On Sat, Nov 23, 2013 at 12:28:44PM -0800, Andrew Ayer wrote:
> > Simple context-free splitting is in principle not sufficient:
> >
> > RCPT TO:<"perverse NOTIFY=bad address"@example.com> NOTIFY=good
> >
> > Though the smtpd(8) parser for RCPT TO may not cover 100% of the
> > torture-test that is the RFC 5321 "RCPT TO" or "MAIL FROM" grammar,
> > it comes much closer... Look at extract_addr() in src/smtpd/smtpd.c.
>
> Thanks for taking a look at this.
>
> I'm actually only parsing RCPT TO ESMTP parameters here, not an entire
> RCPT TO command, and ESMTP parameter values are not allowed to contain
> space characters[1]. If a parameter value contains an address (e.g.
> ORCPT), then it's encoded using "xtext."[2] So I believe it should be
> quite sufficient to split on space character here.
You're right, I did not look at the patch sufficiently closely. The
splitting into "rcpt", "dsn_args" happens before your code is reached.
--
Viktor.
