[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: why does smtpserver restrict quote in argument to router for verification



[ I just had nightmarish triple-day, which started when   nic.funet.fi's
  HSZ40 RAID-controller decided to scramble its PCMCIA Flash-ROM cards,
  and otherwise started to act up..   Field-service worked for two days
  to fix it -- they at first changed everything except softwares on that
  rom-card, finally they changed the rom-card, and things started to work..

  Ok, machine came up, with huge queues of things..  and I want to test
  my lattest code which runs fine on Solaris 2.3 and Linux..
  Then I (re-)learned that OSF/1 has libresolv.a in multiple locations, and
  naturally my linkage took wrong one, and machine was running for quite
  a while before I noticed something to be really wrong -- massive amounts
  of "unresolvable" addresses -- and router dropping cores..

  Ah well, my  "2.99.15" is now running on nic.funet.fi, and this list
  (among others) works again.  ]

> Would anyone care to comment on why this piece of code in the smtpserver
> checks to see if there are quotes before it passes the address off to the
> router for verification ?
> 
> 	if (args == NULL
> 	    || strchr(args, '\'') != NULL || args[strlen(args)-1] == '\\') {
> 		type(501, (char *)NULL);
> 		return NULL;
> 	}
> 
> The result is that if verification of addresses is turned on, users who
> have a quote in their name are out of luck -- for instance, something like
> Shawn_O'Malley@mc.xerox.com -- which is just fine as far as RFC822 is
> concerned.

	I think this is of old code -- yes, on 2.2.1.

	I guess it is more like an attempt to patch up some problem
	that quote in user's address caused in the original scripts.
	String ending with back-slash is potential trouble-spot for
	my new scripts too, but single-quote should not be -- nor back-quote:

z$ router "O'Maley@utu.fi"
<mea.interactive@nic.funet.fi>: address: O'Maley@utu.fi
(((smtp utu.fi 'O'\''Maley@utu.fi' default_attributes)))
z$ router O'Maley@utu.fi
> ^C
z$ router 'foo`doo'@nic.funet.fi
<mea.interactive@nic.funet.fi>: address: foo`doo@nic.funet.fi
(((local 'foo`doo@nic.funet.fi' 'foo`doo' default_attributes)))
z$ router "foo`doo"@nic.funet.fi
> ^C
z$ router 'foo\'
<mea.interactive@nic.funet.fi>: address: foo\
(((local 'foo\' 'foo\' default_attributes)))
z$

	So yes, the scripts handle it just fine, but entering
	those chars take some SH-gymnastics..  However this
	happens only at the interactive Zmsh.

	I will remove all except the NULL-test from my smtpserver.

> Nick Briggs
> Xerox PARC

	/Matti Aarnio <mea@utu.fi> <mea@nic.funet.fi>