From 7b564712ff3a235ce9ef42ffa4036023057f295e Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Sat, 3 Aug 2019 22:22:58 +0100
Subject: Callouts: filter smtp response for bad chars before using in our smtp
 response.  Bug 2409

---
 src/src/verify.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'src')

diff --git a/src/src/verify.c b/src/src/verify.c
index 4422b4ad1..60579668b 100644
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1001,6 +1001,26 @@ no_conn:
 	  string_sprintf("response to \"%s\" was: %s",
 			  big_buffer, string_printing(sx.buffer));
 
+	/* RFC 5321 section 4.2: the text portion of the response may have only
+	HT, SP, Printable US-ASCII.  Deal with awkward chars by cutting the
+	received message off before passing it onward.  Newlines are ok; they
+	just become a multiline response (but wrapped in the error code we
+	produce). */
+
+	for (uschar * s = sx.buffer;
+	     *s && s < sx.buffer + sizeof(sx.buffer);
+	     s++)
+	  {
+	  uschar c = *s;
+	  if (c != '\t' && c != '\n' && (c < ' ' || c > '~'))
+	    {
+	    if (s - sx.buffer < sizeof(sx.buffer) - 12)
+	      memcpy(s, "(truncated)", 12);
+	    else
+	      *s = '\0';
+	    break;
+	    }
+	  }
 	addr->user_message = options & vopt_is_recipient
 	  ? string_sprintf("Callout verification failed:\n%s", sx.buffer)
 	  : string_sprintf("Called:   %s\nSent:     %s\nResponse: %s",
-- 
cgit v1.2.3