On 2024/01/22 11:41:13 +0100, Omar Polo <op@omarpolo.com> wrote:
> A bug was filed for opensmtpd-portable regarding escape sequences inside
> quotes in headers: <https://github.com/OpenSMTPD/OpenSMTPD/issues/1242>.
> 
> The issue is easily replicable by sending a mail with a from as follows:
> 
> 	From: "\"Doe, John\"" <op>
> 
> smtpd mis-interprets the escapes inside the quoted name and turns it
> into:
> 
> 	From: "\"Doe@localhost, John\"" <op>
> 
> When smtpd reaches the comma it thinks it's the address separator and
> not part of the string.  This is caused since the \ is treated as
> literal in a quoted context and so \" closes the quoted string from
> smtpd point of view.
> 
> If I'm reading RFC5322 correctly, it actually allows for escapes inside
> quotes.  Citing bits of the ABFN:
> 
>    name-addr       =   [display-name] angle-addr
>    display-name    =   phrase
>    phrase          =   1*word / obs-phrase
>    word            =   atom / quoted-string
>    quoted-string   =   [CFWS] DQUOTE *([FWS] qcontent) [FWS] DQUOTE [CFWS]
>    qcontent        =   qtext / quoted-pair
> 
> diff belows allows for handling of escapes in quoted strings.  It only
> affects how To, Cc and From headers are processed.
> 
> Thoughts/oks?

friendly ping

diff /home/op/tmp/smtpd
commit - d84d1565c6d01997768b2220610a26af306be2d9
path + /home/op/tmp/smtpd
blob - 94763e6d07801384a6f00a612e61fa8f56998cad
file + smtp_session.c
--- smtp_session.c
+++ smtp_session.c
@@ -489,7 +489,7 @@ header_domain_append_callback(struct smtp_tx *tx, cons
 				quote = !quote;
 			if (line[i] == ')' && !escape && !quote && comment)
 				comment--;
-			if (line[i] == '\\' && !escape && !comment && !quote)
+			if (line[i] == '\\' && !escape && !comment)
 				escape = 1;
 			else
 				escape = 0;