diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/src/acl.c | 19 | ||||
-rw-r--r-- | src/src/functions.h | 1 | ||||
-rw-r--r-- | src/src/verify.c | 37 |
3 files changed, 52 insertions, 5 deletions
diff --git a/src/src/acl.c b/src/src/acl.c index 29e0617d9..386754fcf 100644 --- a/src/src/acl.c +++ b/src/src/acl.c @@ -1650,7 +1650,8 @@ switch (dns_lookup(&dnsa, target, type, NULL)) *************************************************/ enum { VERIFY_REV_HOST_LKUP, VERIFY_CERT, VERIFY_HELO, VERIFY_CSA, VERIFY_HDR_SYNTAX, - VERIFY_NOT_BLIND, VERIFY_HDR_SNDR, VERIFY_SNDR, VERIFY_RCPT + VERIFY_NOT_BLIND, VERIFY_HDR_SNDR, VERIFY_SNDR, VERIFY_RCPT, + VERIFY_HDR_NAMES_ASCII }; typedef struct { uschar * name; @@ -1670,7 +1671,8 @@ static verify_type_t verify_type_list[] = { { US"sender", VERIFY_SNDR, (1<<ACL_WHERE_MAIL)|(1<<ACL_WHERE_RCPT) |(1<<ACL_WHERE_PREDATA)|(1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP), FALSE, 6 }, - { US"recipient", VERIFY_RCPT, (1<<ACL_WHERE_RCPT), FALSE, 0 } + { US"recipient", VERIFY_RCPT, (1<<ACL_WHERE_RCPT), FALSE, 0 }, + { US"header_names_ascii", VERIFY_HDR_NAMES_ASCII, (1<<ACL_WHERE_DATA)|(1<<ACL_WHERE_NOTSMTP), TRUE, 0 } }; @@ -1820,6 +1822,15 @@ switch(vp->value) *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); return rc; + case VERIFY_HDR_NAMES_ASCII: + /* Check that all header names are true 7 bit strings + See RFC 5322, 2.2. and RFC 6532, 3. */ + + rc = verify_check_header_names_ascii(log_msgptr); + if (rc != OK && smtp_return_error_details && *log_msgptr != NULL) + *user_msgptr = string_sprintf("Rejected after DATA: %s", *log_msgptr); + return rc; + case VERIFY_NOT_BLIND: /* Check that no recipient of this message is "blind", that is, every envelope recipient must be mentioned in either To: or Cc:. */ @@ -2202,8 +2213,8 @@ return rc; BAD_VERIFY: *log_msgptr = string_sprintf("expected \"sender[=address]\", \"recipient\", " - "\"helo\", \"header_syntax\", \"header_sender\" or " - "\"reverse_host_lookup\" at start of ACL condition " + "\"helo\", \"header_syntax\", \"header_sender\", \"header_names_ascii\" " + "or \"reverse_host_lookup\" at start of ACL condition " "\"verify %s\"", arg); return ERROR; } diff --git a/src/src/functions.h b/src/src/functions.h index 9d933fea7..c6cb30119 100644 --- a/src/src/functions.h +++ b/src/src/functions.h @@ -402,6 +402,7 @@ extern int verify_check_dnsbl(uschar **); extern int verify_check_header_address(uschar **, uschar **, int, int, int, uschar *, uschar *, int, int *); extern int verify_check_headers(uschar **); +extern int verify_check_header_names_ascii(uschar **); extern int verify_check_host(uschar **); extern int verify_check_notblind(void); extern int verify_check_this_host(uschar **, unsigned int *, uschar*, diff --git a/src/src/verify.c b/src/src/verify.c index 711b3af5a..3d3bfdaf0 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -538,7 +538,7 @@ else #endif if (!(done= smtp_read_response(&inblock, responsebuffer, sizeof(responsebuffer), '2', callout))) goto RESPONSE_FAILED; - + /* Not worth checking greeting line for ESMTP support */ if (!(esmtp = verify_check_this_host(&(ob->hosts_avoid_esmtp), NULL, host->name, host->address, NULL) != OK)) @@ -2155,6 +2155,41 @@ return yield; } +/************************************************* +* Check header names for 8-bit characters * +*************************************************/ + +/* This function checks for invalid charcters in header names. See +RFC 5322, 2.2. and RFC 6532, 3. + +Arguments: + msgptr where to put an error message + +Returns: OK + FAIL +*/ + +int +verify_check_header_names_ascii(uschar **msgptr) +{ +header_line *h; +uschar *colon, *s; + +for (h = header_list; h != NULL; h = h->next) + { + colon = Ustrchr(h->text, ':'); + for(s = h->text; s < colon; s++) + { + if ((*s < 33) || (*s > 126)) + { + *msgptr = string_sprintf("Invalid character in header \"%.*s\" found", + colon - h->text, h->text); + return FAIL; + } + } + } +return OK; +} /************************************************* * Check for blind recipients * |