static const char *find_addr(MAPS *path, const char *address, int flags,
int with_domain, int query_form, VSTRING *ext_addr_buf)
{
const char *result;
#define SANS_DOMAIN 0
#define WITH_DOMAIN 1
switch (query_form) {
/*
* Query with external-form (quoted) address. The code looks a bit
* unusual to emphasize the symmetry with the other cases.
*/
case MA_FORM_EXTERNAL:
case MA_FORM_EXTERNAL_FIRST:
quote_822_local_flags(ext_addr_buf, address,
with_domain ? QUOTE_FLAG_DEFAULT :
QUOTE_FLAG_DEFAULT | QUOTE_FLAG_BARE_LOCALPART);
result = maps_find(path, STR(ext_addr_buf), flags);
if (result != 0 || path->error != 0
|| query_form != MA_FORM_EXTERNAL_FIRST
|| strcmp(address, STR(ext_addr_buf)) == 0)
break;
result = maps_find(path, address, flags);
break;
/*
* Query with internal-form (unquoted) address. The code looks a bit
* unusual to emphasize the symmetry with the other cases.
*/
case MA_FORM_INTERNAL:
case MA_FORM_INTERNAL_FIRST:
result = maps_find(path, address, flags);
if (result != 0 || path->error != 0
|| query_form != MA_FORM_INTERNAL_FIRST)
break;
quote_822_local_flags(ext_addr_buf, address,
with_domain ? QUOTE_FLAG_DEFAULT :
QUOTE_FLAG_DEFAULT | QUOTE_FLAG_BARE_LOCALPART);
if (strcmp(address, STR(ext_addr_buf)) == 0)
break;
result = maps_find(path, STR(ext_addr_buf), flags);
break;
/*
* Can't happen.
*/
default:
msg_panic("mail_addr_find: bad query_form: %d", query_form);
}
return (result);
}
static void strip_address(VSTRING *vp, int start, TOK822 *addr)
{
VSTRING *tmp;
/*
* Emit plain <address>. Discard any comments or phrases.
*/
msg_warn("stripping too many comments from address: %.100s...",
printable(vstring_str(vp) + start, '?'));
vstring_truncate(vp, start);
VSTRING_ADDCH(vp, '<');
if (addr) {
tmp = vstring_alloc(100);
tok822_internalize(tmp, addr, TOK822_STR_TERM);
quote_822_local_flags(vp, vstring_str(tmp),
QUOTE_FLAG_8BITCLEAN | QUOTE_FLAG_APPEND);
vstring_free(tmp);
}
VSTRING_ADDCH(vp, '>');
}
ACL_VSTRING *tok822_externalize(ACL_VSTRING *vp, TOK822 *tree, int flags)
{
ACL_VSTRING *tmp;
TOK822 *tp;
ssize_t start = 0;
TOK822 *addr = 0;
ssize_t addr_len = 0;
/*
* Guard against a Sendmail buffer overflow (CERT advisory CA-2003-07).
* The problem was that Sendmail could store too much non-address text
* (comments, phrases, etc.) into a static 256-byte buffer.
*
* When the buffer fills up, fixed Sendmail versions remove comments etc.
* and reduce the information to just <$g>, which expands to <address>.
* No change is made when an address expression (text separated by
* commas) contains no address. This fix reportedly also protects
* Sendmail systems that are still vulnerable to this problem.
*
* Postfix takes the same approach, grudgingly. To avoid unnecessary damage,
* Postfix removes comments etc. only when the amount of non-address text
* in an address expression (text separated by commas) exceeds 250 bytes.
*
* With Sendmail, the address part of an address expression is the
* right-most <> instance in that expression. If an address expression
* contains no <>, then Postfix guarantees that it contains at most one
* non-comment string; that string is the address part of the address
* expression, so there is no ambiguity.
*
* Finally, we note that stress testing shows that other code in Sendmail
* 8.12.8 bluntly truncates ``text <address>'' to 256 bytes even when
* this means chopping the <address> somewhere in the middle. This is a
* loss of control that we're not entirely comfortable with. However,
* unbalanced quotes and dangling backslash do not seem to influence the
* way that Sendmail parses headers, so this is not an urgent problem.
*/
#define MAX_NONADDR_LENGTH 250
#define RESET_NONADDR_LENGTH { \
start = ACL_VSTRING_LEN(vp); \
addr = 0; \
addr_len = 0; \
}
#define ENFORCE_NONADDR_LENGTH do { \
if (addr && (ssize_t) ACL_VSTRING_LEN(vp) - addr_len > start + MAX_NONADDR_LENGTH) \
strip_address(vp, start, addr->head); \
} while(0)
if (flags & TOK822_STR_WIPE)
ACL_VSTRING_RESET(vp);
if (flags & TOK822_STR_TRNC)
RESET_NONADDR_LENGTH;
for (tp = tree; tp; tp = tp->next) {
switch (tp->type) {
case ',':
if (flags & TOK822_STR_TRNC)
ENFORCE_NONADDR_LENGTH;
ACL_VSTRING_ADDCH(vp, tp->type);
ACL_VSTRING_ADDCH(vp, (flags & TOK822_STR_LINE) ? '\n' : ' ');
if (flags & TOK822_STR_TRNC)
RESET_NONADDR_LENGTH;
continue;
/*
* XXX In order to correctly externalize an address, it is not
* sufficient to quote individual atoms. There are higher-level
* rules that say when an address localpart needs to be quoted.
* We wing it with the quote_822_local() routine, which ignores
* the issue of atoms in the domain part that would need quoting.
*/
case TOK822_ADDR:
addr = tp;
tmp = acl_vstring_alloc(100);
tok822_internalize(tmp, tp->head, TOK822_STR_TERM);
addr_len = ACL_VSTRING_LEN(vp);
quote_822_local_flags(vp, acl_vstring_str(tmp),
QUOTE_FLAG_8BITCLEAN | QUOTE_FLAG_APPEND);
addr_len = ACL_VSTRING_LEN(vp) - addr_len;
acl_vstring_free(tmp);
break;
case TOK822_ATOM:
case TOK822_COMMENT:
acl_vstring_strcat(vp, acl_vstring_str(tp->vstr));
break;
case TOK822_QSTRING:
ACL_VSTRING_ADDCH(vp, '"');
tok822_copy_quoted(vp, acl_vstring_str(tp->vstr), "\"\\\r\n");
ACL_VSTRING_ADDCH(vp, '"');
break;
case TOK822_DOMLIT:
ACL_VSTRING_ADDCH(vp, '[');
tok822_copy_quoted(vp, acl_vstring_str(tp->vstr), "\\\r\n");
ACL_VSTRING_ADDCH(vp, ']');
break;
case TOK822_STARTGRP:
ACL_VSTRING_ADDCH(vp, ':');
break;
case '<':
if (tp->next && tp->next->type == '>') {
addr = tp;
addr_len = 0;
}
ACL_VSTRING_ADDCH(vp, '<');
break;
default:
if (tp->type >= TOK822_MINTOK)
acl_msg_panic("tok822_externalize: unknown operator %d", tp->type);
ACL_VSTRING_ADDCH(vp, tp->type);
}
if (tok822_append_space(tp))
ACL_VSTRING_ADDCH(vp, ' ');
}
if (flags & TOK822_STR_TRNC)
ENFORCE_NONADDR_LENGTH;
if (flags & TOK822_STR_TERM)
ACL_VSTRING_TERMINATE(vp);
return (vp);
}
