Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
before release 4.4.1 through code contributed by Henrik Storner.
Workaround for older releases: do not use mimedecode feature.
+* Fetchmail now detects singly-quoted % expansions in the mda option and refuses
+ to deliver for safety reasons. Fixes Debian Bug#347909.
# CHANGES
* A foreground fetchmail can now accept a few more options while another copy is
for (dp = after, sp = before; (*dp = *sp); dp++, sp++) {
if (sp[0] != '%') continue;
+ if (sp > before && sp[-1] == '\'') {
+ report(stderr, GT_("MDA option contains single-quoted %%%c expansion.\n"), sp[1]);
+ report(stderr, GT_("Refusing to deliver. Check the manual and fix your mda option.\n"));
+ free(before);
+ free(after);
+ if (from) free(from);
+ if (names) free(names);
+ return PS_SYNTAX;
+ }
+
/* need to expand? BTW, no here overflow, because in
** the worst case (end of string) sp[1] == '\0' */
if (sp[1] == 's' || sp[1] == 'T') {