smtp(1) fix for usernames containing '@' symbols

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

smtp(1) fix for usernames containing '@' symbols

Josh Rickmar
Some email accounts use account names that include the @host portion,
and this broke the server and credentials parsing in smtp(1).  Sometimes
I see these @ characters encoded as %40, but smtp(1) was not decoding
these url escape sequences before base64 encoding and talking with the
server.

Searching for the last @ character instead of the first is a simple
fix.  This mail was sent using this diff.

diff 594937660a36a61c991da10e4d9f91c8e1cdb9d0 /usr/src
blob - deb99c6394e09f605db53cbdb1cddbf61ac72bf8
file + usr.sbin/smtpd/smtpc.c
--- usr.sbin/smtpd/smtpc.c
+++ usr.sbin/smtpd/smtpc.c
@@ -185,7 +185,7 @@ parse_server(char *server)
  *p = '\0';
  p += 3;
  /* check for credentials */
- c = strchr(p, '@');
+ c = strrchr(p, '@');
  if (c) {
  creds = p;
  *c = '\0';

Reply | Threaded
Open this post in threaded view
|

Re: smtp(1) fix for usernames containing '@' symbols

Todd C. Miller-3
On Mon, 14 Sep 2020 16:55:43 -0000, Josh Rickmar wrote:

> Some email accounts use account names that include the @host portion,
> and this broke the server and credentials parsing in smtp(1).  Sometimes
> I see these @ characters encoded as %40, but smtp(1) was not decoding
> these url escape sequences before base64 encoding and talking with the
> server.
>
> Searching for the last @ character instead of the first is a simple
> fix.  This mail was sent using this diff.

Yes, that seems like the simplest approach and matches how smtpd
handles user@host strings.  I've committed the patch, thanks.

 - todd