diff options
| -rw-r--r-- | mailutils/sendmail.c | 19 |
1 files changed, 18 insertions, 1 deletions
diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c index c5df5f5d3..22f735b3d 100644 --- a/mailutils/sendmail.c +++ b/mailutils/sendmail.c | |||
| @@ -181,6 +181,12 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv) | |||
| 181 | char *host = sane_address(safe_gethostname()); | 181 | char *host = sane_address(safe_gethostname()); |
| 182 | unsigned nheaders = 0; | 182 | unsigned nheaders = 0; |
| 183 | int code; | 183 | int code; |
| 184 | enum { | ||
| 185 | HDR_OTHER = 0, | ||
| 186 | HDR_TOCC, | ||
| 187 | HDR_BCC, | ||
| 188 | } last_hdr = 0; | ||
| 189 | int check_hdr; | ||
| 184 | 190 | ||
| 185 | enum { | 191 | enum { |
| 186 | //--- standard options | 192 | //--- standard options |
| @@ -345,20 +351,31 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv) | |||
| 345 | if (opts & OPT_t) { | 351 | if (opts & OPT_t) { |
| 346 | if (0 == strncasecmp("To:", s, 3) || 0 == strncasecmp("Bcc:" + 1, s, 3)) { | 352 | if (0 == strncasecmp("To:", s, 3) || 0 == strncasecmp("Bcc:" + 1, s, 3)) { |
| 347 | rcptto_list(s+3); | 353 | rcptto_list(s+3); |
| 354 | last_hdr = HDR_TOCC; | ||
| 348 | goto addheader; | 355 | goto addheader; |
| 349 | } | 356 | } |
| 350 | // Bcc: header adds blind copy (hidden) recipient | 357 | // Bcc: header adds blind copy (hidden) recipient |
| 351 | if (0 == strncasecmp("Bcc:", s, 4)) { | 358 | if (0 == strncasecmp("Bcc:", s, 4)) { |
| 352 | rcptto_list(s+4); | 359 | rcptto_list(s+4); |
| 353 | free(s); | 360 | free(s); |
| 361 | last_hdr = HDR_BCC; | ||
| 354 | continue; // N.B. Bcc: vanishes from headers! | 362 | continue; // N.B. Bcc: vanishes from headers! |
| 355 | } | 363 | } |
| 356 | } | 364 | } |
| 357 | if (strchr(s, ':') || (list && isspace(s[0]))) { | 365 | check_hdr = list && isspace(s[0]); |
| 366 | if (strchr(s, ':') || check_hdr) { | ||
| 358 | // other headers go verbatim | 367 | // other headers go verbatim |
| 359 | // N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines. | 368 | // N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines. |
| 360 | // Continuation is denoted by prefixing additional lines with whitespace(s). | 369 | // Continuation is denoted by prefixing additional lines with whitespace(s). |
| 361 | // Thanks (stefan.seyfried at googlemail.com) for pointing this out. | 370 | // Thanks (stefan.seyfried at googlemail.com) for pointing this out. |
| 371 | if (check_hdr && last_hdr != HDR_OTHER) { | ||
| 372 | rcptto_list(s+1); | ||
| 373 | if (last_hdr == HDR_BCC) | ||
| 374 | continue; | ||
| 375 | // N.B. Bcc: vanishes from headers! | ||
| 376 | } else { | ||
| 377 | last_hdr = HDR_OTHER; | ||
| 378 | } | ||
| 362 | addheader: | 379 | addheader: |
| 363 | // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks | 380 | // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks |
| 364 | if (MAX_HEADERS && ++nheaders >= MAX_HEADERS) | 381 | if (MAX_HEADERS && ++nheaders >= MAX_HEADERS) |