Callouts: filter smtp response for bad chars before using in our smtp response. Bug 2409

author: Jeremy Harris <jgh146exb@wizmail.org> 2019-08-03 22:22:58 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2019-08-03 22:22:58 +0100
commit: 7b564712ff3a235ce9ef42ffa4036023057f295e (patch)
tree: 313fbb34be2de12f2ac2813a37b1782e1ccbebae /src
parent: 6d95688d6a272297a6a47f2fd2695cc8e5b8b730 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/src/src/verify.c b/src/src/verify.c
index 4422b4ad1..60579668b 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1001,6 +1001,26 @@ no_conn:
 	  string_sprintf("response to \"%s\" was: %s",
 			  big_buffer, string_printing(sx.buffer));
 
+	/* RFC 5321 section 4.2: the text portion of the response may have only
+	HT, SP, Printable US-ASCII.  Deal with awkward chars by cutting the
+	received message off before passing it onward.  Newlines are ok; they
+	just become a multiline response (but wrapped in the error code we
+	produce). */
+
+	for (uschar * s = sx.buffer;
+	     *s && s < sx.buffer + sizeof(sx.buffer);
+	     s++)
+	  {
+	  uschar c = *s;
+	  if (c != '\t' && c != '\n' && (c < ' ' || c > '~'))
+	    {
+	    if (s - sx.buffer < sizeof(sx.buffer) - 12)
+	      memcpy(s, "(truncated)", 12);
+	    else
+	      *s = '\0';
+	    break;
+	    }
+	  }
 	addr->user_message = options & vopt_is_recipient
 	  ? string_sprintf("Callout verification failed:\n%s", sx.buffer)
 	  : string_sprintf("Called:   %s\nSent:     %s\nResponse: %s",
author	Jeremy Harris <jgh146exb@wizmail.org>	2019-08-03 22:22:58 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2019-08-03 22:22:58 +0100
commit	7b564712ff3a235ce9ef42ffa4036023057f295e (patch)
tree	313fbb34be2de12f2ac2813a37b1782e1ccbebae /src
parent	6d95688d6a272297a6a47f2fd2695cc8e5b8b730 (diff)