On 2004-05-06 Nico Erfurth <masta@???> wrote:
> Andreas Metzler wrote:
> >Afaict the broken code in src/verify.c is completely useless in exim4.
> >The header name is copied to hname but the error message is generated
> >from h->text and hname is ignored.
> Damn, you've beaten me by 5 secs ;)
Hello,
I cheated. I was pre-warned by Debian's security team. ;-)
> Yes, the code looks useless. Looks like Philip already wanted to fix it,
> but left the broken code lying around.
> >Shouldn't exim reject
> >
> >To : bar@foo
> >
> >at east if 'verify = header_syntax' is used?
> I've quickly looked over the rfc, and it's IMHO not very clear about it.
> <quote>
> Header fields are lines composed of a field name, followed by a colon
> (":"), followed by a field body, and terminated by CRLF. A field
> name MUST be composed of printable US-ASCII characters (i.e.,
> characters that have values between 33 and 126, inclusive), except
> colon.
> </quote>
That is quite clear imho. SPACE is 32 and therefore not "between 33
and 126". And later it says:
from = "From:" mailbox-list CRLF
sender = "Sender:" mailbox CRLF
reply-to = "Reply-To:" address-list CRLF
to = "To:" address-list CRLF
cc = "Cc:" address-list CRLF
bcc = "Bcc:" (address-list / [CFWS]) CRLF
cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"
