1 /**
2 * \file transact.c -- transaction primitives for the fetchmail driver loop
3 *
4 * Copyright 2001 by Eric S. Raymond
5 * For license terms, see the file COPYING in this directory.
6 */
7
8 #include "config.h"
9 #include "fetchmail.h"
10 #include <stdio.h>
11 #include <string.h>
12 #include <ctype.h>
13 #ifdef HAVE_MEMORY_H
14 #include <memory.h>
15 #endif /* HAVE_MEMORY_H */
16 #if defined(STDC_HEADERS)
17 #include <stdlib.h>
18 #endif
19 #if defined(HAVE_UNISTD_H)
20 #include <unistd.h>
21 #endif
22 #if defined(HAVE_STDARG_H)
23 #include <stdarg.h>
24 #else
25 #include <varargs.h>
26 #endif
27 #include <limits.h>
28 #include <assert.h>
29
30 #ifdef HAVE_NET_SOCKET_H
31 #include <net/socket.h>
32 #endif
33 #include <sys/socket.h>
34 #include <netdb.h>
35 #include "fm_md5.h"
36
37 #include "i18n.h"
38 #include "socket.h"
39
40 /** Macro to clamp the argument so it is >= INT_MIN. */
41 #define _FIX_INT_MIN(x) ((x) < INT_MIN ? INT_MIN : (x))
42 /** Macro to clamp the argument so it is <= INT_MAX. */
43 #define _FIX_INT_MAX(x) ((x) > INT_MAX ? INT_MAX : (x))
44 /** Macro to clamp the argument so it is representable as an int. */
45 #define CAST_TO_INT(x) ((int)(_FIX_INT_MIN(_FIX_INT_MAX(x))))
46 /** Macro to clamp the unsigned argument so it is representable as an int. */
47 #define UCAST_TO_INT(x) ((int)(_FIX_INT_MAX(x)))
48
49 /* global variables: please reinitialize them explicitly for proper
50 * working in daemon mode */
51
52 /* session variables initialized in init_transact() */
53 int suppress_tags = FALSE; /**< emit tags in the protocol? */
54 char tag[TAGLEN]; /**< buffer for the tag */
55 static unsigned int tagnum; /**< local counter for the tag */
56 /** Macro to generate the tag and store it in #tag. */
57 #define GENSYM (sprintf(tag, "A%04u", ++tagnum % TAGMOD), tag)
58 static const struct method *protocol; /**< description of the protocol used for the current poll */
59 char shroud[PASSWORDLEN*2+3]; /**< string to shroud in debug output */
60
61 /* session variables initialized in do_session() */
62 int mytimeout; /**< value of nonreponse timeout */
63
64 /* mail variables initialized in readheaders() */
65 struct msgblk msgblk; /**< stores attributes of the currently processed message */
66 static int accept_count /** count of accepted recipients */, reject_count /** count of rejected recipients */;
67
68 /** add given address to xmit_names if it exactly matches a full address
69 * \returns nonzero if matched */
map_address(const char * addr,struct query * ctl,struct idlist ** xmit_names)70 static int map_address(const char *addr,/**< address to match */
71 struct query *ctl, /**< contains list of aliases */
72 struct idlist **xmit_names /**< list of recipient names */)
73 {
74 const char *lname;
75
76 lname = idpair_find(&ctl->localnames, addr);
77 if (lname) {
78 if (outlevel >= O_DEBUG)
79 report(stdout, GT_("mapped address %s to local %s\n"), addr, lname);
80 save_str(xmit_names, lname, XMIT_ACCEPT);
81 accept_count++;
82 }
83 return lname != NULL;
84 }
85
86 /** add given name to xmit_names if it matches declared localnames */
map_name(const char * name,struct query * ctl,struct idlist ** xmit_names)87 static void map_name(const char *name, struct query *ctl, struct idlist **xmit_names)
88 /** \param name name to map */
89 /** \param ctl list of permissible aliases */
90 /** \param xmit_names list of recipient names parsed out */
91 {
92 const char *lname;
93
94 lname = idpair_find(&ctl->localnames, name);
95 if (!lname && ctl->wildcard)
96 lname = name;
97
98 if (lname != (char *)NULL)
99 {
100 if (outlevel >= O_DEBUG)
101 report(stdout, GT_("mapped %s to local %s\n"), name, lname);
102 save_str(xmit_names, lname, XMIT_ACCEPT);
103 accept_count++;
104 }
105 }
106
find_server_names(const char * hdr,struct query * ctl,struct idlist ** xmit_names)107 static void find_server_names(const char *hdr,
108 struct query *ctl,
109 struct idlist **xmit_names)
110 /** parse names out of a RFC822 header into an ID list */
111 /** \param hdr RFC822 header in question */
112 /** \param ctl list of permissible aliases */
113 /** \param xmit_names list of recipient names parsed out */
114 {
115 if (hdr == (char *)NULL)
116 return;
117 else
118 {
119 char *cp;
120
121 for (cp = nxtaddr(hdr); cp != NULL; cp = nxtaddr(NULL))
122 {
123 char *atsign;
124
125 /*
126 * Handle empty address from a To: header containing only
127 * a comment.
128 */
129 if (!*cp)
130 continue;
131
132 /*
133 * If the name of the user begins with a qmail virtual
134 * domain prefix, ignore the prefix. Doing this here
135 * means qvirtual will work either with ordinary name
136 * mapping or with a localdomains option.
137 */
138 if (ctl->server.qvirtual)
139 {
140 int sl = strlen(ctl->server.qvirtual);
141
142 if (!strncasecmp((char *)cp, ctl->server.qvirtual, sl))
143 cp += sl;
144 }
145
146 if ((atsign = strchr((char *)cp, '@'))) {
147 struct idlist *idp;
148
149 /* try to match full address first, this takes
150 * precedence over localdomains and alias mappings */
151 if (map_address(cp, ctl, xmit_names))
152 goto nomap;
153
154 /*
155 * Does a trailing segment of the hostname match something
156 * on the localdomains list? If so, save the whole name
157 * and keep going.
158 */
159 for (idp = ctl->server.localdomains; idp; idp = idp->next) {
160 char *rhs;
161
162 rhs = atsign + (strlen(atsign) - strlen(idp->id));
163 if (rhs > atsign &&
164 (rhs[-1] == '.' || rhs[-1] == '@') &&
165 strcasecmp(rhs, idp->id) == 0)
166 {
167 if (outlevel >= O_DEBUG)
168 report(stdout, GT_("passed through %s matching %s\n"),
169 cp, idp->id);
170 save_str(xmit_names, (const char *)cp, XMIT_ACCEPT);
171 accept_count++;
172 goto nomap;
173 }
174 }
175
176 /* if we matched a local domain, idp != NULL */
177 if (!idp)
178 {
179 /*
180 * Check to see if the right-hand part is an alias
181 * or MX equivalent of the mailserver. If it's
182 * not, skip this name. If it is, we'll keep
183 * going and try to find a mapping to a client name.
184 */
185 if (!is_host_alias(atsign+1, ctl, &ai0))
186 {
187 save_str(xmit_names, cp, XMIT_REJECT);
188 reject_count++;
189 continue;
190 }
191 }
192 atsign[0] = '\0';
193 map_name(cp, ctl, xmit_names);
194 nomap:;
195 }
196 }
197 }
198 }
199
200 /**
201 * Return zero on a syntactically invalid address, nz on a valid one.
202 *
203 * This used to be strchr(a, '.'), but it turns out that lines like this
204 *
205 * Received: from punt-1.mail.demon.net by mailstore for markb@example.com
206 * id 938765929:10:27223:2; Fri, 01 Oct 99 08:18:49 GMT
207 *
208 * are not uncommon. So now we just check that the following token is
209 * not itself an email address.
210 */
211 #define VALID_ADDRESS(a) (!strchr((a), '@'))
212
213 /** write \a value into \a rbuf, indexed by \a tp, if there is
214 * sufficient room left. */
215 #define RBUF_WRITE(value) do { if (tp < rbuf+sizeof(rbuf)-1) *tp++=(value); } while(0)
216
217 /** Try to extract real address from the Received line.
218 * If a valid Received: line is found, we return the full address in
219 * a buffer which can be parsed from nxtaddr(). This is to ensure that
220 * the local domain part of the address can be passed along in
221 * find_server_names() if it contains one.
222 * Note: We should return a dummy header containing the address
223 * which makes nxtaddr() behave correctly.
224 */
parse_received(struct query * ctl,char * bufp)225 static char *parse_received(struct query *ctl, char *bufp)
226 {
227 char *base, *ok = (char *)NULL;
228 static char rbuf[HOSTLEN + USERNAMELEN + 4];
229 struct addrinfo *ai0;
230
231 /*
232 * Try to extract the real envelope addressee. We look here
233 * specifically for the mailserver's Received line.
234 * Note: this will only work for sendmail, or an MTA that
235 * shares sendmail's convention for embedding the envelope
236 * address in the Received line. Sendmail itself only
237 * does this when the mail has a single recipient.
238 */
239 if (outlevel >= O_DEBUG)
240 report(stdout, GT_("analyzing Received line:\n%s"), bufp);
241
242 /* search for whitepace-surrounded "by" followed by valid address */
243 for (base = bufp; ; base = ok + 2)
244 {
245 if (!(ok = strstr(base, "by")))
246 break;
247 else if (!isspace((unsigned char)ok[-1]) || !isspace((unsigned char)ok[2]))
248 continue;
249 else
250 {
251 char *sp, *tp;
252
253 /* extract space-delimited token after "by" */
254 for (sp = ok + 2; isspace((unsigned char)*sp); sp++)
255 continue;
256 tp = rbuf;
257 for (; *sp && !isspace((unsigned char)*sp); sp++)
258 RBUF_WRITE(*sp);
259 *tp = '\0';
260
261 /* look for valid address */
262 if (VALID_ADDRESS(rbuf))
263 break;
264 else
265 ok = sp - 1; /* arrange to skip this token */
266 }
267 }
268 if (ok)
269 {
270 /*
271 * If it's a DNS name of the mail server, look for the
272 * recipient name after a following "for". Otherwise
273 * punt.
274 */
275 if (is_host_alias(rbuf, ctl, &ai0))
276 {
277 if (outlevel >= O_DEBUG)
278 report(stdout,
279 GT_("line accepted, %s is an alias of the mailserver\n"), rbuf);
280 }
281 else
282 {
283 if (outlevel >= O_DEBUG)
284 report(stdout,
285 GT_("line rejected, %s is not an alias of the mailserver\n"),
286 rbuf);
287 return(NULL);
288 }
289
290 /* search for whitepace-surrounded "for" followed by xxxx@yyyy */
291 for (base = ok + 4 + strlen(rbuf); ; base = ok + 2)
292 {
293 if (!(ok = strstr(base, "for")))
294 break;
295 else if (!isspace((unsigned char)ok[-1]) || !isspace((unsigned char)ok[3]))
296 continue;
297 else
298 {
299 char *sp, *tp;
300
301 /* extract space-delimited token after "for" */
302 for (sp = ok + 3; isspace((unsigned char)*sp); sp++)
303 continue;
304 tp = rbuf;
305 for (; !isspace((unsigned char)*sp); sp++)
306 RBUF_WRITE(*sp);
307 *tp = '\0';
308
309 if (strchr(rbuf, '@'))
310 break;
311 else
312 ok = sp - 1; /* arrange to skip this token */
313 }
314 }
315 if (ok)
316 {
317 flag want_gt = FALSE;
318 char *sp, *tp;
319
320 /* char after "for" could be space or a continuation newline */
321 for (sp = ok + 4; isspace((unsigned char)*sp); sp++)
322 continue;
323 tp = rbuf;
324 RBUF_WRITE(':'); /* Here is the hack. This is to be friends */
325 RBUF_WRITE(' '); /* with nxtaddr()... */
326 if (*sp == '<')
327 {
328 want_gt = TRUE;
329 sp++;
330 }
331 while (*sp == '@') /* skip routes */
332 while (*sp && *sp++ != ':')
333 continue;
334 while (*sp
335 && (want_gt ? (*sp != '>') : !isspace((unsigned char)*sp))
336 && *sp != ';')
337 if (!isspace((unsigned char)*sp))
338 {
339 RBUF_WRITE(*sp);
340 sp++;
341 }
342 else
343 {
344 /* uh oh -- whitespace here can't be right! */
345 ok = (char *)NULL;
346 break;
347 }
348 RBUF_WRITE('\n');
349 *tp = '\0';
350 if (strlen(rbuf) <= 3) /* apparently nothing has been found */
351 ok = NULL;
352 } else
353 ok = (char *)NULL;
354 }
355
356 if (!ok)
357 {
358 if (outlevel >= O_DEBUG)
359 report(stdout, GT_("no Received address found\n"));
360 return(NULL);
361 }
362 else
363 {
364 if (outlevel >= O_DEBUG) {
365 char *lf = rbuf + strlen(rbuf)-1;
366 *lf = '\0';
367 if (outlevel >= O_DEBUG)
368 report(stdout, GT_("found Received address `%s'\n"), rbuf+2);
369 *lf = '\n';
370 }
371 return(rbuf);
372 }
373 }
374
375 /* shared by readheaders and readbody */
376 static int sizeticker; /**< internal state variable for print_ticker() */
377
378 /** Print ticker based on a amount of data transferred of \a bytes.
379 * Increments \a *tickervar by \a bytes, and if it exceeds
380 * \a SIZETICKER, print a dot and reduce *tickervar by \a SIZETICKER. */
print_ticker(int * tickervar,int bytes)381 static void print_ticker(int *tickervar, int bytes)
382 {
383 *tickervar += bytes;
384 while (*tickervar >= SIZETICKER)
385 {
386 if (want_progress())
387 {
388 fputc('.', stdout);
389 fflush(stdout);
390 }
391 *tickervar -= SIZETICKER;
392 }
393 }
394
395 /** Check if \a s is equal to a LF or CR LF sequence, followed by a NUL
396 * byte. \todo FIXME merge this with end_of_header? */
397 #define EMPTYLINE(s) (((s)[0] == '\r' && (s)[1] == '\n' && (s)[2] == '\0') \
398 || ((s)[0] == '\n' && (s)[1] == '\0'))
399
400 /** Check if \a s is an empty line. Accept "\r*\n" as EOH in order to be bulletproof against broken survers */
end_of_header(const char * s)401 static int end_of_header (const char *s)
402 {
403 while (s[0] == '\r')
404 s++;
405 return (s[0] == '\n' && s[1] == '\0');
406 }
407
408 /** read message headers and ship to SMTP or MDA */
readheaders(int sock,long fetchlen,long reallen,struct query * ctl,int num,flag * suppress_readbody)409 int readheaders(int sock,
410 long fetchlen,
411 long reallen,
412 struct query *ctl,
413 int num,
414 flag *suppress_readbody)
415 /** \param sock to which the server is connected */
416 /** \param fetchlen length of message according to fetch response */
417 /** \param reallen length of message according to getsizes */
418 /** \param ctl query control record */
419 /** \param num index of message */
420 /** \param suppress_readbody output: whether call to readbody() should be supressed */
421 {
422 struct addrblk
423 {
424 int offset;
425 struct addrblk *next;
426 };
427 struct addrblk *to_addrchain = NULL;
428 struct addrblk **to_chainptr = &to_addrchain;
429 struct addrblk *resent_to_addrchain = NULL;
430 struct addrblk **resent_to_chainptr = &resent_to_addrchain;
431
432 char buf[MSGBUFSIZE+1];
433 int from_offs, reply_to_offs, resent_from_offs;
434 int app_from_offs, sender_offs, resent_sender_offs;
435 int env_offs;
436 char *received_for, *rcv, *cp;
437 static char *delivered_to = NULL;
438 int n, oldlen, ch, remaining, skipcount;
439 size_t linelen;
440 int delivered_to_count;
441 struct idlist *idp;
442 flag no_local_matches = FALSE;
443 flag has_nuls;
444 int olderrs, good_addresses, bad_addresses;
445 int retain_mail = 0, refuse_mail = 0;
446 flag already_has_return_path = FALSE;
447
448 sizeticker = 0;
449 has_nuls = FALSE;
450 msgblk.return_path[0] = '\0';
451 olderrs = ctl->errcount;
452
453 /* read message headers */
454 msgblk.reallen = reallen;
455
456 /*
457 * We used to free the header block unconditionally at the end of
458 * readheaders, but it turns out that if close_sink() hits an error
459 * condition the code for sending bouncemail will actually look
460 * at the freed storage and coredump...
461 */
462 xfree(msgblk.headers);
463 free_str_list(&msgblk.recipients);
464 xfree(delivered_to);
465
466 /* initially, no message digest */
467 memset(ctl->digest, '\0', sizeof(ctl->digest));
468
469 received_for = NULL;
470 from_offs = reply_to_offs = resent_from_offs = app_from_offs =
471 sender_offs = resent_sender_offs = env_offs = -1;
472 oldlen = 0;
473 msgblk.msglen = 0;
474 skipcount = 0;
475 delivered_to_count = 0;
476 ctl->mimemsg = 0;
477
478 for (remaining = fetchlen; remaining > 0 || protocol->delimited; )
479 {
480 char *line, *rline;
481
482 line = (char *)xmalloc(sizeof(buf));
483 linelen = 0;
484 line[0] = '\0';
485 do {
486 do {
487 char *sp, *tp;
488
489 set_timeout(mytimeout);
490 if ((n = SockRead(sock, buf, sizeof(buf)-1)) == -1) {
491 set_timeout(0);
492 free(line);
493 return(PS_SOCKET);
494 }
495 set_timeout(0);
496
497 /*
498 * Smash out any NULs, they could wreak havoc later on.
499 * Some network stacks seem to generate these at random,
500 * especially (according to reports) at the beginning of the
501 * first read. NULs are illegal in RFC822 format.
502 */
503 for (sp = tp = buf; sp < buf + n; sp++)
504 if (*sp)
505 *tp++ = *sp;
506 *tp = '\0';
507 n = tp - buf;
508 } while
509 (n == 0);
510
511 remaining -= n;
512 linelen += n;
513 msgblk.msglen += n;
514
515 /*
516 * Try to gracefully handle the case where the length of a
517 * line exceeds MSGBUFSIZE.
518 */
519 if (n && buf[n-1] != '\n')
520 {
521 rline = (char *) realloc(line, linelen + 1);
522 if (rline == NULL)
523 {
524 free (line);
525 return(PS_IOERR);
526 }
527 line = rline;
528 memcpy(line + linelen - n, buf, n);
529 line[linelen] = '\0';
530 ch = ' '; /* So the next iteration starts */
531 continue;
532 }
533
534 /* lines may not be properly CRLF terminated; fix this for qmail */
535 /* we don't want to overflow the buffer here */
536 if (ctl->forcecr && buf[n-1]=='\n' && (n==1 || buf[n-2]!='\r'))
537 {
538 char * tcp;
539 rline = (char *) realloc(line, linelen + 2);
540 if (rline == NULL)
541 {
542 free (line);
543 return(PS_IOERR);
544 }
545 line = rline;
546 memcpy(line + linelen - n, buf, n - 1);
547 tcp = line + linelen - 1;
548 *tcp++ = '\r';
549 *tcp++ = '\n';
550 *tcp = '\0';
551 /* n++; - not used later on */
552 linelen++;
553 }
554 else
555 {
556 rline = (char *) realloc(line, linelen + 1);
557 if (rline == NULL)
558 {
559 free (line);
560 return(PS_IOERR);
561 }
562 line = rline;
563 memcpy(line + linelen - n, buf, n + 1);
564 }
565
566 /* check for end of headers */
567 if (end_of_header(line))
568 {
569 eoh:
570 if (linelen != strlen (line))
571 has_nuls = TRUE;
572 free(line);
573 goto process_headers;
574 }
575
576 /*
577 * Check for end of message immediately. If one of your folders
578 * has been mangled, the delimiter may occur directly after the
579 * header.
580 */
581 if (protocol->delimited && line[0] == '.' && EMPTYLINE(line+1))
582 {
583 if (suppress_readbody)
584 *suppress_readbody = TRUE;
585 goto eoh; /* above */
586 }
587
588 /*
589 * At least one brain-dead website (netmind.com) is known to
590 * send out robotmail that's missing the RFC822 delimiter blank
591 * line before the body! Without this check fetchmail segfaults.
592 * With it, we treat such messages as spam and refuse them.
593 *
594 * Frederic Marchal reported in February 2006 that hotmail
595 * or something improperly wrapped a very long TO header
596 * (wrapped without inserting whitespace in the continuation
597 * line) and found that this code thus refused a message
598 * that should have been delivered.
599 *
600 * XXX FIXME: we should probably wrap the message up as
601 * message/rfc822 attachment and forward to postmaster (Rob
602 * MacGregor)
603 */
604 if (!refuse_mail
605 && !(ctl->server.badheader == BHACCEPT)
606 && !isspace((unsigned char)line[0])
607 && !strchr(line, ':'))
608 {
609 if (linelen != strlen (line))
610 has_nuls = TRUE;
611 if (outlevel > O_SILENT)
612 report(stdout,
613 GT_("incorrect header line found - see manpage for bad-header option\n"));
614 if (outlevel >= O_VERBOSE)
615 report (stdout, GT_("line: %s"), line);
616 refuse_mail = 1;
617 }
618
619 /* check for RFC822 continuations */
620 set_timeout(mytimeout);
621 ch = SockPeek(sock);
622 set_timeout(0);
623 } while
624 (ch == ' ' || ch == '\t'); /* continuation to next line? */
625
626 /* write the message size dots */
627 if ((outlevel > O_SILENT && outlevel < O_VERBOSE) && linelen > 0)
628 {
629 print_ticker(&sizeticker, linelen);
630 }
631
632 /*
633 * Decode MIME encoded headers. We MUST do this before
634 * looking at the Content-Type / Content-Transfer-Encoding
635 * headers (RFC 2046).
636 */
637 if ( ctl->mimedecode )
638 {
639 char *tcp;
640 UnMimeHeader(line);
641 /* the line is now shorter. So we retrace back till we find
642 * our terminating combination \n\0, we move backwards to
643 * make sure that we don't catch some \n\0 stored in the
644 * decoded part of the message */
645 for (tcp = line + linelen - 1; tcp > line && (*tcp != 0 || tcp[-1] != '\n'); tcp--) { }
646 if (tcp > line) linelen = tcp - line;
647 }
648
649
650 /* skip processing if we are going to retain or refuse this mail */
651 if (retain_mail || refuse_mail)
652 {
653 free(line);
654 continue;
655 }
656
657 /* we see an ordinary (non-header, non-message-delimiter) line */
658 if (linelen != strlen (line))
659 has_nuls = TRUE;
660
661 /*
662 * The University of Washington IMAP server (the reference
663 * implementation of IMAP4 written by Mark Crispin) relies
664 * on being able to keep base-UID information in a special
665 * message at the head of the mailbox. This message should
666 * neither be deleted nor forwarded.
667 *
668 * An example for such a message is (keep this in so people
669 * find it when looking where the special code is to handle the
670 * data):
671 *
672 * From MAILER-DAEMON Wed Nov 23 11:38:42 2005
673 * Date: 23 Nov 2005 11:38:42 +0100
674 * From: Mail System Internal Data <MAILER-DAEMON@mail.example.org>
675 * Subject: DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA
676 * Message-ID: <1132742322@mail.example.org>
677 * X-IMAP: 1132742306 0000000001
678 * Status: RO
679 *
680 * This text is part of the internal format of your mail folder, and is not
681 * a real message. It is created automatically by the mail system software.
682 * If deleted, important folder data will be lost, and it will be re-created
683 * with the data reset to initial values.
684 *
685 * This message is only visible if a POP3 server that is unaware
686 * of these UWIMAP messages is used besides UWIMAP or PINE.
687 *
688 * We will just check if the first message in the mailbox has an
689 * X-IMAP: header.
690 */
691 #ifdef POP2_ENABLE
692 /*
693 * We disable this check under POP2 because there's no way to
694 * prevent deletion of the message. So at least we ought to
695 * forward it to the user so he or she will have some clue
696 * that things have gone awry.
697 */
698 if (servport("pop2") != servport(protocol->service))
699 #endif /* POP2_ENABLE */
700 if (num == 1 && !strncasecmp(line, "X-IMAP:", 7)) {
701 free(line);
702 retain_mail = 1;
703 continue;
704 }
705
706 /*
707 * This code prevents fetchmail from becoming an accessory after
708 * the fact to upstream sendmails with the `E' option on. It also
709 * copes with certain brain-dead POP servers (like NT's) that pass
710 * through Unix from_ lines.
711 *
712 * Either of these bugs can result in a non-RFC822 line at the
713 * beginning of the headers. If fetchmail just passes it
714 * through, the client listener may think the message has *no*
715 * headers (since the first) line it sees doesn't look
716 * RFC822-conformant) and fake up a set.
717 *
718 * What the user would see in this case is bogus (synthesized)
719 * headers, followed by a blank line, followed by the >From,
720 * followed by the real headers, followed by a blank line,
721 * followed by text.
722 *
723 * We forestall this lossage by tossing anything that looks
724 * like an escaped or passed-through From_ line in headers.
725 * These aren't RFC822 so our conscience is clear...
726 */
727 if (!strncasecmp(line, ">From ", 6) || !strncasecmp(line, "From ", 5))
728 {
729 free(line);
730 continue;
731 }
732
733 /*
734 * We remove all Delivered-To: headers if dropdelivered is set
735 * - special care must be taken if Delivered-To: is also used
736 * as envelope at the same time.
737 *
738 * This is to avoid false mail loops errors when delivering
739 * local messages to and from a Postfix or qmail mailserver.
740 */
741 if (ctl->dropdelivered && !strncasecmp(line, "Delivered-To:", 13))
742 {
743 if (delivered_to ||
744 ctl->server.envelope == STRING_DISABLED ||
745 !ctl->server.envelope ||
746 strcasecmp(ctl->server.envelope, "Delivered-To") ||
747 delivered_to_count != ctl->server.envskip)
748 free(line);
749 else
750 delivered_to = line;
751 delivered_to_count++;
752 continue;
753 }
754
755 /*
756 * If we see a Status line, it may have been inserted by an MUA
757 * on the mail host, or it may have been inserted by the server
758 * program after the headers in the transaction stream. This
759 * can actually hose some new-mail notifiers such as xbuffy,
760 * which assumes any Status line came from a *local* MDA and
761 * therefore indicates that the message has been seen.
762 *
763 * Some buggy POP servers (including at least the 3.3(20)
764 * version of the one distributed with IMAP) insert empty
765 * Status lines in the transaction stream; we'll chuck those
766 * unconditionally. Nonempty ones get chucked if the user
767 * turns on the dropstatus flag.
768 */
769 {
770 char *tcp;
771
772 if (!strncasecmp(line, "Status:", 7))
773 tcp = line + 7;
774 else if (!strncasecmp(line, "X-Mozilla-Status:", 17))
775 tcp = line + 17;
776 else
777 tcp = NULL;
778 if (tcp) {
779 while (*tcp && isspace((unsigned char)*tcp)) tcp++;
780 if (!*tcp || ctl->dropstatus)
781 {
782 free(line);
783 continue;
784 }
785 }
786 }
787
788 if (ctl->rewrite)
789 line = reply_hack(line, ctl->server.truename, &linelen);
790
791 /*
792 * OK, this is messy. If we're forwarding by SMTP, it's the
793 * SMTP-receiver's job (according to RFC821, page 22, section
794 * 4.1.1) to generate a Return-Path line on final delivery.
795 * The trouble is, we've already got one because the
796 * mailserver's SMTP thought *it* was responsible for final
797 * delivery.
798 *
799 * Stash away the contents of Return-Path (as modified by reply_hack)
800 * for use in generating MAIL FROM later on, then prevent the header
801 * from being saved with the others. In effect, we strip it off here.
802 *
803 * If the SMTP server conforms to the standards, and fetchmail gets the
804 * envelope sender from the Return-Path, the new Return-Path should be
805 * exactly the same as the original one.
806 *
807 * We do *not* want to ignore empty Return-Path headers. These should
808 * be passed through as a way of indicating that a message should
809 * not trigger bounces if delivery fails. What we *do* need to do is
810 * make sure we never try to rewrite such a blank Return-Path. We
811 * handle this with a check for <> in the rewrite logic above.
812 *
813 * Also, if an email has multiple Return-Path: headers, we only
814 * read the first occurance, as some spam email has more than one
815 * Return-Path.
816 *
817 */
818 if ((already_has_return_path==FALSE) && !strncasecmp("Return-Path:", line, 12) && (cp = nxtaddr(line)))
819 {
820 char nulladdr[] = "<>";
821 already_has_return_path = TRUE;
822 if (cp[0]=='\0') /* nxtaddr() strips the brackets... */
823 cp=nulladdr;
824 strlcpy(msgblk.return_path, cp, sizeof(msgblk.return_path));
825 if (!ctl->mda) {
826 free(line);
827 continue;
828 }
829 }
830
831 if (!msgblk.headers)
832 {
833 oldlen = linelen;
834 msgblk.headers = (char *)xmalloc(oldlen + 1);
835 (void) memcpy(msgblk.headers, line, linelen);
836 msgblk.headers[oldlen] = '\0';
837 free(line);
838 line = msgblk.headers;
839 }
840 else
841 {
842 char *newhdrs;
843 int newlen;
844
845 newlen = oldlen + linelen;
846 newhdrs = (char *) realloc(msgblk.headers, newlen + 1);
847 if (newhdrs == NULL) {
848 free(line);
849 return(PS_IOERR);
850 }
851 msgblk.headers = newhdrs;
852 memcpy(msgblk.headers + oldlen, line, linelen);
853 msgblk.headers[newlen] = '\0';
854 free(line);
855 line = msgblk.headers + oldlen;
856 oldlen = newlen;
857 }
858
859 /* find offsets of various special headers */
860 if (!strncasecmp("From:", line, 5))
861 from_offs = (line - msgblk.headers);
862 else if (!strncasecmp("Reply-To:", line, 9))
863 reply_to_offs = (line - msgblk.headers);
864 else if (!strncasecmp("Resent-From:", line, 12))
865 resent_from_offs = (line - msgblk.headers);
866 else if (!strncasecmp("Apparently-From:", line, 16))
867 app_from_offs = (line - msgblk.headers);
868 /*
869 * Netscape 4.7 puts "Sender: zap" in mail headers. Perverse...
870 *
871 * But a literal reading of RFC822 sec. 4.4.2 supports the idea
872 * that Sender: *doesn't* have to be a working email address.
873 *
874 * The definition of the Sender header in RFC822 says, in
875 * part, "The Sender mailbox specification includes a word
876 * sequence which must correspond to a specific agent (i.e., a
877 * human user or a computer program) rather than a standard
878 * address." That implies that the contents of the Sender
879 * field don't need to be a legal email address at all So
880 * ignore any Sender or Resent-Sender lines unless they
881 * contain @.
882 *
883 * (RFC2822 says the contents of Sender must be a valid mailbox
884 * address, which is also what RFC822 4.4.4 implies.)
885 */
886 else if (!strncasecmp("Sender:", line, 7) && (strchr(line, '@') || strchr(line, '!')))
887 sender_offs = (line - msgblk.headers);
888 else if (!strncasecmp("Resent-Sender:", line, 14) && (strchr(line, '@') || strchr(line, '!')))
889 resent_sender_offs = (line - msgblk.headers);
890
891 /* if multidrop is on, gather addressee headers */
892 if (MULTIDROP(ctl))
893 {
894 if (!strncasecmp("To:", line, 3)
895 || !strncasecmp("Cc:", line, 3)
896 || !strncasecmp("Bcc:", line, 4)
897 || !strncasecmp("Apparently-To:", line, 14))
898 {
899 *to_chainptr = (struct addrblk *)xmalloc(sizeof(struct addrblk));
900 (*to_chainptr)->offset = (line - msgblk.headers);
901 to_chainptr = &(*to_chainptr)->next;
902 *to_chainptr = NULL;
903 }
904
905 else if (!strncasecmp("Resent-To:", line, 10)
906 || !strncasecmp("Resent-Cc:", line, 10)
907 || !strncasecmp("Resent-Bcc:", line, 11))
908 {
909 *resent_to_chainptr = (struct addrblk *)xmalloc(sizeof(struct addrblk));
910 (*resent_to_chainptr)->offset = (line - msgblk.headers);
911 resent_to_chainptr = &(*resent_to_chainptr)->next;
912 *resent_to_chainptr = NULL;
913 }
914
915 else if (ctl->server.envelope != STRING_DISABLED)
916 {
917 if (ctl->server.envelope
918 && strcasecmp(ctl->server.envelope, "Received"))
919 {
920 if (env_offs == -1 && !strncasecmp(ctl->server.envelope,
921 line,
922 strlen(ctl->server.envelope)))
923 {
924 if (skipcount++ < ctl->server.envskip)
925 continue;
926 env_offs = (line - msgblk.headers);
927 }
928 }
929 else if (!received_for && !strncasecmp("Received:", line, 9))
930 {
931 if (skipcount++ < ctl->server.envskip)
932 continue;
933 received_for = parse_received(ctl, line);
934 }
935 }
936 }
937 }
938
939 process_headers:
940
941 if (retain_mail) {
942 return(PS_RETAINED);
943 }
944
945 if (refuse_mail)
946 return(PS_REFUSED);
947 /*
948 * This is the duplicate-message killer code.
949 *
950 * When mail delivered to a multidrop mailbox on the server is
951 * addressed to multiple people on the client machine, there will
952 * be one copy left in the box for each recipient. This is not a
953 * problem if we have the actual recipient address to dispatch on
954 * (e.g. because we've mined it out of sendmail trace headers, or
955 * a qmail Delivered-To line, or a declared sender envelope line).
956 *
957 * But if we're mining addressees out of the To/Cc/Bcc fields, and
958 * if the mail is addressed to N people, each recipient will
959 * get N copies. This is bad when N > 1.
960 *
961 * Foil this by suppressing all but one copy of a message with a
962 * given set of headers.
963 *
964 * Note: This implementation only catches runs of successive
965 * messages with the same ID, but that should be good
966 * enough. A more general implementation would have to store
967 * ever-growing lists of seen message-IDs; in a long-running
968 * daemon this would turn into a memory leak even if the
969 * implementation were perfect.
970 *
971 * Don't mess with this code casually. It would be way too easy
972 * to break it in a way that blackholed mail. Better to pass
973 * the occasional duplicate than to do that...
974 *
975 * Matthias Andree:
976 * The real fix however is to insist on Delivered-To: or similar
977 * headers and require that one copy per recipient be dropped.
978 * Everything else breaks sooner or later.
979 */
980 if (MULTIDROP(ctl) && msgblk.headers)
981 {
982 MD5_CTX context;
983
984 MD5Init(&context);
985 MD5Update(&context, (unsigned char *)msgblk.headers, strlen(msgblk.headers));
986 MD5Final(ctl->digest, &context);
987
988 if (!received_for && env_offs == -1 && !delivered_to)
989 {
990 /*
991 * Hmmm...can MD5 ever yield all zeroes as a hash value?
992 * If so there is a one in 18-quadrillion chance this
993 * code will incorrectly nuke the first message.
994 */
995 if (!memcmp(ctl->lastdigest, ctl->digest, DIGESTLEN))
996 return(PS_REFUSED);
997 }
998 memcpy(ctl->lastdigest, ctl->digest, DIGESTLEN);
999 }
1000
1001 /*
1002 * Hack time. If the first line of the message was blank, with no headers
1003 * (this happens occasionally due to bad gatewaying software) cons up
1004 * a set of fake headers.
1005 *
1006 * If you modify the fake header template below, be sure you don't
1007 * make either From or To address @-less, otherwise the reply_hack
1008 * logic will do bad things.
1009 */
1010 if (msgblk.headers == (char *)NULL)
1011 {
1012 snprintf(buf, sizeof(buf),
1013 "From: FETCHMAIL-DAEMON\r\n"
1014 "To: %s@%s\r\n"
1015 "Subject: Headerless mail from %s's mailbox on %s\r\n",
1016 user, fetchmailhost, ctl->remotename, ctl->server.truename);
1017 msgblk.headers = xstrdup(buf);
1018 }
1019
1020 /*
1021 * We can now process message headers before reading the text.
1022 * In fact we have to, as this will tell us where to forward to.
1023 */
1024
1025 /* Check for MIME headers indicating possible 8-bit data */
1026 ctl->mimemsg = MimeBodyType(msgblk.headers, ctl->mimedecode);
1027
1028 #ifdef SDPS_ENABLE
1029 if (ctl->server.sdps && sdps_envfrom)
1030 {
1031 /* We have the real envelope return-path, stored out of band by
1032 * SDPS - that's more accurate than any header is going to be.
1033 */
1034 strlcpy(msgblk.return_path, sdps_envfrom, sizeof(msgblk.return_path));
1035 free(sdps_envfrom);
1036 } else
1037 #endif /* SDPS_ENABLE */
1038 /*
1039 * If there is a Return-Path address on the message, this was
1040 * almost certainly the MAIL FROM address given the originating
1041 * sendmail. This is the best thing to use for logging the
1042 * message origin (it sets up the right behavior for bounces and
1043 * mailing lists). Otherwise, fall down to the next available
1044 * envelope address (which is the most probable real sender).
1045 * *** The order is important! ***
1046 * This is especially useful when receiving mailing list
1047 * messages in multidrop mode. if a local address doesn't
1048 * exist, the bounce message won't be returned blindly to the
1049 * author or to the list itself but rather to the list manager
1050 * (ex: specified by "Sender:") which is much less annoying. This
1051 * is true for most mailing list packages.
1052 */
1053 if( !msgblk.return_path[0] ){
1054 char *ap = NULL;
1055 if (resent_sender_offs >= 0 && (ap = nxtaddr(msgblk.headers + resent_sender_offs)));
1056 else if (sender_offs >= 0 && (ap = nxtaddr(msgblk.headers + sender_offs)));
1057 else if (resent_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + resent_from_offs)));
1058 else if (from_offs >= 0 && (ap = nxtaddr(msgblk.headers + from_offs)));
1059 else if (reply_to_offs >= 0 && (ap = nxtaddr(msgblk.headers + reply_to_offs)));
1060 else if (app_from_offs >= 0 && (ap = nxtaddr(msgblk.headers + app_from_offs))) {}
1061 /* multi-line MAIL FROM addresses confuse SMTP terribly */
1062 if (ap && !strchr(ap, '\n')) {
1063 strlcpy(msgblk.return_path, ap, sizeof(msgblk.return_path));
1064 }
1065 }
1066
1067 /* cons up a list of local recipients */
1068 msgblk.recipients = (struct idlist *)NULL;
1069 accept_count = reject_count = 0;
1070 /* is this a multidrop box? */
1071 if (MULTIDROP(ctl))
1072 {
1073 #ifdef SDPS_ENABLE
1074 if (ctl->server.sdps && sdps_envto)
1075 {
1076 /* We have the real envelope recipient, stored out of band by
1077 * SDPS - that's more accurate than any header is going to be.
1078 */
1079 find_server_names(sdps_envto, ctl, &msgblk.recipients);
1080 free(sdps_envto);
1081 } else
1082 #endif /* SDPS_ENABLE */
1083 if (env_offs > -1) { /* We have the actual envelope addressee */
1084 if (outlevel >= O_DEBUG) {
1085 const char *tmps = msgblk.headers + env_offs;
1086 size_t l = strcspn(tmps, "\r\n");
1087 report(stdout, GT_("Parsing envelope \"%s\" names \"%-.*s\"\n"), ctl->server.envelope, UCAST_TO_INT(l), tmps);
1088 }
1089 find_server_names(msgblk.headers + env_offs, ctl, &msgblk.recipients);
1090 }
1091 else if (delivered_to && ctl->server.envelope != STRING_DISABLED &&
1092 ctl->server.envelope && !strcasecmp(ctl->server.envelope, "Delivered-To"))
1093 {
1094 if (outlevel >= O_DEBUG) {
1095 const char *tmps = delivered_to + 2 + strlen(ctl->server.envelope);
1096 size_t l = strcspn(tmps, "\r\n");
1097 report(stdout, GT_("Parsing envelope \"%s\" names \"%-.*s\"\n"), ctl->server.envelope, UCAST_TO_INT(l), tmps);
1098 }
1099 find_server_names(delivered_to, ctl, &msgblk.recipients);
1100 xfree(delivered_to);
1101 } else if (received_for) {
1102 /*
1103 * We have the Received for addressee.
1104 * It has to be a mailserver address, or we
1105 * wouldn't have got here.
1106 * We use find_server_names() to let local
1107 * hostnames go through.
1108 */
1109 if (outlevel >= O_DEBUG) {
1110 const char *tmps = received_for + 2;
1111 size_t l = strcspn(tmps, "\r\n");
1112 report(stdout, GT_("Parsing Received names \"%-.*s\"\n"), UCAST_TO_INT(l), tmps);
1113 }
1114 find_server_names(received_for, ctl, &msgblk.recipients);
1115 } else {
1116 /*
1117 * We haven't extracted the envelope address.
1118 * So check all the "Resent-To" header addresses if
1119 * they exist. If and only if they don't, consider
1120 * the "To" addresses.
1121 */
1122 struct addrblk *nextptr;
1123 if (outlevel >= O_DEBUG)
1124 report(stdout, GT_("No envelope recipient found, resorting to header guessing.\n"));
1125 if (resent_to_addrchain) {
1126 /* delete the "To" chain and substitute it
1127 * with the "Resent-To" list
1128 */
1129 while (to_addrchain) {
1130 nextptr = to_addrchain->next;
1131 free(to_addrchain);
1132 to_addrchain = nextptr;
1133 }
1134 to_addrchain = resent_to_addrchain;
1135 resent_to_addrchain = NULL;
1136 }
1137 /* now look for remaining adresses */
1138 while (to_addrchain) {
1139 if (outlevel >= O_DEBUG) {
1140 const char *tmps = msgblk.headers+to_addrchain->offset;
1141 size_t l = strcspn(tmps, "\r\n");
1142 report(stdout, GT_("Guessing from header \"%-.*s\".\n"), UCAST_TO_INT(l), tmps);
1143 }
1144
1145 find_server_names(msgblk.headers+to_addrchain->offset, ctl, &msgblk.recipients);
1146 nextptr = to_addrchain->next;
1147 free(to_addrchain);
1148 to_addrchain = nextptr;
1149 }
1150 }
1151 if (!accept_count)
1152 {
1153 no_local_matches = TRUE;
1154 save_str(&msgblk.recipients, run.postmaster, XMIT_ACCEPT);
1155 if (outlevel >= O_DEBUG)
1156 report(stdout,
1157 GT_("no local matches, forwarding to %s\n"),
1158 run.postmaster);
1159 }
1160 }
1161 else /* it's a single-drop box, use first localname */
1162 save_str(&msgblk.recipients, ctl->localnames->id, XMIT_ACCEPT);
1163
1164
1165 /*
1166 * Time to either address the message or decide we can't deliver it yet.
1167 */
1168 if (ctl->errcount > olderrs) /* there were DNS errors above */
1169 {
1170 if (outlevel >= O_DEBUG)
1171 report(stdout,
1172 GT_("forwarding and deletion suppressed due to DNS errors\n"));
1173 return(PS_TRANSIENT);
1174 }
1175 else
1176 {
1177 /* set up stuffline() so we can deliver the message body through it */
1178 if ((n = open_sink(ctl, &msgblk,
1179 &good_addresses, &bad_addresses)) != PS_SUCCESS)
1180 {
1181 return(n);
1182 }
1183 }
1184
1185 n = 0;
1186 /*
1187 * Some server/sendmail combinations cause problems when our
1188 * synthetic Received line is before the From header. Cope
1189 * with this...
1190 */
1191 if ((rcv = strstr(msgblk.headers, "Received:")) == (char *)NULL)
1192 rcv = msgblk.headers;
1193 /* handle ">Received:" lines too */
1194 while (rcv > msgblk.headers && rcv[-1] != '\n')
1195 rcv--;
1196 if (rcv > msgblk.headers)
1197 {
1198 char c = *rcv;
1199
1200 *rcv = '\0';
1201 n = stuffline(ctl, msgblk.headers);
1202 *rcv = c;
1203 }
1204 if (!run.invisible && n != -1)
1205 {
1206 /* utter any per-message Received information we need here */
1207 if (ctl->server.trueaddr) {
1208 char saddr[50];
1209 int e;
1210
1211 e = getnameinfo(ctl->server.trueaddr, ctl->server.trueaddr_len,
1212 saddr, sizeof(saddr), NULL, 0,
1213 NI_NUMERICHOST);
1214 if (e)
1215 snprintf(saddr, sizeof(saddr), "(%-.*s)", (int)(sizeof(saddr) - 3), gai_strerror(e));
1216 snprintf(buf, sizeof(buf),
1217 "Received: from %s [%s]\r\n",
1218 ctl->server.truename, saddr);
1219 } else {
1220 snprintf(buf, sizeof(buf),
1221 "Received: from %s\r\n", ctl->server.truename);
1222 }
1223 n = stuffline(ctl, buf);
1224 if (n != -1)
1225 {
1226 /*
1227 * We SHOULD (RFC-2821 sec. 4.4/p. 53) make sure to only use
1228 * IANA registered protocol names here.
1229 */
1230 snprintf(buf, sizeof(buf),
1231 "\tby %s with %s (fetchmail-%s",
1232 fetchmailhost,
1233 protocol->name,
1234 VERSION);
1235 if (ctl->server.tracepolls)
1236 {
1237 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1238 " polling %s account %s",
1239 ctl->server.pollname,
1240 ctl->remotename);
1241 if (ctl->folder)
1242 snprintf(buf + strlen(buf), sizeof(buf) - strlen(buf),
1243 " folder %s",
1244 ctl->folder);
1245 }
1246 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), ")\r\n");
1247 n = stuffline(ctl, buf);
1248 if (n != -1)
1249 {
1250 buf[0] = '\t';
1251 if (good_addresses == 0)
1252 {
1253 snprintf(buf+1, sizeof(buf)-1, "for <%s> (by default); ",
1254 rcpt_address (ctl, run.postmaster, 0));
1255 }
1256 else if (good_addresses == 1)
1257 {
1258 for (idp = msgblk.recipients; idp; idp = idp->next)
1259 if (idp->val.status.mark == XMIT_ACCEPT)
1260 break; /* only report first address */
1261 if (idp)
1262 snprintf(buf+1, sizeof(buf)-1,
1263 "for <%s>", rcpt_address (ctl, idp->id, 1));
1264 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf)-1,
1265 " (%s); ",
1266 MULTIDROP(ctl) ? "multi-drop" : "single-drop");
1267 }
1268 else
1269 buf[1] = '\0';
1270
1271 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%s\r\n",
1272 rfc822timestamp());
1273 n = stuffline(ctl, buf);
1274 }
1275 }
1276 }
1277
1278 if (n != -1)
1279 n = stuffline(ctl, rcv); /* ship out rest of msgblk.headers */
1280
1281 if (n == -1)
1282 {
1283 report(stdout, GT_("writing RFC822 msgblk.headers\n"));
1284 release_sink(ctl);
1285 return(PS_IOERR);
1286 }
1287
1288 if (want_progress())
1289 fputc('#', stdout);
1290
1291 /* write error notifications */
1292 if (no_local_matches || has_nuls || bad_addresses)
1293 {
1294 int errlen = 0;
1295 char errhd[USERNAMELEN + POPBUFSIZE], *errmsg;
1296
1297 errmsg = errhd;
1298 strlcpy(errhd, "X-Fetchmail-Warning: ", sizeof(errhd));
1299 if (no_local_matches)
1300 {
1301 if (reject_count != 1)
1302 strlcat(errhd, GT_("no recipient addresses matched declared local names"), sizeof(errhd));
1303 else
1304 {
1305 for (idp = msgblk.recipients; idp; idp = idp->next)
1306 if (idp->val.status.mark == XMIT_REJECT)
1307 break;
1308 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd),
1309 GT_("recipient address %s didn't match any local name"), idp->id);
1310 }
1311 }
1312
1313 if (has_nuls)
1314 {
1315 if (errhd[sizeof("X-Fetchmail-Warning: ")])
1316 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), "; ");
1317 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd),
1318 GT_("message has embedded NULs"));
1319 }
1320
1321 if (bad_addresses)
1322 {
1323 if (errhd[sizeof("X-Fetchmail-Warning: ")])
1324 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd), "; ");
1325 snprintf(errhd+strlen(errhd), sizeof(errhd)-strlen(errhd),
1326 GT_("SMTP listener rejected local recipient addresses: "));
1327 errlen = strlen(errhd);
1328 for (idp = msgblk.recipients; idp; idp = idp->next)
1329 if (idp->val.status.mark == XMIT_RCPTBAD)
1330 errlen += strlen(idp->id) + 2;
1331
1332 errmsg = (char *)xmalloc(errlen + 3);
1333 strcpy(errmsg, errhd);
1334 for (idp = msgblk.recipients; idp; idp = idp->next)
1335 if (idp->val.status.mark == XMIT_RCPTBAD)
1336 {
1337 strcat(errmsg, idp->id);
1338 if (idp->next)
1339 strcat(errmsg, ", ");
1340 }
1341
1342 }
1343
1344 strcat(errmsg, "\r\n");
1345
1346 /* ship out the error line */
1347 stuffline(ctl, errmsg);
1348
1349 if (errmsg != errhd)
1350 free(errmsg);
1351 }
1352
1353 /* issue the delimiter line */
1354 cp = buf;
1355 *cp++ = '\r';
1356 *cp++ = '\n';
1357 *cp = '\0';
1358 n = stuffline(ctl, buf);
1359
1360 if ((size_t)n == strlen(buf))
1361 return PS_SUCCESS;
1362 else
1363 return PS_SOCKET;
1364 }
1365
1366 /** Convenience function factored out from readbody():
1367 * send buffer \a buf via stuffline() and handle errors and progress.
1368 * Store return value in \a *n, and return PS_IOERR for failure or
1369 * PS_SUCCESS otherwise. */
rb_send(struct query * ctl,char * buf,int * n)1370 static int rb_send(struct query *ctl, char *buf, int *n)
1371 {
1372 *n = stuffline(ctl, buf);
1373
1374 if (*n < 0)
1375 {
1376 report(stdout, GT_("error writing message text\n"));
1377 release_sink(ctl);
1378 return(PS_IOERR);
1379 }
1380 else if (want_progress())
1381 {
1382 fputc('*', stdout);
1383 fflush(stdout);
1384 }
1385 return PS_SUCCESS;
1386 }
1387
readbody(int sock,struct query * ctl,flag forward,int len)1388 int readbody(int sock, struct query *ctl, flag forward, int len)
1389 /** read and dispose of a message body presented on \a sock */
1390 /** \param ctl query control record */
1391 /** \param sock to which the server is connected */
1392 /** \param forward TRUE to forward */
1393 /** \param len length of message */
1394 {
1395 int linelen;
1396 char buf[MSGBUFSIZE+4];
1397 char *inbufp = buf;
1398 flag issoftline = FALSE;
1399
1400 /*
1401 * Pass through the text lines in the body.
1402 *
1403 * Yes, this wants to be ||, not &&. The problem is that in the most
1404 * important delimited protocol, POP3, the length is not reliable.
1405 * As usual, the problem is Microsoft brain damage; see FAQ item S2.
1406 * So, for delimited protocols we need to ignore the length here and
1407 * instead drop out of the loop with a break statement when we see
1408 * the message delimiter.
1409 */
1410 while (protocol->delimited || len > 0)
1411 {
1412 set_timeout(mytimeout);
1413 /* XXX FIXME: for undelimited protocols that ship the size, such
1414 * as IMAP, we might want to use the count of remaining characters
1415 * instead of the buffer size -- not for fetchmail 6.3.X though */
1416 if ((linelen = SockRead(sock, inbufp, sizeof(buf)-4-(inbufp-buf)))==-1)
1417 {
1418 set_timeout(0);
1419 release_sink(ctl);
1420 return(PS_SOCKET);
1421 }
1422 set_timeout(0);
1423
1424 /* write the message size dots */
1425 if (linelen > 0)
1426 {
1427 print_ticker(&sizeticker, linelen);
1428 }
1429
1430 /* Mike Jones, Manchester University, 2006:
1431 * "To fix IMAP MIME Messages in which fetchmail adds the remainder of
1432 * the IMAP packet including the ')' character (part of the IMAP)
1433 * Protocol causing the addition of an extra MIME boundary locally."
1434 *
1435 * However, we shouldn't do this for delimited protocols:
1436 * many POP3 servers (Microsoft, qmail) goof up message sizes
1437 * so we might end truncating messages prematurely.
1438 */
1439 if (!protocol->delimited && linelen > len) {
1440 /* FIXME: HACK ALERT! This \r\n is only here to make sure the
1441 * \n\0 hunt works later on. The \n generated here was not
1442 * part of the original message!
1443 * The real fix will be to use buffer + length strings,
1444 * rather than 0-terminated C strings. */
1445 inbufp[len++] = '\r';
1446 inbufp[len++] = '\n';
1447 inbufp[len] = '\0';
1448 linelen = len;
1449 }
1450
1451 len -= linelen;
1452
1453 /* check for end of message */
1454 if (protocol->delimited && *inbufp == '.')
1455 {
1456 if (EMPTYLINE(inbufp+1))
1457 break;
1458 else
1459 msgblk.msglen--; /* subtract the size of the dot escape */
1460 }
1461
1462 msgblk.msglen += linelen;
1463
1464 if (ctl->mimedecode && (ctl->mimemsg & MSG_NEEDS_DECODE)) {
1465 issoftline = UnMimeBodyline(&inbufp, protocol->delimited, issoftline);
1466 if (issoftline && (sizeof(buf)-1-(inbufp-buf) < 200))
1467 {
1468 /*
1469 * Soft linebreak, but less than 200 bytes left in
1470 * input buffer. Rather than doing a buffer overrun,
1471 * ignore the soft linebreak, NL-terminate data and
1472 * deliver what we have now.
1473 * (Who writes lines longer than 2K anyway?)
1474 */
1475 *inbufp = '\n'; *(inbufp+1) = '\0';
1476 issoftline = 0;
1477 }
1478 }
1479
1480 /* ship out the text line */
1481 if (forward && (!issoftline))
1482 {
1483 int n, err;
1484 inbufp = buf;
1485
1486 /* guard against very long lines */
1487 buf[MSGBUFSIZE+1] = '\r';
1488 buf[MSGBUFSIZE+2] = '\n';
1489 buf[MSGBUFSIZE+3] = '\0';
1490
1491 err = rb_send(ctl, buf, &n);
1492 if (err != PS_SUCCESS)
1493 return err;
1494 }
1495 }
1496
1497 /* Flush buffer -- bug introduced by ESR on 1998-03-20 before
1498 * release 4.4.1 when ESR did not sufficiently audit Henrik
1499 * Storner's patch.
1500 * Trouble reported in June 2011 by Lars Hecking, with
1501 * text/html quoted-printable messages generated by
1502 * Outlook/Exchange that got mutilated by fetchmail.
1503 */
1504 if (forward && issoftline)
1505 {
1506 int n;
1507
1508 /* force proper line termination */
1509 inbufp[0] = '\r';
1510 inbufp[1] = '\n';
1511 inbufp[2] = '\0';
1512
1513 return rb_send(ctl, buf, &n);
1514 }
1515
1516 return(PS_SUCCESS);
1517 }
1518
init_transact(const struct method * proto)1519 void init_transact(const struct method *proto)
1520 /** initialize state for the send and receive functions */
1521 {
1522 suppress_tags = FALSE;
1523 tagnum = 0;
1524 tag[0] = '\0'; /* nuke any tag hanging out from previous query */
1525 protocol = proto;
1526 shroud[0] = '\0';
1527 }
1528
1529 /** shroud a password in the given buffer */
enshroud(char * buf)1530 static void enshroud(char *buf)
1531 {
1532 char *cp;
1533
1534 if (shroud[0] && (cp = strstr(buf, shroud)))
1535 {
1536 char *sp;
1537
1538 sp = cp + strlen(shroud);
1539 *cp++ = '*';
1540 while (*sp)
1541 *cp++ = *sp++;
1542 *cp = '\0';
1543 }
1544 }
1545
1546 #if defined(HAVE_STDARG_H)
1547 /** assemble command in printf(3) style and send to the server */
gen_send(int sock,const char * fmt,...)1548 void gen_send(int sock, const char *fmt, ... )
1549 #else
1550 void gen_send(sock, fmt, va_alist)
1551 int sock; /** socket to which server is connected */
1552 const char *fmt; /** printf-style format */
1553 va_dcl
1554 #endif
1555 {
1556 char buf [MSGBUFSIZE+1];
1557 va_list ap;
1558
1559 if (protocol->tagged && !suppress_tags)
1560 snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM);
1561 else
1562 buf[0] = '\0';
1563
1564 #if defined(HAVE_STDARG_H)
1565 va_start(ap, fmt);
1566 #else
1567 va_start(ap);
1568 #endif
1569 vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap);
1570 va_end(ap);
1571
1572 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
1573 SockWrite(sock, buf, strlen(buf));
1574
1575 if (outlevel >= O_MONITOR)
1576 {
1577 enshroud(buf);
1578 buf[strlen(buf)-2] = '\0';
1579 report(stdout, "%s> %s\n", protocol->name, buf);
1580 }
1581 }
1582
1583 /** get one line of input from the server */
gen_recv(int sock,char * buf,int size)1584 int gen_recv(int sock /** socket to which server is connected */,
1585 char *buf /** buffer to receive input */,
1586 int size /** length of buffer */)
1587 {
1588 size_t n;
1589 int oldphase = phase; /* we don't have to be re-entrant */
1590
1591 phase = SERVER_WAIT;
1592 set_timeout(mytimeout);
1593 if (SockRead(sock, buf, size) == -1)
1594 {
1595 set_timeout(0);
1596 phase = oldphase;
1597 if(is_idletimeout())
1598 {
1599 resetidletimeout();
1600 return(PS_IDLETIMEOUT);
1601 }
1602 else
1603 return(PS_SOCKET);
1604 }
1605 else
1606 {
1607 set_timeout(0);
1608 n = strlen(buf);
1609 if (n > 0 && buf[n-1] == '\n')
1610 buf[--n] = '\0';
1611 if (n > 0 && buf[n-1] == '\r')
1612 buf[--n] = '\0';
1613 if (outlevel >= O_MONITOR)
1614 report(stdout, "%s< %s\n", protocol->name, buf);
1615 phase = oldphase;
1616 return(PS_SUCCESS);
1617 }
1618 }
1619
1620 /** \addtogroup gen_recv_split
1621 * @{
1622 * gen_recv_split() splits the response from a server which is too
1623 * long to fit into the buffer into multiple lines. If the prefix is
1624 * set as "MY FEATURES" and the response from the server is too long
1625 * to fit in the buffer, as in:
1626 *
1627 * "MY FEATURES ABC DEF GHI JKLMNOPQRS TU VWX YZ"
1628 *
1629 * Repeated calls to gen_recv_split() may return:
1630 *
1631 * "MY FEATURES ABC DEF GHI"
1632 * "MY FEATURES JKLMNOPQRS"
1633 * "MY FEATURES TU VWX YZ"
1634 *
1635 * A response not beginning with the prefix "MY FEATURES" will not be
1636 * split.
1637 *
1638 * To use:
1639 * - Declare a variable of type struct RecvSplit
1640 * - Call gen_recv_split_init() once
1641 * - Call gen_recv_split() in a loop, preferably with the same buffer
1642 * size as the "buf" array in struct RecvSplit
1643 */
1644
1645 static void overrun(const char *f, size_t l) __attribute__((noreturn));
1646
1647 /** Internal error report function. If this happens, the calling site
1648 * needs to be adjusted to set a shorter prefix, or the prefix capacity
1649 * needs to be raised in struct RecvSplit. */
overrun(const char * f,size_t l)1650 static void overrun(const char *f, size_t l)
1651 {
1652 report(stderr, GT_("Buffer too small. This is a bug in the caller of %s:%lu.\n"), f, (unsigned long)l);
1653 abort();
1654 }
1655
1656 /** Initialize \a rs for later use by gen_recv_split. */
gen_recv_split_init(const char * prefix,struct RecvSplit * rs)1657 void gen_recv_split_init (const char *prefix /** prefix to match/repeat */,
1658 struct RecvSplit *rs /** structure to be initialized */)
1659 {
1660 if (strlcpy(rs->prefix, prefix, sizeof(rs->prefix)) > sizeof(rs->prefix))
1661 overrun(__FILE__, __LINE__);
1662 rs->cached = 0;
1663 rs->buf[0] = '\0';
1664 }
1665
1666 /** Function to split replies at blanks, and duplicate prefix.
1667 * gen_recv_split_init() must be called before this can be used. */
gen_recv_split(int sock,char * buf,int size,struct RecvSplit * rs)1668 int gen_recv_split(int sock /** socket to which server is connected */,
1669 char *buf /** buffer to receive input */,
1670 int size /** length of buffer, must be the same for all calls */,
1671 struct RecvSplit *rs /** cached information across calls */)
1672 {
1673 size_t n = 0;
1674 int foundnewline = 0;
1675 char *p;
1676 int oldphase = phase; /* we don't have to be re-entrant */
1677
1678 assert(size > 0);
1679
1680 /* if this is not our first call, prepare the buffer */
1681 if (rs->cached)
1682 {
1683 /*
1684 * if this condition is not met, we lose data
1685 * because the cached data does not fit into the buffer.
1686 * this cannot happen if size is the same throughout all calls.
1687 */
1688 assert(strlen(rs->prefix) + strlen(rs->buf) + 1 <= (size_t)size);
1689
1690 if ((strlcpy(buf, rs->prefix, size) >= (size_t)size)
1691 || (strlcat(buf, rs->buf, size) >= (size_t)size)) {
1692 overrun(__FILE__, __LINE__);
1693 }
1694
1695 n = strlen(buf);
1696 /* clear the cache for the next call */
1697 rs->cached = 0;
1698 rs->buf[0] = '\0';
1699 }
1700
1701 if ((size_t)size > n) {
1702 int rr;
1703
1704 phase = SERVER_WAIT;
1705 set_timeout(mytimeout);
1706 rr = SockRead(sock, buf + n, size - n);
1707 set_timeout(0);
1708 phase = oldphase;
1709 if (rr == -1)
1710 return PS_SOCKET;
1711 }
1712
1713 n = strlen(buf);
1714 if (n > 0 && buf[n-1] == '\n')
1715 {
1716 buf[--n] = '\0';
1717 foundnewline = 1;
1718 }
1719 if (n > 0 && buf[n-1] == '\r')
1720 buf[--n] = '\0';
1721
1722 if (foundnewline /* we have found a complete line */
1723 || strncasecmp(buf, rs->prefix, strlen(rs->prefix)) /* mismatch in prefix */
1724 || !(p = strrchr(buf, ' ')) /* no space found in response */
1725 || p < buf + strlen(rs->prefix)) /* space is at the wrong location */
1726 {
1727 if (outlevel >= O_MONITOR)
1728 report(stdout, "%s< %s\n", protocol->name, buf);
1729 return(PS_SUCCESS);
1730 }
1731
1732 /* we are ready to cache some information now. */
1733 rs->cached = 1;
1734 if (strlcpy(rs->buf, p, sizeof(rs->buf)) >= sizeof(rs->buf)) {
1735 overrun(__FILE__, __LINE__);
1736 }
1737 *p = '\0'; /* chop off what we've cached */
1738 if (outlevel >= O_MONITOR)
1739 report(stdout, "%s< %s\n", protocol->name, buf);
1740 if (outlevel >= O_DEBUG)
1741 report(stdout, "%s< %s%s...\n", protocol->name, rs->prefix, rs->buf);
1742 return(PS_SUCCESS);
1743 }
1744 /** @} */
1745
1746 #if defined(HAVE_STDARG_H)
gen_transact(int sock,const char * fmt,...)1747 int gen_transact(int sock, const char *fmt, ... )
1748 #else
1749 int gen_transact(int sock, fmt, va_alist)
1750 int sock; /** socket to which server is connected */
1751 const char *fmt; /** printf-style format */
1752 va_dcl
1753 #endif
1754 /** assemble command in printf(3) style, send to server, fetch a response */
1755 {
1756 int ok;
1757 char buf [MSGBUFSIZE+1];
1758 va_list ap;
1759 int oldphase = phase; /* we don't have to be re-entrant */
1760
1761 phase = SERVER_WAIT;
1762
1763 if (protocol->tagged && !suppress_tags)
1764 snprintf(buf, sizeof(buf) - 2, "%s ", GENSYM);
1765 else
1766 buf[0] = '\0';
1767
1768 #if defined(HAVE_STDARG_H)
1769 va_start(ap, fmt) ;
1770 #else
1771 va_start(ap);
1772 #endif
1773 vsnprintf(buf + strlen(buf), sizeof(buf)-2-strlen(buf), fmt, ap);
1774 va_end(ap);
1775
1776 snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "\r\n");
1777 ok = SockWrite(sock, buf, strlen(buf));
1778 if (ok == -1 || (size_t)ok != strlen(buf)) {
1779 /* short write, bail out */
1780 return PS_SOCKET;
1781 }
1782
1783 if (outlevel >= O_MONITOR)
1784 {
1785 enshroud(buf);
1786 buf[strlen(buf)-2] = '\0';
1787 report(stdout, "%s> %s\n", protocol->name, buf);
1788 }
1789
1790 /* we presume this does its own response echoing */
1791 ok = (protocol->parse_response)(sock, buf);
1792
1793 phase = oldphase;
1794 return(ok);
1795 }
1796
1797 /* transact.c ends here */
1798