normal") == 0)
906 e->e_timeoutclass = TOC_NORMAL;
907 else if (sm_strcasecmp(p, "non-urgent") == 0)
908 e->e_timeoutclass = TOC_NONURGENT;
909 else if (bitset(EF_RESPONSE, e->e_flags))
910 e->e_timeoutclass = TOC_DSN;
912 else if (bitset(EF_RESPONSE, e->e_flags))
913 e->e_timeoutclass = TOC_DSN;
915 /* date message originated */
916 p = hvalue("posted-date", e->e_header);
918 p = hvalue("date", e->e_header);
920 macdefine(&e->e_macro, A_PERM, 'a', p);
922 /* check to see if this is a MIME message */
923 if ((e->e_bodytype != NULL &&
924 sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0) ||
925 hvalue("MIME-Version", e->e_header) != NULL)
927 e->e_flags |= EF_IS_MIME;
929 e->e_bodytype = "8BITMIME";
931 else if ((p = hvalue("Content-Type", e->e_header)) != NULL)
933 /* this may be an RFC 1049 message */
934 p = strpbrk(p, ";/");
935 if (p == NULL || *p == ';')
938 e->e_flags |= EF_DONT_MIME;
943 ** From person in antiquated ARPANET mode
944 ** required by UK Grey Book e-mail gateways (sigh)
947 if (OpMode == MD_ARPAFTP)
949 register struct hdrinfo *hi;
951 for (hi = HdrInfo; hi->hi_field != NULL; hi++)
953 if (bitset(H_FROM, hi->hi_flags) &&
954 (!bitset(H_RESENT, hi->hi_flags) ||
955 bitset(EF_RESENT, e->e_flags)) &&
956 (p = hvalue(hi->hi_field, e->e_header)) != NULL)
959 if (hi->hi_field != NULL)
962 sm_dprintf("eatheader: setsender(*%s == %s)\n",
964 setsender(p, e, NULL, '\0', true);
969 ** Log collection information.
972 if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
974 logsender(e, e->e_msgid);
975 e->e_flags &= ~EF_LOGSENDER;
979 ** LOGSENDER -- log sender information
982 ** e -- the envelope to log
983 ** msgid -- the message id
991 register ENVELOPE *e;
997 char hbuf[MAXNAME + 1];
998 char sbuf[MAXLINE + 1];
999 char mbuf[MAXNAME + 1];
1001 /* don't allow newlines in the message-id */
1002 /* XXX do we still need this? sm_syslog() replaces control chars */
1008 if (l > sizeof mbuf - 1)
1009 l = sizeof mbuf - 1;
1010 memmove(mbuf, msgid, l);
1013 while ((p = strchr(p, '\n')) != NULL)
1017 if (bitset(EF_RESPONSE, e->e_flags))
1018 name = "[RESPONSE]";
1019 else if ((name = macvalue('_', e)) != NULL)
1022 else if (RealHostName == NULL)
1024 else if (RealHostName[0] == '[')
1025 name = RealHostName;
1029 (void) sm_snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName);
1030 if (RealHostAddr.sa.sa_family != 0)
1032 p = &hbuf[strlen(hbuf)];
1033 (void) sm_snprintf(p, SPACELEFT(hbuf, p),
1035 anynet_ntoa(&RealHostAddr));
1039 /* some versions of syslog only take 5 printf args */
1040 #if (SYSLOG_BUFSIZE) >= 256
1042 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1043 "from=%.200s, size=%ld, class=%d, nrcpts=%d",
1044 e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
1045 e->e_msgsize, e->e_class, e->e_nrcpts);
1049 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1050 ", msgid=%.100s", mbuf);
1053 if (e->e_bodytype != NULL)
1055 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1056 ", bodytype=%.20s", e->e_bodytype);
1059 p = macvalue('r', e);
1062 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1063 ", proto=%.20s", p);
1066 p = macvalue(macid("{daemon_name}"), e);
1069 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1070 ", daemon=%.20s", p);
1073 sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name);
1075 #else /* (SYSLOG_BUFSIZE) >= 256 */
1077 sm_syslog(LOG_INFO, e->e_id,
1079 e->e_from.q_paddr == NULL ? "<NONE>"
1080 : shortenstring(e->e_from.q_paddr,
1082 sm_syslog(LOG_INFO, e->e_id,
1083 "size=%ld, class=%ld, nrcpts=%d",
1084 e->e_msgsize, e->e_class, e->e_nrcpts);
1086 sm_syslog(LOG_INFO, e->e_id,
1088 shortenstring(mbuf, 83));
1091 if (e->e_bodytype != NULL)
1093 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1094 "bodytype=%.20s, ", e->e_bodytype);
1097 p = macvalue('r', e);
1100 (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1101 "proto=%.20s, ", p);
1104 sm_syslog(LOG_INFO, e->e_id,
1105 "%.400srelay=%s", sbuf, name);
1106 #endif /* (SYSLOG_BUFSIZE) >= 256 */
1109 ** PRIENCODE -- encode external priority names into internal values.
1112 ** p -- priority in ascii.
1115 ** priority as a numeric level.
1127 for (i = 0; i < NumPriorities; i++)
1129 if (sm_strcasecmp(p, Priorities[i].pri_name) == 0)
1130 return Priorities[i].pri_val;
1133 /* unknown priority */
1137 ** CRACKADDR -- parse an address and turn it into a macro
1139 ** This doesn't actually parse the address -- it just extracts
1140 ** it and replaces it with "$g". The parse is totally ad hoc
1141 ** and isn't even guaranteed to leave something syntactically
1142 ** identical to what it started with. However, it does leave
1143 ** something semantically identical if possible, else at least
1144 ** syntactically correct.
1146 ** For example, it changes "Real Name <real@example.com> (Comment)"
1147 ** to "Real Name <$g> (Comment)".
1149 ** This algorithm has been cleaned up to handle a wider range
1150 ** of cases -- notably quoted and backslash escaped strings.
1151 ** This modification makes it substantially better at preserving
1152 ** the original syntax.
1155 ** addr -- the address to be cracked.
1156 ** e -- the current envelope.
1159 ** a pointer to the new version.
1165 ** The return value is saved in local storage and should
1166 ** be copied if it is to be reused.
1169 #define SM_HAVE_ROOM ((bp < buflim) && (buflim <= bufend))
1172 ** Append a character to bp if we have room.
1173 ** If not, punt and return $g.
1176 #define SM_APPEND_CHAR(c) \
1186 ERROR MAXNAME must be at least 10
1187 #endif /* MAXNAME < 10 */
1191 register char *addr;
1196 int cmtlev; /* comment level in input string */
1197 int realcmtlev; /* comment level in output string */
1198 int anglelev; /* angle level in input string */
1199 int copylev; /* 0 == in address, >0 copying */
1200 int bracklev; /* bracket level for IPv6 addr check */
1201 bool addangle; /* put closing angle in output */
1202 bool qmode; /* quoting in original string? */
1203 bool realqmode; /* quoting in output string? */
1204 bool putgmac = false; /* already wrote $g */
1205 bool quoteit = false; /* need to quote next character */
1206 bool gotangle = false; /* found first '<' */
1207 bool gotcolon = false; /* found a ':' */
1213 static char buf[MAXNAME + 1];
1216 sm_dprintf("crackaddr(%s)\n", addr);
1218 /* strip leading spaces */
1219 while (*addr != '\0' && isascii(*addr) && isspace(*addr))
1223 ** Start by assuming we have no angle brackets. This will be
1224 ** adjusted later if we find them.
1227 buflim = bufend = &buf[sizeof(buf) - 1];
1229 p = addrhead = addr;
1230 copylev = anglelev = cmtlev = realcmtlev = 0;
1232 qmode = realqmode = addangle = false;
1234 while ((c = *p++) != '\0')
1237 ** Try to keep legal syntax using spare buffer space
1238 ** (maintained by buflim).
1244 /* check for backslash escapes */
1247 /* arrange to quote the address */
1248 if (cmtlev <= 0 && !qmode)
1251 if ((c = *p++) == '\0')
1262 /* check for quoted strings */
1263 if (c == '"' && cmtlev <= 0)
1266 if (copylev > 0 && SM_HAVE_ROOM)
1272 realqmode = !realqmode;
1279 /* check for comments */
1284 /* allow space for closing paren */
1292 SM_APPEND_CHAR(' ');
1313 /* syntax error: unmatched ) */
1314 if (copylev > 0 && SM_HAVE_ROOM && bp > bufhead)
1318 /* count nesting on [ ... ] (for IPv6 domain literals) */
1324 /* check for group: list; syntax */
1325 if (c == ':' && anglelev <= 0 && bracklev <= 0 &&
1326 !gotcolon && !ColonOkInAddr)
1331 ** Check for DECnet phase IV ``::'' (host::user)
1332 ** or DECnet phase V ``:.'' syntaxes. The latter
1333 ** covers ``user@DEC:.tay.myhost'' and
1334 ** ``DEC:.tay.myhost::user'' syntaxes (bletch).
1337 if (*p == ':' || *p == '.')
1339 if (cmtlev <= 0 && !qmode)
1355 SM_APPEND_CHAR('"');
1357 /* back up over the ':' and any spaces */
1360 isascii(*--p) && isspace(*p))
1364 for (q = addrhead; q < p; )
1367 if (quoteit && c == '"')
1368 SM_APPEND_CHAR('\\');
1373 if (bp == &bufhead[1])
1376 SM_APPEND_CHAR('"');
1377 while ((c = *p++) != ':')
1382 /* any trailing white space is part of group: */
1383 while (isascii(*p) && isspace(*p))
1389 putgmac = quoteit = false;
1395 if (c == ';' && copylev <= 0 && !ColonOkInAddr)
1398 /* check for characters that may have to be quoted */
1399 if (strchr(MustQuoteChars, c) != NULL)
1402 ** If these occur as the phrase part of a <>
1403 ** construct, but are not inside of () or already
1404 ** quoted, they will have to be quoted. Note that
1405 ** now (but don't actually do the quoting).
1408 if (cmtlev <= 0 && !qmode)
1412 /* check for angle brackets */
1417 /* assume first of two angles is bogus */
1422 /* oops -- have to change our mind */
1434 SM_APPEND_CHAR('"');
1436 /* back up over the '<' and any spaces */
1439 isascii(*--p) && isspace(*p))
1443 for (q = addrhead; q < p; )
1446 if (quoteit && c == '"')
1448 SM_APPEND_CHAR('\\');
1459 SM_APPEND_CHAR('"');
1460 while ((c = *p++) != '<')
1465 putgmac = quoteit = false;
1481 else if (SM_HAVE_ROOM)
1483 /* syntax error: unmatched > */
1484 if (copylev > 0 && bp > bufhead)
1494 /* must be a real address character */
1496 if (copylev <= 0 && !putgmac)
1498 if (bp > buf && bp[-1] == ')')
1499 SM_APPEND_CHAR(' ');
1500 SM_APPEND_CHAR(MACROEXPAND);
1501 SM_APPEND_CHAR('g');
1506 /* repair any syntactic damage */
1507 if (realqmode && bp < bufend)
1509 while (realcmtlev-- > 0 && bp < bufend)
1511 if (addangle && bp < bufend)
1518 /* String too long, punt */
1520 buf[1] = MACROEXPAND;
1524 sm_syslog(LOG_ALERT, e->e_id,
1525 "Dropped invalid comments from header address");
1530 sm_dprintf("crackaddr=>`");
1531 xputs(sm_debug_file(), buf);
1537 ** PUTHEADER -- put the header part of a message from the in-core copy
1540 ** mci -- the connection information.
1541 ** hdr -- the header to put.
1542 ** e -- envelope to use.
1543 ** flags -- MIME conversion flags.
1546 ** true iff header part was written successfully
1553 putheader(mci, hdr, e, flags)
1556 register ENVELOPE *e;
1560 char buf[SM_MAX(MAXLINE,BUFSIZ)];
1564 sm_dprintf("--- putheader, mailer = %s ---\n",
1565 mci->mci_mailer->m_name);
1568 ** If we're in MIME mode, we're not really in the header of the
1569 ** message, just the header of one of the parts of the body of
1570 ** the message. Therefore MCIF_INHEADER should not be turned on.
1573 if (!bitset(MCIF_INMIME, mci->mci_flags))
1574 mci->mci_flags |= MCIF_INHEADER;
1576 for (h = hdr; h != NULL; h = h->h_link)
1578 register char *p = h->h_value;
1583 sm_dprintf(" %s: ", h->h_field);
1584 xputs(sm_debug_file(), p);
1587 /* Skip empty headers */
1588 if (h->h_value == NULL)
1591 /* heuristic shortening of MIME fields to avoid MUA overflows */
1592 if (MaxMimeFieldLength > 0 &&
1593 wordinclass(h->h_field,
1594 macid("{checkMIMEFieldHeaders}")))
1598 len = fix_mime_header(h, e);
1601 sm_syslog(LOG_ALERT, e->e_id,
1602 "Truncated MIME %s header due to field size (length = %ld) (possible attack)",
1603 h->h_field, (unsigned long) len);
1605 sm_dprintf(" truncated MIME %s header due to field size (length = %ld) (possible attack)\n",
1607 (unsigned long) len);
1611 if (MaxMimeHeaderLength > 0 &&
1612 wordinclass(h->h_field,
1613 macid("{checkMIMETextHeaders}")))
1617 len = strlen(h->h_value);
1618 if (len > (size_t) MaxMimeHeaderLength)
1620 h->h_value[MaxMimeHeaderLength - 1] = '\0';
1621 sm_syslog(LOG_ALERT, e->e_id,
1622 "Truncated long MIME %s header (length = %ld) (possible attack)",
1623 h->h_field, (unsigned long) len);
1625 sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
1627 (unsigned long) len);
1631 if (MaxMimeHeaderLength > 0 &&
1632 wordinclass(h->h_field,
1633 macid("{checkMIMEHeaders}")))
1637 len = strlen(h->h_value);
1638 if (shorten_rfc822_string(h->h_value,
1639 MaxMimeHeaderLength))
1641 if (len < MaxMimeHeaderLength)
1643 /* we only rebalanced a bogus header */
1644 sm_syslog(LOG_ALERT, e->e_id,
1645 "Fixed MIME %s header (possible attack)",
1648 sm_dprintf(" fixed MIME %s header (possible attack)\n",
1653 /* we actually shortened header */
1654 sm_syslog(LOG_ALERT, e->e_id,
1655 "Truncated long MIME %s header (length = %ld) (possible attack)",
1657 (unsigned long) len);
1659 sm_dprintf(" truncated long MIME %s header (length = %ld) (possible attack)\n",
1661 (unsigned long) len);
1667 ** Suppress Content-Transfer-Encoding: if we are MIMEing
1668 ** and we are potentially converting from 8 bit to 7 bit
1669 ** MIME. If converting, add a new CTE header in
1673 if (bitset(H_CTE, h->h_flags) &&
1674 bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
1676 !bitset(M87F_NO8TO7, flags))
1679 sm_dprintf(" (skipped (content-transfer-encoding))\n");
1683 if (bitset(MCIF_INMIME, mci->mci_flags))
1687 if (!put_vanilla_header(h, p, mci))
1692 if (bitset(H_CHECK|H_ACHECK, h->h_flags) &&
1693 !bitintersect(h->h_mflags, mci->mci_mailer->m_flags) &&
1694 (h->h_macro == '\0' ||
1695 (q = macvalue(bitidx(h->h_macro), e)) == NULL ||
1699 sm_dprintf(" (skipped)\n");
1703 /* handle Resent-... headers specially */
1704 if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
1707 sm_dprintf(" (skipped (resent))\n");
1711 /* suppress return receipts if requested */
1712 if (bitset(H_RECEIPTTO, h->h_flags) &&
1713 (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
1716 sm_dprintf(" (skipped (receipt))\n");
1720 /* macro expand value if generated internally */
1721 if (bitset(H_DEFAULT, h->h_flags) ||
1722 bitset(H_BINDLATE, h->h_flags))
1724 expand(p, buf, sizeof buf, e);
1729 sm_dprintf(" (skipped -- null value)\n");
1734 if (bitset(H_BCC, h->h_flags))
1736 /* Bcc: field -- either truncate or delete */
1737 if (bitset(EF_DELETE_BCC, e->e_flags))
1740 sm_dprintf(" (skipped -- bcc)\n");
1744 /* no other recipient headers: truncate value */
1745 (void) sm_strlcpyn(obuf, sizeof obuf, 2,
1747 if (!putline(obuf, mci))
1756 if (bitset(H_FROM|H_RCPT, h->h_flags))
1759 bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
1761 if (bitset(H_FROM, h->h_flags))
1763 commaize(h, p, oldstyle, mci, e);
1767 if (!put_vanilla_header(h, p, mci))
1773 ** If we are converting this to a MIME message, add the
1774 ** MIME headers (but not in MIME mode!).
1778 if (bitset(MM_MIME8BIT, MimeMode) &&
1779 bitset(EF_HAS8BIT, e->e_flags) &&
1780 !bitset(EF_DONT_MIME, e->e_flags) &&
1781 !bitnset(M_8BITS, mci->mci_mailer->m_flags) &&
1782 !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
1783 hvalue("MIME-Version", e->e_header) == NULL)
1785 if (!putline("MIME-Version: 1.0", mci))
1787 if (hvalue("Content-Type", e->e_header) == NULL)
1789 (void) sm_snprintf(obuf, sizeof obuf,
1790 "Content-Type: text/plain; charset=%s",
1792 if (!putline(obuf, mci))
1795 if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL
1796 && !putline("Content-Transfer-Encoding: 8bit", mci))
1799 #endif /* MIME8TO7 */
1806 ** PUT_VANILLA_HEADER -- output a fairly ordinary header
1809 ** h -- the structure describing this header
1810 ** v -- the value of this header
1811 ** mci -- the connection info for output
1814 ** true iff header was written successfully
1818 put_vanilla_header(h, v, mci)
1826 char obuf[MAXLINE + 256]; /* additional length for h_field */
1828 putflags = PXLF_HEADER;
1829 if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1830 putflags |= PXLF_STRIP8BIT;
1831 (void) sm_snprintf(obuf, sizeof obuf, "%.200s: ", h->h_field);
1832 obp = obuf + strlen(obuf);
1833 while ((nlp = strchr(v, '\n')) != NULL)
1840 ** XXX This is broken for SPACELEFT()==0
1841 ** However, SPACELEFT() is always > 0 unless MAXLINE==1.
1844 if (SPACELEFT(obuf, obp) - 1 < (size_t) l)
1845 l = SPACELEFT(obuf, obp) - 1;
1847 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
1848 if (!putxline(obuf, strlen(obuf), mci, putflags))
1852 if (*v != ' ' && *v != '\t')
1856 /* XXX This is broken for SPACELEFT()==0 */
1857 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
1858 (int) (SPACELEFT(obuf, obp) - 1), v);
1859 return putxline(obuf, strlen(obuf), mci, putflags);
1865 ** COMMAIZE -- output a header field, making a comma-translated list.
1868 ** h -- the header field to output.
1869 ** p -- the value to put in it.
1870 ** oldstyle -- true if this is an old style header.
1871 ** mci -- the connection information.
1872 ** e -- the envelope containing the message.
1875 ** true iff header field was written successfully
1878 ** outputs "p" to file "fp".
1882 commaize(h, p, oldstyle, mci, e)
1887 register ENVELOPE *e;
1892 bool firstone = true;
1893 int putflags = PXLF_HEADER;
1895 char obuf[MAXLINE + 3];
1898 ** Output the address list translated by the
1899 ** mailer and with commas.
1903 sm_dprintf("commaize(%s: %s)\n", h->h_field, p);
1905 if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1906 putflags |= PXLF_STRIP8BIT;
1909 (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ",
1912 /* opos = strlen(obp); */
1913 opos = strlen(h->h_field) + 2;
1917 omax = mci->mci_mailer->m_linelimit - 2;
1918 if (omax < 0 || omax > 78)
1922 ** Run through the list of values.
1927 register char *name;
1934 ** Find the end of the name. New style names
1935 ** end with a comma, old style names end with
1936 ** a space character. However, spaces do not
1937 ** necessarily delimit an old-style name -- at
1938 ** signs mean keep going.
1941 /* find end of name */
1942 while ((isascii(*p) && isspace(*p)) || *p == ',')
1949 char pvpbuf[PSBUFSIZE];
1951 res = prescan(p, oldstyle ? ' ' : ',', pvpbuf,
1952 sizeof pvpbuf, &oldp, NULL, false);
1954 #if _FFR_IGNORE_BOGUS_ADDR
1955 /* ignore addresses that can't be parsed */
1961 #endif /* _FFR_IGNORE_BOGUS_ADDR */
1963 /* look to see if we have an at sign */
1964 while (*p != '\0' && isascii(*p) && isspace(*p))
1973 while (*p != '\0' && isascii(*p) && isspace(*p))
1976 /* at the end of one complete name */
1978 /* strip off trailing white space */
1980 ((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
1986 ** if prescan() failed go a bit backwards; this is a hack,
1987 ** there should be some better error recovery.
1990 if (res == NULL && p > name &&
1991 !((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
1996 /* translate the name to be relative */
1997 flags = RF_HEADERADDR|RF_ADDDOMAIN;
1998 if (bitset(H_FROM, h->h_flags))
1999 flags |= RF_SENDERADDR;
2001 else if (e->e_from.q_mailer != NULL &&
2002 bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags))
2006 q = udbsender(name, e->e_rpool);
2012 name = remotename(name, mci->mci_mailer, flags, &status, e);
2018 name = denlstring(name, false, true);
2020 /* output the name with nice formatting */
2021 opos += strlen(name);
2024 if (opos > omax && !firstone)
2026 (void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
2027 if (!putxline(obuf, strlen(obuf), mci, putflags))
2030 (void) sm_strlcpy(obp, " ", sizeof obuf);
2033 opos += strlen(name);
2037 (void) sm_strlcpy(obp, ", ", SPACELEFT(obuf, obp));
2041 while ((c = *name++) != '\0' && obp < &obuf[MAXLINE])
2046 if (obp < &obuf[sizeof obuf])
2049 obuf[sizeof obuf - 1] = '\0';
2050 return putxline(obuf, strlen(obuf), mci, putflags);
2057 ** COPYHEADER -- copy header list
2059 ** This routine is the equivalent of newstr for header lists
2062 ** header -- list of header structures to copy.
2063 ** rpool -- resource pool, or NULL
2066 ** a copy of 'header'.
2073 copyheader(header, rpool)
2074 register HDR *header;
2077 register HDR *newhdr;
2079 register HDR **tail = &ret;
2081 while (header != NULL)
2083 newhdr = (HDR *) sm_rpool_malloc_x(rpool, sizeof *newhdr);
2084 STRUCTCOPY(*header, *newhdr);
2086 tail = &newhdr->h_link;
2087 header = header->h_link;
2094 ** FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header
2096 ** Run through all of the parameters of a MIME header and
2097 ** possibly truncate and rebalance the parameter according
2098 ** to MaxMimeFieldLength.
2101 ** h -- the header to truncate/rebalance
2102 ** e -- the current envelope
2105 ** length of last offending field, 0 if all ok.
2108 ** string modified in place
2112 fix_mime_header(h, e)
2116 char *begin = h->h_value;
2121 if (begin == NULL || *begin == '\0')
2124 /* Split on each ';' */
2125 /* find_character() never returns NULL */
2126 while ((end = find_character(begin, ';')) != NULL)
2133 len = strlen(begin);
2135 /* Shorten individual parameter */
2136 if (shorten_rfc822_string(begin, MaxMimeFieldLength))
2138 if (len < MaxMimeFieldLength)
2140 /* we only rebalanced a bogus field */
2141 sm_syslog(LOG_ALERT, e->e_id,
2142 "Fixed MIME %s header field (possible attack)",
2145 sm_dprintf(" fixed MIME %s header field (possible attack)\n",
2150 /* we actually shortened the header */
2155 /* Collapse the possibly shortened string with rest */
2156 bp = begin + strlen(begin);
2164 /* copy character by character due to overlap */
projects / FreeBSD / FreeBSD.git / blob