Hello,

On 2024/01/23 00:00:52 +0100, Steffen Nurpmeso <steffen@sdaoden.eu> wrote:
> Dear Omar Polo,
> 
> Omar Polo wrote in
>  <248HEPT7PIWVZ.2QV59XPHQ4YWJ@venera>:
>  |A bug was filed for opensmtpd-portable regarding escape sequences inside
>  |quotes in headers: <https://github.com/OpenSMTPD/OpenSMTPD/issues/1242>.
>  |
>  |The issue is easily replicable by sending a mail with a from as follows:
>  |
>  | From: "\"Doe, John\"" <op>
>  ...
> 
> I am currently writing a RFC 5322 parser (for a simple DKIM signer
> that i am about to write until February 1st due to Google, if that
> works out, sigh), and have found out that most such parsers are
> pretty bad.  I Cc:d martijn@ because i saw his DKIM module which
> also includes a RFC 5322 parser.  'Seems to me it might be ok
> because OpenSMTPD seems to do things like %s@%s when generating
> addresses, but i have not looked deeper.
> 
> Please see below some test cases to try out.  Note some come from
> the RFC 822, 5322 standard (drafts).  I could imagine OpenSMTPD to
> fail for some, martijn's thing does for sure.
> My parser is nearly finished and very coooooool, even more tests
> there are, but i am still working on that.

Thanks for providing some test cases.

Currently, smtpd needs are pretty small.  If you take a look at
rfc5322.c you'll see that it mostly handles folding, the headers are
left as-is.  Later, in smtp_session.c, header_domain_append_callback()
is used to turn stuff like ``From: <op>'' to ``From: <op@localhost>'',
and that function is only used for To, Cc and From.

However, I think it would be a good idea to start building up a regress
suite for stuff like this.  I know that Gilles had one (including a
branch that was simulating random failures in various places IIRC), but
there's nothing easy to try out in /usr/src/regress/.


Thanks,

Omar Polo