From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 22 Sep 2013 14:05:43 +0000 (+0100)
Subject: ftpserver.pl: Expanded the SMTP RCPT handler to validate TO addresses
X-Git-Tag: curl-7_33_0~44
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8880f84e1a8f9642b883e429588e26f928711245;p=curl

ftpserver.pl: Expanded the SMTP RCPT handler to validate TO addresses

RCPT_smtp() will now check for a correctly formatted TO address which
allows for invalid recipient addresses to be added.
---

diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl
index 588f98d5d..be2d545ba 100755
--- a/tests/ftpserver.pl
+++ b/tests/ftpserver.pl
@@ -849,13 +849,22 @@ sub RCPT_smtp {
 
     logmsg "RCPT_smtp got $args\n";
 
+    # Get the TO parameter
     if($args !~ /^TO:(.*)/) {
         sendcontrol "501 Unrecognized parameter\r\n";
     }
     else {
         $smtp_rcpt = $1;
 
-        sendcontrol "250 Recipient OK\r\n";
+        # Validate the to address (only a valid email address inside <> is
+        # allowed, such as <user@example.com>)
+        if ($smtp_rcpt !~
+            /^<([a-zA-Z0-9._%+-]+)\@([a-zA-Z0-9.-]+).([a-zA-Z]{2,4})>$/) {
+            sendcontrol "501 Invalid address\r\n";
+        }
+        else {
+            sendcontrol "250 Recipient OK\r\n";
+        }
     }
 
     return 0;