]> Pileus Git - ~andy/fetchmail/commitdiff
projects / ~andy / fetchmail / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 26b8ab2)
Detect single quotes in MDA % expansions and refuse delivery.
authorMatthias Andree <matthias.andree@gmx.de>
Fri, 12 Aug 2011 07:53:31 +0000 (09:53 +0200)
committerMatthias Andree <matthias.andree@gmx.de>
Fri, 12 Aug 2011 07:53:31 +0000 (09:53 +0200)
Fixes Debian Bug#347909.

NEWS patch | blob | history
driver.c patch | blob | history
sink.c patch | blob | history

diff --git a/NEWS b/NEWS
index 74e8e5a5b5111060c09e31fbee162baeebde5df5..315a91ca5032bcf0ac85c4db20cc7c745c29fa34 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -103,6 +103,8 @@ NOTE THIS IS AN ALPHA RELEASE THAT HAS NOT BEEN THOROUGHLY TESTED!
   Bug introduced on 1998-03-20 when the mimedecode support was added by ESR
   before release 4.4.1 through code contributed by Henrik Storner.
   Workaround for older releases: do not use mimedecode feature.
+* Fetchmail now detects singly-quoted % expansions in the mda option and refuses
+  to deliver for safety reasons. Fixes Debian Bug#347909.
 
 # CHANGES
 * A foreground fetchmail can now accept a few more options while another copy is
diff --git a/driver.c b/driver.c
index cbfe0e58e722c70c2c12a1c035ba2f8bdf82cd24..a665e652fea6b81a62539a2d6944eb16382c5cb4 100644 (file)
--- a/driver.c
+++ b/driver.c
@@ -1467,7 +1467,7 @@ is restored."));
        msg = GT_("socket");
        break;
     case PS_SYNTAX:
-       msg = GT_("missing or bad RFC822 header");
+       msg = GT_("missing or bad RFC822 header or command line option");
        break;
     case PS_IOERR:
        msg = GT_("MDA");
diff --git a/sink.c b/sink.c
index 6c9b101f74ceb1213ff5759565279dfcbfa80738..5e9bef9864eb80f6ae3bac880a33b582be8a1e55 100644 (file)
--- a/sink.c
+++ b/sink.c
@@ -1150,6 +1150,16 @@ static int open_mda_sink(struct query *ctl, struct msgblk *msg,
        for (dp = after, sp = before; (*dp = *sp); dp++, sp++) {
            if (sp[0] != '%')   continue;
 
+           if (sp > before && sp[-1] == '\'') {
+               report(stderr, GT_("MDA option contains single-quoted %%%c expansion.\n"), sp[1]);
+               report(stderr, GT_("Refusing to deliver. Check the manual and fix your mda option.\n"));
+               free(before);
+               free(after);
+               if (from) free(from);
+               if (names) free(names);
+               return PS_SYNTAX;
+           }
+
            /* need to expand? BTW, no here overflow, because in
            ** the worst case (end of string) sp[1] == '\0' */
            if (sp[1] == 's' || sp[1] == 'T') {
Andy's fetchmail repository