File: [local] / src / usr.sbin / smtpd / envelope.c (download)
Revision 1.52, Wed Jan 3 08:11:15 2024 UTC (5 months ago) by op
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, HEAD Changes since 1.51: +5 -7 lines
relax ORCPT syntax validation
We expected the ORCPT parameter to be a valid rfc822 address. This is
wrong on multiple levels:
- any other IANA-registered "addr-type" can be used
- the parameter may be encoded and we didn't decode it prior validation
- RFC3461 explicitly states that "[..] the address associated with the
ORCPT keyword is NOT constrained to conform to the syntax rules for
that 'addr-type'".
Instead, just validate the xtext and preserve the ORCPT value as-is.
Issue originally reported by Tim Kuijsten, Tassilo Philipp and others.
ok millert@
|
/* $OpenBSD: envelope.c,v 1.52 2024/01/03 08:11:15 op Exp $ */
/*
* Copyright (c) 2013 Eric Faurot <eric@openbsd.org>
* Copyright (c) 2011-2013 Gilles Chehade <gilles@poolp.org>
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
#include <arpa/inet.h>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
#include "smtpd.h"
#include "log.h"
static int envelope_ascii_load(struct envelope *, struct dict *);
static void envelope_ascii_dump(const struct envelope *, char **, size_t *,
const char *);
void
envelope_set_errormsg(struct envelope *e, char *fmt, ...)
{
int ret;
va_list ap;
va_start(ap, fmt);
ret = vsnprintf(e->errorline, sizeof(e->errorline), fmt, ap);
va_end(ap);
/* this should not happen */
if (ret < 0)
fatal("vsnprintf");
if ((size_t)ret >= sizeof(e->errorline))
(void)strlcpy(e->errorline + (sizeof(e->errorline) - 4),
"...", 4);
}
void
envelope_set_esc_class(struct envelope *e, enum enhanced_status_class class)
{
e->esc_class = class;
}
void
envelope_set_esc_code(struct envelope *e, enum enhanced_status_code code)
{
e->esc_code = code;
}
static int
envelope_buffer_to_dict(struct dict *d, const char *ibuf, size_t buflen)
{
static char lbuf[sizeof(struct envelope)];
size_t len;
char *buf, *field, *nextline;
memset(lbuf, 0, sizeof lbuf);
if (strlcpy(lbuf, ibuf, sizeof lbuf) >= sizeof lbuf)
goto err;
buf = lbuf;
while (buflen > 0) {
len = strcspn(buf, "\n");
buf[len] = '\0';
nextline = buf + len + 1;
buflen -= (nextline - buf);
field = buf;
while (*buf && (isalnum((unsigned char)*buf) || *buf == '-'))
buf++;
if (!*buf)
goto err;
/* skip whitespaces before separator */
while (*buf && isspace((unsigned char)*buf))
*buf++ = 0;
/* we *want* ':' */
if (*buf != ':')
goto err;
*buf++ = 0;
/* skip whitespaces after separator */
while (*buf && isspace((unsigned char)*buf))
*buf++ = 0;
dict_set(d, field, buf);
buf = nextline;
}
return (1);
err:
return (0);
}
int
envelope_load_buffer(struct envelope *ep, const char *ibuf, size_t buflen)
{
struct dict d;
const char *val, *errstr;
long long version;
int ret = 0;
dict_init(&d);
if (!envelope_buffer_to_dict(&d, ibuf, buflen)) {
log_debug("debug: cannot parse envelope to dict");
goto end;
}
val = dict_get(&d, "version");
if (val == NULL) {
log_debug("debug: envelope version not found");
goto end;
}
version = strtonum(val, 1, 64, &errstr);
if (errstr) {
log_debug("debug: cannot parse envelope version: %s", val);
goto end;
}
if (version != SMTPD_ENVELOPE_VERSION) {
log_debug("debug: bad envelope version %lld", version);
goto end;
}
memset(ep, 0, sizeof *ep);
ret = envelope_ascii_load(ep, &d);
if (ret)
ep->version = SMTPD_ENVELOPE_VERSION;
end:
while (dict_poproot(&d, NULL))
;
return (ret);
}
int
envelope_dump_buffer(const struct envelope *ep, char *dest, size_t len)
{
char *p = dest;
envelope_ascii_dump(ep, &dest, &len, "version");
envelope_ascii_dump(ep, &dest, &len, "dispatcher");
envelope_ascii_dump(ep, &dest, &len, "tag");
envelope_ascii_dump(ep, &dest, &len, "type");
envelope_ascii_dump(ep, &dest, &len, "smtpname");
envelope_ascii_dump(ep, &dest, &len, "helo");
envelope_ascii_dump(ep, &dest, &len, "hostname");
envelope_ascii_dump(ep, &dest, &len, "username");
envelope_ascii_dump(ep, &dest, &len, "errorline");
envelope_ascii_dump(ep, &dest, &len, "sockaddr");
envelope_ascii_dump(ep, &dest, &len, "sender");
envelope_ascii_dump(ep, &dest, &len, "rcpt");
envelope_ascii_dump(ep, &dest, &len, "dest");
envelope_ascii_dump(ep, &dest, &len, "ctime");
envelope_ascii_dump(ep, &dest, &len, "last-try");
envelope_ascii_dump(ep, &dest, &len, "last-bounce");
envelope_ascii_dump(ep, &dest, &len, "ttl");
envelope_ascii_dump(ep, &dest, &len, "retry");
envelope_ascii_dump(ep, &dest, &len, "flags");
envelope_ascii_dump(ep, &dest, &len, "dsn-notify");
envelope_ascii_dump(ep, &dest, &len, "dsn-ret");
envelope_ascii_dump(ep, &dest, &len, "dsn-envid");
envelope_ascii_dump(ep, &dest, &len, "dsn-orcpt");
envelope_ascii_dump(ep, &dest, &len, "esc-class");
envelope_ascii_dump(ep, &dest, &len, "esc-code");
switch (ep->type) {
case D_MDA:
envelope_ascii_dump(ep, &dest, &len, "mda-exec");
envelope_ascii_dump(ep, &dest, &len, "mda-subaddress");
envelope_ascii_dump(ep, &dest, &len, "mda-user");
break;
case D_MTA:
break;
case D_BOUNCE:
envelope_ascii_dump(ep, &dest, &len, "bounce-ttl");
envelope_ascii_dump(ep, &dest, &len, "bounce-delay");
envelope_ascii_dump(ep, &dest, &len, "bounce-type");
break;
default:
return (0);
}
if (dest == NULL)
return (0);
return (dest - p);
}
static int
ascii_load_uint8(uint8_t *dest, char *buf)
{
const char *errstr;
*dest = strtonum(buf, 0, 0xff, &errstr);
if (errstr)
return 0;
return 1;
}
static int
ascii_load_uint16(uint16_t *dest, char *buf)
{
const char *errstr;
*dest = strtonum(buf, 0, 0xffff, &errstr);
if (errstr)
return 0;
return 1;
}
static int
ascii_load_uint32(uint32_t *dest, char *buf)
{
const char *errstr;
*dest = strtonum(buf, 0, 0xffffffff, &errstr);
if (errstr)
return 0;
return 1;
}
static int
ascii_load_time(time_t *dest, char *buf)
{
const char *errstr;
*dest = strtonum(buf, 0, LLONG_MAX, &errstr);
if (errstr)
return 0;
return 1;
}
static int
ascii_load_type(enum delivery_type *dest, char *buf)
{
if (strcasecmp(buf, "mda") == 0)
*dest = D_MDA;
else if (strcasecmp(buf, "mta") == 0)
*dest = D_MTA;
else if (strcasecmp(buf, "bounce") == 0)
*dest = D_BOUNCE;
else
return 0;
return 1;
}
static int
ascii_load_string(char *dest, char *buf, size_t len)
{
if (strlcpy(dest, buf, len) >= len)
return 0;
return 1;
}
static int
ascii_load_sockaddr(struct sockaddr_storage *ss, char *buf)
{
if (!strcmp("local", buf)) {
ss->ss_family = AF_LOCAL;
}
else if (buf[0] == '[' && buf[strlen(buf)-1] == ']') {
struct addrinfo hints, *res0;
buf[strlen(buf)-1] = '\0';
/* getaddrinfo() is used to support scoped addresses. */
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_INET6;
hints.ai_flags = AI_NUMERICHOST;
if (getaddrinfo(buf+1, NULL, &hints, &res0) != 0)
return 0;
memcpy(ss, res0->ai_addr, res0->ai_addrlen);
ss->ss_len = res0->ai_addrlen;
freeaddrinfo(res0);
}
else {
struct sockaddr_in ssin;
memset(&ssin, 0, sizeof ssin);
if (inet_pton(AF_INET, buf, &ssin.sin_addr) != 1)
return 0;
ssin.sin_family = AF_INET;
memcpy(ss, &ssin, sizeof(ssin));
ss->ss_len = sizeof(struct sockaddr_in);
}
return 1;
}
static int
ascii_load_mailaddr(struct mailaddr *dest, char *buf)
{
if (!text_to_mailaddr(dest, buf))
return 0;
return 1;
}
static int
ascii_load_flags(enum envelope_flags *dest, char *buf)
{
char *flag;
while ((flag = strsep(&buf, " ,|")) != NULL) {
if (strcasecmp(flag, "authenticated") == 0)
*dest |= EF_AUTHENTICATED;
else if (strcasecmp(flag, "enqueued") == 0)
;
else if (strcasecmp(flag, "bounce") == 0)
*dest |= EF_BOUNCE;
else if (strcasecmp(flag, "internal") == 0)
*dest |= EF_INTERNAL;
else
return 0;
}
return 1;
}
static int
ascii_load_bounce_type(enum bounce_type *dest, char *buf)
{
if (strcasecmp(buf, "error") == 0 || strcasecmp(buf, "failed") == 0)
*dest = B_FAILED;
else if (strcasecmp(buf, "warn") == 0 ||
strcasecmp(buf, "delayed") == 0)
*dest = B_DELAYED;
else if (strcasecmp(buf, "dsn") == 0 ||
strcasecmp(buf, "delivered") == 0)
*dest = B_DELIVERED;
else
return 0;
return 1;
}
static int
ascii_load_dsn_ret(enum dsn_ret *ret, char *buf)
{
if (strcasecmp(buf, "HDRS") == 0)
*ret = DSN_RETHDRS;
else if (strcasecmp(buf, "FULL") == 0)
*ret = DSN_RETFULL;
else
return 0;
return 1;
}
static int
ascii_load_field(const char *field, struct envelope *ep, char *buf)
{
if (strcasecmp("dispatcher", field) == 0)
return ascii_load_string(ep->dispatcher, buf,
sizeof ep->dispatcher);
if (strcasecmp("bounce-delay", field) == 0)
return ascii_load_time(&ep->agent.bounce.delay, buf);
if (strcasecmp("bounce-ttl", field) == 0)
return ascii_load_time(&ep->agent.bounce.ttl, buf);
if (strcasecmp("bounce-type", field) == 0)
return ascii_load_bounce_type(&ep->agent.bounce.type, buf);
if (strcasecmp("ctime", field) == 0)
return ascii_load_time(&ep->creation, buf);
if (strcasecmp("dest", field) == 0)
return ascii_load_mailaddr(&ep->dest, buf);
if (strcasecmp("username", field) == 0)
return ascii_load_string(ep->username, buf, sizeof(ep->username));
if (strcasecmp("errorline", field) == 0)
return ascii_load_string(ep->errorline, buf,
sizeof ep->errorline);
if (strcasecmp("ttl", field) == 0)
return ascii_load_time(&ep->ttl, buf);
if (strcasecmp("flags", field) == 0)
return ascii_load_flags(&ep->flags, buf);
if (strcasecmp("helo", field) == 0)
return ascii_load_string(ep->helo, buf, sizeof ep->helo);
if (strcasecmp("hostname", field) == 0)
return ascii_load_string(ep->hostname, buf,
sizeof ep->hostname);
if (strcasecmp("last-bounce", field) == 0)
return ascii_load_time(&ep->lastbounce, buf);
if (strcasecmp("last-try", field) == 0)
return ascii_load_time(&ep->lasttry, buf);
if (strcasecmp("retry", field) == 0)
return ascii_load_uint16(&ep->retry, buf);
if (strcasecmp("rcpt", field) == 0)
return ascii_load_mailaddr(&ep->rcpt, buf);
if (strcasecmp("mda-exec", field) == 0)
return ascii_load_string(ep->mda_exec, buf, sizeof(ep->mda_exec));
if (strcasecmp("mda-subaddress", field) == 0)
return ascii_load_string(ep->mda_subaddress, buf, sizeof(ep->mda_subaddress));
if (strcasecmp("mda-user", field) == 0)
return ascii_load_string(ep->mda_user, buf, sizeof(ep->mda_user));
if (strcasecmp("sender", field) == 0)
return ascii_load_mailaddr(&ep->sender, buf);
if (strcasecmp("smtpname", field) == 0)
return ascii_load_string(ep->smtpname, buf,
sizeof(ep->smtpname));
if (strcasecmp("sockaddr", field) == 0)
return ascii_load_sockaddr(&ep->ss, buf);
if (strcasecmp("tag", field) == 0)
return ascii_load_string(ep->tag, buf, sizeof ep->tag);
if (strcasecmp("type", field) == 0)
return ascii_load_type(&ep->type, buf);
if (strcasecmp("version", field) == 0)
return ascii_load_uint32(&ep->version, buf);
if (strcasecmp("dsn-notify", field) == 0)
return ascii_load_uint8(&ep->dsn_notify, buf);
if (strcasecmp("dsn-orcpt", field) == 0)
return ascii_load_string(ep->dsn_orcpt, buf,
sizeof(ep->dsn_orcpt));
if (strcasecmp("dsn-ret", field) == 0)
return ascii_load_dsn_ret(&ep->dsn_ret, buf);
if (strcasecmp("dsn-envid", field) == 0)
return ascii_load_string(ep->dsn_envid, buf,
sizeof(ep->dsn_envid));
if (strcasecmp("esc-class", field) == 0)
return ascii_load_uint8(&ep->esc_class, buf);
if (strcasecmp("esc-code", field) == 0)
return ascii_load_uint8(&ep->esc_code, buf);
return (0);
}
static int
envelope_ascii_load(struct envelope *ep, struct dict *d)
{
const char *field;
char *value;
void *hdl;
hdl = NULL;
while (dict_iter(d, &hdl, &field, (void **)&value))
if (!ascii_load_field(field, ep, value))
goto err;
return (1);
err:
log_warnx("envelope: invalid field \"%s\"", field);
return (0);
}
static int
ascii_dump_uint8(uint8_t src, char *dest, size_t len)
{
return bsnprintf(dest, len, "%d", src);
}
static int
ascii_dump_uint16(uint16_t src, char *dest, size_t len)
{
return bsnprintf(dest, len, "%d", src);
}
static int
ascii_dump_uint32(uint32_t src, char *dest, size_t len)
{
return bsnprintf(dest, len, "%d", src);
}
static int
ascii_dump_time(time_t src, char *dest, size_t len)
{
return bsnprintf(dest, len, "%lld", (long long) src);
}
static int
ascii_dump_string(const char *src, char *dest, size_t len)
{
return bsnprintf(dest, len, "%s", src);
}
static int
ascii_dump_type(enum delivery_type type, char *dest, size_t len)
{
char *p = NULL;
switch (type) {
case D_MDA:
p = "mda";
break;
case D_MTA:
p = "mta";
break;
case D_BOUNCE:
p = "bounce";
break;
default:
return 0;
}
return bsnprintf(dest, len, "%s", p);
}
static int
ascii_dump_mailaddr(const struct mailaddr *addr, char *dest, size_t len)
{
return bsnprintf(dest, len, "%s@%s",
addr->user, addr->domain);
}
static int
ascii_dump_flags(enum envelope_flags flags, char *buf, size_t len)
{
size_t cpylen = 0;
buf[0] = '\0';
if (flags) {
if (flags & EF_AUTHENTICATED)
cpylen = strlcat(buf, "authenticated", len);
if (flags & EF_BOUNCE) {
if (buf[0] != '\0')
(void)strlcat(buf, " ", len);
cpylen = strlcat(buf, "bounce", len);
}
if (flags & EF_INTERNAL) {
if (buf[0] != '\0')
(void)strlcat(buf, " ", len);
cpylen = strlcat(buf, "internal", len);
}
}
return cpylen < len ? 1 : 0;
}
static int
ascii_dump_bounce_type(enum bounce_type type, char *dest, size_t len)
{
char *p = NULL;
switch (type) {
case B_FAILED:
p = "failed";
break;
case B_DELAYED:
p = "delayed";
break;
case B_DELIVERED:
p = "delivered";
break;
default:
return 0;
}
return bsnprintf(dest, len, "%s", p);
}
static int
ascii_dump_dsn_ret(enum dsn_ret flag, char *dest, size_t len)
{
size_t cpylen = 0;
dest[0] = '\0';
if (flag == DSN_RETFULL)
cpylen = strlcat(dest, "FULL", len);
else if (flag == DSN_RETHDRS)
cpylen = strlcat(dest, "HDRS", len);
return cpylen < len ? 1 : 0;
}
static int
ascii_dump_field(const char *field, const struct envelope *ep,
char *buf, size_t len)
{
if (strcasecmp(field, "dispatcher") == 0)
return ascii_dump_string(ep->dispatcher, buf, len);
if (strcasecmp(field, "bounce-delay") == 0) {
if (ep->agent.bounce.type != B_DELAYED)
return (1);
return ascii_dump_time(ep->agent.bounce.delay, buf, len);
}
if (strcasecmp(field, "bounce-ttl") == 0) {
if (ep->agent.bounce.type != B_DELAYED)
return (1);
return ascii_dump_time(ep->agent.bounce.ttl, buf, len);
}
if (strcasecmp(field, "bounce-type") == 0)
return ascii_dump_bounce_type(ep->agent.bounce.type, buf, len);
if (strcasecmp(field, "ctime") == 0)
return ascii_dump_time(ep->creation, buf, len);
if (strcasecmp(field, "dest") == 0)
return ascii_dump_mailaddr(&ep->dest, buf, len);
if (strcasecmp(field, "username") == 0) {
if (ep->username[0])
return ascii_dump_string(ep->username, buf, len);
return 1;
}
if (strcasecmp(field, "errorline") == 0)
return ascii_dump_string(ep->errorline, buf, len);
if (strcasecmp(field, "ttl") == 0)
return ascii_dump_time(ep->ttl, buf, len);
if (strcasecmp(field, "flags") == 0)
return ascii_dump_flags(ep->flags, buf, len);
if (strcasecmp(field, "helo") == 0)
return ascii_dump_string(ep->helo, buf, len);
if (strcasecmp(field, "hostname") == 0)
return ascii_dump_string(ep->hostname, buf, len);
if (strcasecmp(field, "last-bounce") == 0)
return ascii_dump_time(ep->lastbounce, buf, len);
if (strcasecmp(field, "last-try") == 0)
return ascii_dump_time(ep->lasttry, buf, len);
if (strcasecmp(field, "retry") == 0)
return ascii_dump_uint16(ep->retry, buf, len);
if (strcasecmp(field, "rcpt") == 0)
return ascii_dump_mailaddr(&ep->rcpt, buf, len);
if (strcasecmp(field, "mda-exec") == 0) {
if (ep->mda_exec[0])
return ascii_dump_string(ep->mda_exec, buf, len);
return 1;
}
if (strcasecmp(field, "mda-subaddress") == 0) {
if (ep->mda_subaddress[0])
return ascii_dump_string(ep->mda_subaddress, buf, len);
return 1;
}
if (strcasecmp(field, "mda-user") == 0) {
if (ep->mda_user[0])
return ascii_dump_string(ep->mda_user, buf, len);
return 1;
}
if (strcasecmp(field, "sender") == 0)
return ascii_dump_mailaddr(&ep->sender, buf, len);
if (strcasecmp(field, "smtpname") == 0)
return ascii_dump_string(ep->smtpname, buf, len);
if (strcasecmp(field, "sockaddr") == 0)
return ascii_dump_string(ss_to_text(&ep->ss), buf, len);
if (strcasecmp(field, "tag") == 0)
return ascii_dump_string(ep->tag, buf, len);
if (strcasecmp(field, "type") == 0)
return ascii_dump_type(ep->type, buf, len);
if (strcasecmp(field, "version") == 0)
return ascii_dump_uint32(SMTPD_ENVELOPE_VERSION, buf, len);
if (strcasecmp(field, "dsn-notify") == 0)
return ascii_dump_uint8(ep->dsn_notify, buf, len);
if (strcasecmp(field, "dsn-ret") == 0)
return ascii_dump_dsn_ret(ep->dsn_ret, buf, len);
if (strcasecmp(field, "dsn-orcpt") == 0)
return ascii_dump_string(ep->dsn_orcpt, buf, len);
if (strcasecmp(field, "dsn-envid") == 0)
return ascii_dump_string(ep->dsn_envid, buf, len);
if (strcasecmp(field, "esc-class") == 0) {
if (ep->esc_class)
return ascii_dump_uint8(ep->esc_class, buf, len);
return 1;
}
if (strcasecmp(field, "esc-code") == 0) {
/* this is not a pasto, we dump esc_code if esc_class is !0 */
if (ep->esc_class)
return ascii_dump_uint8(ep->esc_code, buf, len);
return 1;
}
return (0);
}
static void
envelope_ascii_dump(const struct envelope *ep, char **dest, size_t *len,
const char *field)
{
char buf[8192];
int l;
if (*dest == NULL)
return;
memset(buf, 0, sizeof buf);
if (!ascii_dump_field(field, ep, buf, sizeof buf))
goto err;
if (buf[0] == '\0')
return;
l = snprintf(*dest, *len, "%s: %s\n", field, buf);
if (l < 0 || (size_t) l >= *len)
goto err;
*dest += l;
*len -= l;
return;
err:
*dest = NULL;
}