/src/gnupg/common/mbox-util.c
Line | Count | Source |
1 | | /* mbox-util.c - Mail address helper functions |
2 | | * Copyright (C) 1998-2010 Free Software Foundation, Inc. |
3 | | * Copyright (C) 1998-2015 Werner Koch |
4 | | * |
5 | | * This file is part of GnuPG. |
6 | | * |
7 | | * This file is free software; you can redistribute it and/or modify |
8 | | * it under the terms of the GNU Lesser General Public License as |
9 | | * published by the Free Software Foundation; either version 2.1 of |
10 | | * the License, or (at your option) any later version. |
11 | | * |
12 | | * This file is distributed in the hope that it will be useful, |
13 | | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
14 | | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
15 | | * GNU General Public License for more details. |
16 | | * |
17 | | * You should have received a copy of the GNU Lesser General Public License |
18 | | * along with this program; if not, see <https://www.gnu.org/licenses/>. |
19 | | */ |
20 | | |
21 | | /* NB: GPGME uses the same code to reflect our idea on how to extract |
22 | | * a mail address from a user id. |
23 | | */ |
24 | | |
25 | | #include <config.h> |
26 | | #include <stdio.h> |
27 | | #include <stdlib.h> |
28 | | #include <string.h> |
29 | | #include <unistd.h> |
30 | | #include <errno.h> |
31 | | |
32 | | #include "util.h" |
33 | | #include "mbox-util.h" |
34 | | |
35 | | |
36 | | static int |
37 | | string_count_chr (const char *string, int c) |
38 | 488 | { |
39 | 488 | int count; |
40 | | |
41 | 6.35k | for (count=0; *string; string++ ) |
42 | 5.86k | if ( *string == c ) |
43 | 536 | count++; |
44 | 488 | return count; |
45 | 488 | } |
46 | | |
47 | | static int |
48 | | mem_count_chr (const void *buffer, int c, size_t length) |
49 | 1.55k | { |
50 | 1.55k | const char *s = buffer; |
51 | 1.55k | int count; |
52 | | |
53 | 8.13k | for (count=0; length; length--, s++) |
54 | 6.57k | if (*s == c) |
55 | 1.70k | count++; |
56 | 1.55k | return count; |
57 | 1.55k | } |
58 | | |
59 | | |
60 | | static int |
61 | | string_has_ctrl_or_space (const char *string) |
62 | 280 | { |
63 | 3.82k | for (; *string; string++ ) |
64 | 3.64k | if (!(*string & 0x80) && *string <= 0x20) |
65 | 95 | return 1; |
66 | 185 | return 0; |
67 | 280 | } |
68 | | |
69 | | |
70 | | /* Return true if STRING has two consecutive '.' after an '@' |
71 | | sign. */ |
72 | | static int |
73 | | has_dotdot_after_at (const char *string) |
74 | 185 | { |
75 | 185 | string = strchr (string, '@'); |
76 | 185 | if (!string) |
77 | 0 | return 0; /* No at-sign. */ |
78 | 185 | string++; |
79 | 185 | return !!strstr (string, ".."); |
80 | 185 | } |
81 | | |
82 | | |
83 | | /* Check whether BUFFER has characters not valid in an RFC-822 |
84 | | address. LENGTH gives the length of BUFFER. |
85 | | |
86 | | To cope with OpenPGP we ignore non-ascii characters so that for |
87 | | example umlauts are legal in an email address. An OpenPGP user ID |
88 | | must be utf-8 encoded but there is no strict requirement for |
89 | | RFC-822. Thus to avoid IDNA encoding we put the address verbatim |
90 | | as utf-8 into the user ID under the assumption that mail programs |
91 | | handle IDNA at a lower level and take OpenPGP user IDs as utf-8. |
92 | | Note that we can't do an utf-8 encoding checking here because in |
93 | | keygen.c this function is called with the native encoding and |
94 | | native to utf-8 encoding is only done later. */ |
95 | | int |
96 | | has_invalid_email_chars (const void *buffer, size_t length) |
97 | 2.92k | { |
98 | 2.92k | const unsigned char *s = buffer; |
99 | 2.92k | int at_seen=0; |
100 | 2.92k | const char *valid_chars= |
101 | 2.92k | "01234567890_-.abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"; |
102 | | |
103 | 9.78k | for ( ; length && *s; length--, s++ ) |
104 | 8.22k | { |
105 | 8.22k | if ((*s & 0x80)) |
106 | 1.96k | continue; /* We only care about ASCII. */ |
107 | 6.26k | if (*s == '@') |
108 | 1.78k | at_seen=1; |
109 | 4.48k | else if (!at_seen && !(strchr (valid_chars, *s) |
110 | 1.75k | || strchr ("!#$%&'*+/=?^`{|}~", *s))) |
111 | 1.29k | return 1; |
112 | 3.18k | else if (at_seen && !strchr (valid_chars, *s)) |
113 | 75 | return 1; |
114 | 6.26k | } |
115 | 1.55k | return 0; |
116 | 2.92k | } |
117 | | |
118 | | |
119 | | /* Same as is_valid_mailbox (see below) but operates on non-nul |
120 | | terminated buffer. */ |
121 | | int |
122 | | is_valid_mailbox_mem (const void *name_arg, size_t namelen) |
123 | 2.92k | { |
124 | 2.92k | const char *name = name_arg; |
125 | | |
126 | 2.92k | return !( !name |
127 | 2.92k | || !namelen |
128 | 2.92k | || has_invalid_email_chars (name, namelen) |
129 | 1.55k | || mem_count_chr (name, '@', namelen) != 1 |
130 | 1.12k | || *name == '@' |
131 | 1.05k | || name[namelen-1] == '@' |
132 | 945 | || name[namelen-1] == '.' |
133 | 525 | || gnupg_memstr (name, namelen, "..")); |
134 | 2.92k | } |
135 | | |
136 | | |
137 | | /* Check whether NAME represents a valid mailbox according to |
138 | | RFC822. Returns true if so. */ |
139 | | int |
140 | | is_valid_mailbox (const char *name) |
141 | 2.92k | { |
142 | 2.92k | return name? is_valid_mailbox_mem (name, strlen (name)) : 0; |
143 | 2.92k | } |
144 | | |
145 | | |
146 | | /* Return the mailbox (local-part@domain) form a standard user id. |
147 | | * All plain ASCII characters in the result are converted to |
148 | | * lowercase. If SUBADDRESS is 1, '+' denoted sub-addresses are not |
149 | | * included in the result. Caller must free the result. Returns NULL |
150 | | * if no valid mailbox was found (or we are out of memory). */ |
151 | | char * |
152 | | mailbox_from_userid (const char *userid, int subaddress) |
153 | 3.46k | { |
154 | 3.46k | const char *s, *s_end; |
155 | 3.46k | size_t len; |
156 | 3.46k | char *result = NULL; |
157 | | |
158 | 3.46k | s = strchr (userid, '<'); |
159 | 3.46k | if (s) |
160 | 532 | { |
161 | | /* Seems to be a standard user id. */ |
162 | 532 | s++; |
163 | 532 | s_end = strchr (s, '>'); |
164 | 532 | if (s_end && s_end > s) |
165 | 488 | { |
166 | 488 | len = s_end - s; |
167 | 488 | result = xtrymalloc (len + 1); |
168 | 488 | if (!result) |
169 | 0 | return NULL; /* Ooops - out of core. */ |
170 | 488 | strncpy (result, s, len); |
171 | 488 | result[len] = 0; |
172 | | /* Apply some basic checks on the address. We do not use |
173 | | is_valid_mailbox because those checks are too strict. */ |
174 | 488 | if (string_count_chr (result, '@') != 1 /* Need exactly one '@. */ |
175 | 434 | || *result == '@' /* local-part missing. */ |
176 | 431 | || result[len-1] == '@' /* domain missing. */ |
177 | 374 | || result[len-1] == '.' /* ends with a dot. */ |
178 | 280 | || string_has_ctrl_or_space (result) |
179 | 185 | || has_dotdot_after_at (result)) |
180 | 323 | { |
181 | 323 | xfree (result); |
182 | 323 | result = NULL; |
183 | 323 | errno = EINVAL; |
184 | 323 | } |
185 | 488 | } |
186 | 44 | else |
187 | 532 | errno = EINVAL; |
188 | 532 | } |
189 | 2.92k | else if (is_valid_mailbox (userid)) |
190 | 450 | { |
191 | | /* The entire user id is a mailbox. Return that one. Note that |
192 | | this fallback method has some restrictions on the valid |
193 | | syntax of the mailbox. However, those who want weird |
194 | | addresses should know about it and use the regular <...> |
195 | | syntax. */ |
196 | 450 | result = xtrystrdup (userid); |
197 | 450 | } |
198 | 2.47k | else |
199 | 2.92k | errno = EINVAL; |
200 | | |
201 | 3.46k | if (result && subaddress == 1) |
202 | 0 | { |
203 | 0 | char *atsign, *plus; |
204 | |
|
205 | 0 | if ((atsign = strchr (result, '@'))) |
206 | 0 | { |
207 | | /* We consider a subaddress only if there is a single '+' |
208 | | * in the local part and the '+' is not the first or last |
209 | | * character. */ |
210 | 0 | *atsign = 0; |
211 | 0 | if ((plus = strchr (result, '+')) |
212 | 0 | && !strchr (plus+1, '+') |
213 | 0 | && result != plus |
214 | 0 | && plus[1] ) |
215 | 0 | { |
216 | 0 | *atsign = '@'; |
217 | 0 | memmove (plus, atsign, strlen (atsign)+1); |
218 | 0 | } |
219 | 0 | else |
220 | 0 | *atsign = '@'; |
221 | 0 | } |
222 | 0 | } |
223 | | |
224 | 3.46k | return result? ascii_strlwr (result): NULL; |
225 | 3.46k | } |
226 | | |
227 | | |
228 | | /* Check whether UID is a valid standard user id of the form |
229 | | "Heinrich Heine <heinrichh@duesseldorf.de>" |
230 | | and return true if this is the case. */ |
231 | | int |
232 | | is_valid_user_id (const char *uid) |
233 | 0 | { |
234 | 0 | if (!uid || !*uid) |
235 | 0 | return 0; |
236 | | |
237 | 0 | return 1; |
238 | 0 | } |
239 | | |
240 | | |
241 | | /* Returns true if STRING is a valid domain name according to the LDH |
242 | | * rule. */ |
243 | | int |
244 | | is_valid_domain_name (const char *string) |
245 | 0 | { |
246 | 0 | static char const ldh_chars[] = |
247 | 0 | "01234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ-"; |
248 | 0 | const char *s; |
249 | | |
250 | | /* Note that we do not check the length limit of a label or the |
251 | | * entire name */ |
252 | |
|
253 | 0 | for (s=string; *s; s++) |
254 | 0 | if (*s == '.') |
255 | 0 | { |
256 | 0 | if (string == s) |
257 | 0 | return 0; /* Dot at the start of the string. */ |
258 | | /* (may also be at the end like in ".") */ |
259 | 0 | if (s[1] == '.') |
260 | 0 | return 0; /* No - double dot. */ |
261 | 0 | } |
262 | 0 | else if (!strchr (ldh_chars, *s)) |
263 | 0 | return 0; |
264 | 0 | else if (*s == '-') |
265 | 0 | { |
266 | 0 | if (string == s) |
267 | 0 | return 0; /* Leading hyphen. */ |
268 | 0 | if (s[-1] == '.') |
269 | 0 | return 0; /* Hyphen at begin of a label. */ |
270 | 0 | if (s[1] == '.') |
271 | 0 | return 0; /* Hyphen at start of a label. */ |
272 | 0 | if (!s[1]) |
273 | 0 | return 0; /* Trailing hyphen. */ |
274 | 0 | } |
275 | | |
276 | 0 | return !!*string; |
277 | 0 | } |