Index | Thread | Search

From:
Steffen Nurpmeso <steffen@sdaoden.eu>
Subject:
Re: smtpd: allow escaping inside quotes
To:
Omar Polo <op@omarpolo.com>
Cc:
tech@openbsd.org, Martijn van Duren <martijn@openbsd.org>
Date:
Tue, 23 Jan 2024 00:00:52 +0100

Download raw body.

Thread 
Dear Omar Polo,

Omar Polo wrote in
 <248HEPT7PIWVZ.2QV59XPHQ4YWJ@venera>:
 |A bug was filed for opensmtpd-portable regarding escape sequences inside
 |quotes in headers: <https://github.com/OpenSMTPD/OpenSMTPD/issues/1242>.
 |
 |The issue is easily replicable by sending a mail with a from as follows:
 |
 | From: "\"Doe, John\"" <op>
 ...

I am currently writing a RFC 5322 parser (for a simple DKIM signer
that i am about to write until February 1st due to Google, if that
works out, sigh), and have found out that most such parsers are
pretty bad.  I Cc:d martijn@ because i saw his DKIM module which
also includes a RFC 5322 parser.  'Seems to me it might be ok
because OpenSMTPD seems to do things like %s@%s when generating
addresses, but i have not looked deeper.

Please see below some test cases to try out.  Note some come from
the RFC 822, 5322 standard (drafts).  I could imagine OpenSMTPD to
fail for some, martijn's thing does for sure.
My parser is nearly finished and very coooooool, even more tests
there are, but i am still working on that.

  John Doe <jdoe@(co(m)ment)mach(co(m)ment)ine(co(m)ment).(co(m)ment)example(co(m)ment)>
  -
  John Doe <jdoe@machine(co(m)ment).  example>
  -
  John Doe <jdoe@machine.  example>
  -
  John Doe <jdoe@machine.example>
  -
  John Doe <jdoe@machine.(c)example>
  -
  Mary Smith
   
               <mary@example.net>
  -
  Joe Q. Public <john.q.public@example.com>
  -
  Mary Smith <@node.test:mary@example.net>
  -
  jdoe@test  . example
  -
  Pete(A nice \) chap) <pete(((his)) account)@silly.test(his host)>
  -
  Chris Jones <c@(Chris's host.)public.example>
  -
  John <jdoe@one.test> (my (dear (friend)))
  -
  "Mary Smith: Personal Account" <smith@home.example>
  -
  "Joe Q. Public" <john.q.public@example.com>
  -
  "Giant; \"Big\" Box" <sysservices@example.net>
  -
  <boss@nil.test>
  -
   John Doe <@dsda.e,@mda.je:jdoe@machine.example>
  -
  Mary Smith <mary@x.test>, jdoe@example.org, Who? <one@y.test>
  --
  <boss@nil.test>, "Giant; \"Big\" Box" <sysservices@example.net>
  --
  A Group:Ed Jones <c@a.test>,joe@where.test,John <jdoe@one.test>;
  --
  Undisclosed recipients:;
  --
  A Group(Some people)
    :Chris Jones <c@public.example(.host of Chris)>,
          :Chris Jones2 <c@(Chris's host.)public.example>,
              joe@example.org,
       John <jdoe@one.test> (my dear friend); (the end of the group)
  --
  (Empty list)(start)Hidden recipients  :(nobody(that I know))  ;
  --
  user@example.com
  -
  "Full Name" <foo@example.com>
  -
  spam@spammer.com <foo@example.com>
  -
  God@heaven <@hop1.org,@hop2.net:jeff@spec.org>
  -
  Real Name ((comment)) <addr...@example.com>'
  -
  ho.(hi)ha@x.y
  -
  (bo) ho.(hi)ha@x.y
  -
  a@malicious.org@important.com
  -

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)