diff options
| -rw-r--r-- | mailutils/sendmail.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/mailutils/sendmail.c b/mailutils/sendmail.c index a216d66c1..2f99df6c0 100644 --- a/mailutils/sendmail.c +++ b/mailutils/sendmail.c | |||
| @@ -229,10 +229,15 @@ int sendmail_main(int argc UNUSED_PARAM, char **argv) | |||
| 229 | rcptto(sane_address(s+5)); | 229 | rcptto(sane_address(s+5)); |
| 230 | free(s); | 230 | free(s); |
| 231 | // N.B. Bcc: vanishes from headers! | 231 | // N.B. Bcc: vanishes from headers! |
| 232 | |||
| 232 | // other headers go verbatim | 233 | // other headers go verbatim |
| 233 | // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks | 234 | |
| 234 | } else if (strchr(s, ':')) { | 235 | // N.B. RFC2822 2.2.3 "Long Header Fields" allows for headers to occupy several lines. |
| 236 | // Continuation is denoted by prefixing additional lines with whitespace(s). | ||
| 237 | // Thanks (stefan.seyfried at googlemail.com) for pointing this out. | ||
| 238 | } else if (strchr(s, ':') || (list && skip_whitespace(s) != s)) { | ||
| 235 | addheader: | 239 | addheader: |
| 240 | // N.B. we allow MAX_HEADERS generic headers at most to prevent attacks | ||
| 236 | if (MAX_HEADERS && ++nheaders >= MAX_HEADERS) | 241 | if (MAX_HEADERS && ++nheaders >= MAX_HEADERS) |
| 237 | goto bail; | 242 | goto bail; |
| 238 | llist_add_to_end(&list, s); | 243 | llist_add_to_end(&list, s); |