Fix crash in VRFY handling for an unqualified name. Bug 1836
authorJeremy Harris <jgh146exb@wizmail.org>
Sun, 22 May 2016 21:32:43 +0000 (22:32 +0100)
committerJeremy Harris <jgh146exb@wizmail.org>
Tue, 24 May 2016 19:25:15 +0000 (20:25 +0100)
Introduced-by: 4f6ae5c314e5
doc/doc-docbook/spec.xfpt
doc/doc-txt/ChangeLog
src/src/smtp_in.c
test/scripts/0000-Basic/0041
test/stdout/0041

index d625d88b556c5cc4ae6523ee2642a87523c4d1d7..42e1161823feb5cd77589b7589e0f4f2fa25e605 100644 (file)
@@ -38394,7 +38394,7 @@ form of the name.
 Log lines and Received-by: header lines will acquire a "utf8"
 prefix on the protocol element, eg. utf8esmtp.
 
-The following expansion operator can be used:
+The following expansion operators can be used:
 .code
 ${utf8_domain_to_alabel:str}
 ${utf8_domain_from_alabel:str}
index f5e9b8deae8e111aba977603d5abdb1e15bae5ce..eca1defa8af0c6fd066f2b505255e5bf45e6b28d 100644 (file)
@@ -32,6 +32,9 @@ JH/06 Bug 165: hide more cases of password exposure - this time in expansions
 JH/07 Retire gnutls_require_mac et.al.  These were nonfunctional since 4.80
       and logged a warning sing 4.83; now they are a configuration file error.
 
+JH/08 Bug 1836: Fix crash in VRFY handling when handed an unqualified name
+      (lacking @domain).  Apply the same qualification processing as RCPT.
+
 
 Exim version 4.87
 -----------------
index d66b59e302363016e5a24da5db23cdcaea190136..0d509a38d56229203c0e0fb802926f99d410890b 100644 (file)
@@ -4352,14 +4352,13 @@ while (done <= 0)
     /* Apply SMTP rewriting then extract the working address. Don't allow "<>"
     as a recipient address */
 
-    recipient = ((rewrite_existflags & rewrite_smtp) != 0)?
-      rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
-        global_rewrite_rules) : smtp_cmd_data;
+    recipient = rewrite_existflags & rewrite_smtp
+      ? rewrite_one(smtp_cmd_data, rewrite_smtp, NULL, FALSE, US"",
+         global_rewrite_rules)
+      : smtp_cmd_data;
 
-    /* rfc821_domains = TRUE; << no longer needed */
     recipient = parse_extract_address(recipient, &errmess, &start, &end,
       &recipient_domain, FALSE);
-    /* rfc821_domains = FALSE; << no longer needed */
 
     if (recipient == NULL)
       {
@@ -4380,7 +4379,6 @@ while (done <= 0)
     we must always qualify this address, regardless. */
 
     if (recipient_domain == 0)
-      {
       if (allow_unqualified_recipient ||
           strcmpic(recipient, US"postmaster") == 0)
         {
@@ -4400,7 +4398,6 @@ while (done <= 0)
           host_lookup_msg);
         break;
         }
-      }
 
     /* Check maximum allowed */
 
@@ -4586,18 +4583,40 @@ while (done <= 0)
 
       HAD(SCH_VRFY);
 
-      if(!(address = parse_extract_address(smtp_cmd_data, &errmess, &start, &end,
-           &recipient_domain, FALSE)))
+      if (!(address = parse_extract_address(smtp_cmd_data, &errmess,
+            &start, &end, &recipient_domain, FALSE)))
+       {
        smtp_printf("501 %s\r\n", errmess);
+       break;
+       }
+
+      if (recipient_domain == 0)
+       if (  allow_unqualified_recipient
+          || strcmpic(address, US"postmaster") == 0)
+         {
+         DEBUG(D_receive) debug_printf("unqualified address %s accepted\n",
+           recipient);
+         recipient_domain = Ustrlen(recipient) + 1;
+         address = rewrite_address_qualify(address, TRUE);
+         }
+       else
+         {
+         smtp_printf("501 %s: recipient address must contain a domain\r\n",
+           smtp_cmd_data);
+         log_write(L_smtp_syntax_error,
+           LOG_MAIN|LOG_REJECT, "unqualified verify rejected: <%s> %s%s",
+           address, host_and_ident(TRUE), host_lookup_msg);
+         break;
+         }
 
-      else if ((rc = acl_check(ACL_WHERE_VRFY, address, acl_smtp_vrfy,
+      if ((rc = acl_check(ACL_WHERE_VRFY, address, acl_smtp_vrfy,
                    &user_msg, &log_msg)) != OK)
        done = smtp_handle_acl_fail(ACL_WHERE_VRFY, rc, user_msg, log_msg);
       else
        {
-       uschar *s = NULL;
+       uschar * s = NULL;
+       address_item * addr = deliver_make_addr(address, FALSE);
 
-       address_item *addr = deliver_make_addr(address, FALSE);
        switch(verify_address(addr, NULL, vopt_is_recipient | vopt_qualify, -1,
               -1, -1, NULL, NULL, NULL))
          {
index 3495375cbf75a4b775f66a461d451e7a28f5848c..0f8cdb3b53f43041c2df0acbb88d3976040e3536 100644 (file)
@@ -2,6 +2,8 @@
 exim -bh 1.1.1.1
 vrfy userx@test.ex
 vrfy hardfail@test.ex
+vrfy unqual
+vrfy
 expn postmaster
 quit
 ****
index b88c93ac70d681552d977b2bb9f920ed772bf0ce..6b22865b000efa3e6169d5331bf76950eaaf1f88 100644 (file)
@@ -6,6 +6,8 @@
 220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
 252 Administrative prohibition\r
 599 custom reject\r
+501 unqual: recipient address must contain a domain\r
+501 empty address\r
 550 Administrative prohibition\r
 221 the.local.host.name closing connection\r