xref: /illumos-gate/usr/src/cmd/sendmail/src/headers.c (revision 7ae111d47a973fff4c6e231cc31f271dd9cef473)
1 /*
2  * Copyright (c) 1998-2004, 2006 Sendmail, Inc. and its suppliers.
3  *	All rights reserved.
4  * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
5  * Copyright (c) 1988, 1993
6  *	The Regents of the University of California.  All rights reserved.
7  *
8  * By using this file, you agree to the terms and conditions set
9  * forth in the LICENSE file which can be found at the top level of
10  * the sendmail distribution.
11  *
12  */
13 
14 #pragma ident	"%Z%%M%	%I%	%E% SMI"
15 
16 #include <sendmail.h>
17 
18 SM_RCSID("@(#)$Id: headers.c,v 8.291 2006/03/24 01:01:56 ca Exp $")
19 
20 static HDR	*allocheader __P((char *, char *, int, SM_RPOOL_T *));
21 static size_t	fix_mime_header __P((HDR *, ENVELOPE *));
22 static int	priencode __P((char *));
23 static bool	put_vanilla_header __P((HDR *, char *, MCI *));
24 
25 /*
26 **  SETUPHEADERS -- initialize headers in symbol table
27 **
28 **	Parameters:
29 **		none
30 **
31 **	Returns:
32 **		none
33 */
34 
35 void
36 setupheaders()
37 {
38 	struct hdrinfo *hi;
39 	STAB *s;
40 
41 	for (hi = HdrInfo; hi->hi_field != NULL; hi++)
42 	{
43 		s = stab(hi->hi_field, ST_HEADER, ST_ENTER);
44 		s->s_header.hi_flags = hi->hi_flags;
45 		s->s_header.hi_ruleset = NULL;
46 	}
47 }
48 /*
49 **  CHOMPHEADER -- process and save a header line.
50 **
51 **	Called by collect, readcf, and readqf to deal with header lines.
52 **
53 **	Parameters:
54 **		line -- header as a text line.
55 **		pflag -- flags for chompheader() (from sendmail.h)
56 **		hdrp -- a pointer to the place to save the header.
57 **		e -- the envelope including this header.
58 **
59 **	Returns:
60 **		flags for this header.
61 **
62 **	Side Effects:
63 **		The header is saved on the header list.
64 **		Contents of 'line' are destroyed.
65 */
66 
67 static struct hdrinfo	NormalHeader =	{ NULL, 0, NULL };
68 
69 unsigned long
70 chompheader(line, pflag, hdrp, e)
71 	char *line;
72 	int pflag;
73 	HDR **hdrp;
74 	register ENVELOPE *e;
75 {
76 	unsigned char mid = '\0';
77 	register char *p;
78 	register HDR *h;
79 	HDR **hp;
80 	char *fname;
81 	char *fvalue;
82 	bool cond = false;
83 	bool dropfrom;
84 	bool headeronly;
85 	STAB *s;
86 	struct hdrinfo *hi;
87 	bool nullheader = false;
88 	BITMAP256 mopts;
89 
90 	if (tTd(31, 6))
91 	{
92 		sm_dprintf("chompheader: ");
93 		xputs(sm_debug_file(), line);
94 		sm_dprintf("\n");
95 	}
96 
97 	headeronly = hdrp != NULL;
98 	if (!headeronly)
99 		hdrp = &e->e_header;
100 
101 	/* strip off options */
102 	clrbitmap(mopts);
103 	p = line;
104 	if (!bitset(pflag, CHHDR_USER) && *p == '?')
105 	{
106 		int c;
107 		register char *q;
108 
109 		q = strchr(++p, '?');
110 		if (q == NULL)
111 			goto hse;
112 
113 		*q = '\0';
114 		c = *p & 0377;
115 
116 		/* possibly macro conditional */
117 		if (c == MACROEXPAND)
118 		{
119 			/* catch ?$? */
120 			if (*++p == '\0')
121 			{
122 				*q = '?';
123 				goto hse;
124 			}
125 
126 			mid = (unsigned char) *p++;
127 
128 			/* catch ?$abc? */
129 			if (*p != '\0')
130 			{
131 				*q = '?';
132 				goto hse;
133 			}
134 		}
135 		else if (*p == '$')
136 		{
137 			/* catch ?$? */
138 			if (*++p == '\0')
139 			{
140 				*q = '?';
141 				goto hse;
142 			}
143 
144 			mid = (unsigned char) macid(p);
145 			if (bitset(0200, mid))
146 			{
147 				p += strlen(macname(mid)) + 2;
148 				SM_ASSERT(p <= q);
149 			}
150 			else
151 				p++;
152 
153 			/* catch ?$abc? */
154 			if (*p != '\0')
155 			{
156 				*q = '?';
157 				goto hse;
158 			}
159 		}
160 		else
161 		{
162 			while (*p != '\0')
163 			{
164 				if (!isascii(*p))
165 				{
166 					*q = '?';
167 					goto hse;
168 				}
169 
170 				setbitn(bitidx(*p), mopts);
171 				cond = true;
172 				p++;
173 			}
174 		}
175 		p = q + 1;
176 	}
177 
178 	/* find canonical name */
179 	fname = p;
180 	while (isascii(*p) && isgraph(*p) && *p != ':')
181 		p++;
182 	fvalue = p;
183 	while (isascii(*p) && isspace(*p))
184 		p++;
185 	if (*p++ != ':' || fname == fvalue)
186 	{
187 hse:
188 		syserr("553 5.3.0 header syntax error, line \"%s\"", line);
189 		return 0;
190 	}
191 	*fvalue = '\0';
192 
193 	/* strip field value on front */
194 	if (*p == ' ')
195 		p++;
196 	fvalue = p;
197 
198 	/* if the field is null, go ahead and use the default */
199 	while (isascii(*p) && isspace(*p))
200 		p++;
201 	if (*p == '\0')
202 		nullheader = true;
203 
204 	/* security scan: long field names are end-of-header */
205 	if (strlen(fname) > 100)
206 		return H_EOH;
207 
208 	/* check to see if it represents a ruleset call */
209 	if (bitset(pflag, CHHDR_DEF))
210 	{
211 		char hbuf[50];
212 
213 		(void) expand(fvalue, hbuf, sizeof hbuf, e);
214 		for (p = hbuf; isascii(*p) && isspace(*p); )
215 			p++;
216 		if ((*p++ & 0377) == CALLSUBR)
217 		{
218 			auto char *endp;
219 			bool strc;
220 
221 			strc = *p == '+';	/* strip comments? */
222 			if (strc)
223 				++p;
224 			if (strtorwset(p, &endp, ST_ENTER) > 0)
225 			{
226 				*endp = '\0';
227 				s = stab(fname, ST_HEADER, ST_ENTER);
228 				if (LogLevel > 9 &&
229 				    s->s_header.hi_ruleset != NULL)
230 					sm_syslog(LOG_WARNING, NOQID,
231 						  "Warning: redefined ruleset for header=%s, old=%s, new=%s",
232 						  fname,
233 						  s->s_header.hi_ruleset, p);
234 				s->s_header.hi_ruleset = newstr(p);
235 				if (!strc)
236 					s->s_header.hi_flags |= H_STRIPCOMM;
237 			}
238 			return 0;
239 		}
240 	}
241 
242 	/* see if it is a known type */
243 	s = stab(fname, ST_HEADER, ST_FIND);
244 	if (s != NULL)
245 		hi = &s->s_header;
246 	else
247 		hi = &NormalHeader;
248 
249 	if (tTd(31, 9))
250 	{
251 		if (s == NULL)
252 			sm_dprintf("no header flags match\n");
253 		else
254 			sm_dprintf("header match, flags=%lx, ruleset=%s\n",
255 				   hi->hi_flags,
256 				   hi->hi_ruleset == NULL ? "<NULL>"
257 							  : hi->hi_ruleset);
258 	}
259 
260 	/* see if this is a resent message */
261 	if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
262 	    bitset(H_RESENT, hi->hi_flags))
263 		e->e_flags |= EF_RESENT;
264 
265 	/* if this is an Errors-To: header keep track of it now */
266 	if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly &&
267 	    bitset(H_ERRORSTO, hi->hi_flags))
268 		(void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e);
269 
270 	/* if this means "end of header" quit now */
271 	if (!headeronly && bitset(H_EOH, hi->hi_flags))
272 		return hi->hi_flags;
273 
274 	/*
275 	**  Horrible hack to work around problem with Lotus Notes SMTP
276 	**  mail gateway, which generates From: headers with newlines in
277 	**  them and the <address> on the second line.  Although this is
278 	**  legal RFC 822, many MUAs don't handle this properly and thus
279 	**  never find the actual address.
280 	*/
281 
282 	if (bitset(H_FROM, hi->hi_flags) && SingleLineFromHeader)
283 	{
284 		while ((p = strchr(fvalue, '\n')) != NULL)
285 			*p = ' ';
286 	}
287 
288 	/*
289 	**  If there is a check ruleset, verify it against the header.
290 	*/
291 
292 	if (bitset(pflag, CHHDR_CHECK))
293 	{
294 		int rscheckflags;
295 		char *rs;
296 
297 		rscheckflags = RSF_COUNT;
298 		if (!bitset(hi->hi_flags, H_FROM|H_RCPT))
299 			rscheckflags |= RSF_UNSTRUCTURED;
300 
301 		/* no ruleset? look for default */
302 		rs = hi->hi_ruleset;
303 		if (rs == NULL)
304 		{
305 			s = stab("*", ST_HEADER, ST_FIND);
306 			if (s != NULL)
307 			{
308 				rs = (&s->s_header)->hi_ruleset;
309 				if (bitset((&s->s_header)->hi_flags,
310 					   H_STRIPCOMM))
311 					rscheckflags |= RSF_RMCOMM;
312 			}
313 		}
314 		else if (bitset(hi->hi_flags, H_STRIPCOMM))
315 			rscheckflags |= RSF_RMCOMM;
316 		if (rs != NULL)
317 		{
318 			int l, k;
319 			char qval[MAXNAME];
320 
321 			l = 0;
322 			qval[l++] = '"';
323 
324 			/* - 3 to avoid problems with " at the end */
325 			/* should be sizeof(qval), not MAXNAME */
326 			for (k = 0; fvalue[k] != '\0' && l < MAXNAME - 3; k++)
327 			{
328 				switch (fvalue[k])
329 				{
330 				  /* XXX other control chars? */
331 				  case '\011': /* ht */
332 				  case '\012': /* nl */
333 				  case '\013': /* vt */
334 				  case '\014': /* np */
335 				  case '\015': /* cr */
336 					qval[l++] = ' ';
337 					break;
338 				  case '"':
339 					qval[l++] = '\\';
340 					/* FALLTHROUGH */
341 				  default:
342 					qval[l++] = fvalue[k];
343 					break;
344 				}
345 			}
346 			qval[l++] = '"';
347 			qval[l] = '\0';
348 			k += strlen(fvalue + k);
349 			if (k >= MAXNAME)
350 			{
351 				if (LogLevel > 9)
352 					sm_syslog(LOG_WARNING, e->e_id,
353 						  "Warning: truncated header '%s' before check with '%s' len=%d max=%d",
354 						  fname, rs, k, MAXNAME - 1);
355 			}
356 			macdefine(&e->e_macro, A_TEMP,
357 				macid("{currHeader}"), qval);
358 			macdefine(&e->e_macro, A_TEMP,
359 				macid("{hdr_name}"), fname);
360 
361 			(void) sm_snprintf(qval, sizeof qval, "%d", k);
362 			macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval);
363 #if _FFR_HDR_TYPE
364 			if (bitset(H_FROM, hi->hi_flags))
365 				macdefine(&e->e_macro, A_PERM,
366 					macid("{addr_type}"), "h s");
367 			else if (bitset(H_RCPT, hi->hi_flags))
368 				macdefine(&e->e_macro, A_PERM,
369 					macid("{addr_type}"), "h r");
370 			else
371 #endif /* _FFR_HDR_TYPE */
372 				macdefine(&e->e_macro, A_PERM,
373 					macid("{addr_type}"), "h");
374 			(void) rscheck(rs, fvalue, NULL, e, rscheckflags, 3,
375 				       NULL, e->e_id);
376 		}
377 	}
378 
379 	/*
380 	**  Drop explicit From: if same as what we would generate.
381 	**  This is to make MH (which doesn't always give a full name)
382 	**  insert the full name information in all circumstances.
383 	*/
384 
385 	dropfrom = false;
386 	p = "resent-from";
387 	if (!bitset(EF_RESENT, e->e_flags))
388 		p += 7;
389 	if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
390 	    !bitset(EF_QUEUERUN, e->e_flags) && sm_strcasecmp(fname, p) == 0)
391 	{
392 		if (tTd(31, 2))
393 		{
394 			sm_dprintf("comparing header from (%s) against default (%s or %s)\n",
395 				fvalue, e->e_from.q_paddr, e->e_from.q_user);
396 		}
397 		if (e->e_from.q_paddr != NULL &&
398 		    e->e_from.q_mailer != NULL &&
399 		    bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
400 		    (strcmp(fvalue, e->e_from.q_paddr) == 0 ||
401 		     strcmp(fvalue, e->e_from.q_user) == 0))
402 			dropfrom = true;
403 	}
404 
405 	/* delete default value for this header */
406 	for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link)
407 	{
408 		if (sm_strcasecmp(fname, h->h_field) == 0 &&
409 		    !bitset(H_USER, h->h_flags) &&
410 		    !bitset(H_FORCE, h->h_flags))
411 		{
412 			if (nullheader)
413 			{
414 				/* user-supplied value was null */
415 				return 0;
416 			}
417 			if (dropfrom)
418 			{
419 				/* make this look like the user entered it */
420 				h->h_flags |= H_USER;
421 				return hi->hi_flags;
422 			}
423 			h->h_value = NULL;
424 			if (!cond)
425 			{
426 				/* copy conditions from default case */
427 				memmove((char *) mopts, (char *) h->h_mflags,
428 					sizeof mopts);
429 			}
430 			h->h_macro = mid;
431 		}
432 	}
433 
434 	/* create a new node */
435 	h = (HDR *) sm_rpool_malloc_x(e->e_rpool, sizeof *h);
436 	h->h_field = sm_rpool_strdup_x(e->e_rpool, fname);
437 	h->h_value = sm_rpool_strdup_x(e->e_rpool, fvalue);
438 	h->h_link = NULL;
439 	memmove((char *) h->h_mflags, (char *) mopts, sizeof mopts);
440 	h->h_macro = mid;
441 	*hp = h;
442 	h->h_flags = hi->hi_flags;
443 	if (bitset(pflag, CHHDR_USER) || bitset(pflag, CHHDR_QUEUE))
444 		h->h_flags |= H_USER;
445 
446 	/* strip EOH flag if parsing MIME headers */
447 	if (headeronly)
448 		h->h_flags &= ~H_EOH;
449 	if (bitset(pflag, CHHDR_DEF))
450 		h->h_flags |= H_DEFAULT;
451 	if (cond || mid != '\0')
452 		h->h_flags |= H_CHECK;
453 
454 	/* hack to see if this is a new format message */
455 	if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
456 	    bitset(H_RCPT|H_FROM, h->h_flags) &&
457 	    (strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL ||
458 	     strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL))
459 	{
460 		e->e_flags &= ~EF_OLDSTYLE;
461 	}
462 
463 	return h->h_flags;
464 }
465 /*
466 **  ALLOCHEADER -- allocate a header entry
467 **
468 **	Parameters:
469 **		field -- the name of the header field.
470 **		value -- the value of the field.
471 **		flags -- flags to add to h_flags.
472 **		rp -- resource pool for allocations
473 **
474 **	Returns:
475 **		Pointer to a newly allocated and populated HDR.
476 */
477 
478 static HDR *
479 allocheader(field, value, flags, rp)
480 	char *field;
481 	char *value;
482 	int flags;
483 	SM_RPOOL_T *rp;
484 {
485 	HDR *h;
486 	STAB *s;
487 
488 	/* find info struct */
489 	s = stab(field, ST_HEADER, ST_FIND);
490 
491 	/* allocate space for new header */
492 	h = (HDR *) sm_rpool_malloc_x(rp, sizeof *h);
493 	h->h_field = field;
494 	h->h_value = sm_rpool_strdup_x(rp, value);
495 	h->h_flags = flags;
496 	if (s != NULL)
497 		h->h_flags |= s->s_header.hi_flags;
498 	clrbitmap(h->h_mflags);
499 	h->h_macro = '\0';
500 
501 	return h;
502 }
503 /*
504 **  ADDHEADER -- add a header entry to the end of the queue.
505 **
506 **	This bypasses the special checking of chompheader.
507 **
508 **	Parameters:
509 **		field -- the name of the header field.
510 **		value -- the value of the field.
511 **		flags -- flags to add to h_flags.
512 **		e -- envelope.
513 **
514 **	Returns:
515 **		none.
516 **
517 **	Side Effects:
518 **		adds the field on the list of headers for this envelope.
519 */
520 
521 void
522 addheader(field, value, flags, e)
523 	char *field;
524 	char *value;
525 	int flags;
526 	ENVELOPE *e;
527 {
528 	register HDR *h;
529 	HDR **hp;
530 	HDR **hdrlist = &e->e_header;
531 
532 	/* find current place in list -- keep back pointer? */
533 	for (hp = hdrlist; (h = *hp) != NULL; hp = &h->h_link)
534 	{
535 		if (sm_strcasecmp(field, h->h_field) == 0)
536 			break;
537 	}
538 
539 	/* allocate space for new header */
540 	h = allocheader(field, value, flags, e->e_rpool);
541 	h->h_link = *hp;
542 	*hp = h;
543 }
544 /*
545 **  INSHEADER -- insert a header entry at the specified index
546 **
547 **	This bypasses the special checking of chompheader.
548 **
549 **	Parameters:
550 **		idx -- index into the header list at which to insert
551 **		field -- the name of the header field.
552 **		value -- the value of the field.
553 **		flags -- flags to add to h_flags.
554 **		e -- envelope.
555 **
556 **	Returns:
557 **		none.
558 **
559 **	Side Effects:
560 **		inserts the field on the list of headers for this envelope.
561 */
562 
563 void
564 insheader(idx, field, value, flags, e)
565 	int idx;
566 	char *field;
567 	char *value;
568 	int flags;
569 	ENVELOPE *e;
570 {
571 	HDR *h, *srch, *last = NULL;
572 
573 	/* allocate space for new header */
574 	h = allocheader(field, value, flags, e->e_rpool);
575 
576 	/* find insertion position */
577 	for (srch = e->e_header; srch != NULL && idx > 0;
578 	     srch = srch->h_link, idx--)
579 		last = srch;
580 
581 	if (e->e_header == NULL)
582 	{
583 		e->e_header = h;
584 		h->h_link = NULL;
585 	}
586 	else if (srch == NULL)
587 	{
588 		SM_ASSERT(last != NULL);
589 		last->h_link = h;
590 		h->h_link = NULL;
591 	}
592 	else
593 	{
594 		h->h_link = srch->h_link;
595 		srch->h_link = h;
596 	}
597 }
598 /*
599 **  HVALUE -- return value of a header.
600 **
601 **	Only "real" fields (i.e., ones that have not been supplied
602 **	as a default) are used.
603 **
604 **	Parameters:
605 **		field -- the field name.
606 **		header -- the header list.
607 **
608 **	Returns:
609 **		pointer to the value part.
610 **		NULL if not found.
611 **
612 **	Side Effects:
613 **		none.
614 */
615 
616 char *
617 hvalue(field, header)
618 	char *field;
619 	HDR *header;
620 {
621 	register HDR *h;
622 
623 	for (h = header; h != NULL; h = h->h_link)
624 	{
625 		if (!bitset(H_DEFAULT, h->h_flags) &&
626 		    sm_strcasecmp(h->h_field, field) == 0)
627 			return h->h_value;
628 	}
629 	return NULL;
630 }
631 /*
632 **  ISHEADER -- predicate telling if argument is a header.
633 **
634 **	A line is a header if it has a single word followed by
635 **	optional white space followed by a colon.
636 **
637 **	Header fields beginning with two dashes, although technically
638 **	permitted by RFC822, are automatically rejected in order
639 **	to make MIME work out.  Without this we could have a technically
640 **	legal header such as ``--"foo:bar"'' that would also be a legal
641 **	MIME separator.
642 **
643 **	Parameters:
644 **		h -- string to check for possible headerness.
645 **
646 **	Returns:
647 **		true if h is a header.
648 **		false otherwise.
649 **
650 **	Side Effects:
651 **		none.
652 */
653 
654 bool
655 isheader(h)
656 	char *h;
657 {
658 	register char *s = h;
659 
660 	if (s[0] == '-' && s[1] == '-')
661 		return false;
662 
663 	while (*s > ' ' && *s != ':' && *s != '\0')
664 		s++;
665 
666 	if (h == s)
667 		return false;
668 
669 	/* following technically violates RFC822 */
670 	while (isascii(*s) && isspace(*s))
671 		s++;
672 
673 	return (*s == ':');
674 }
675 /*
676 **  EATHEADER -- run through the stored header and extract info.
677 **
678 **	Parameters:
679 **		e -- the envelope to process.
680 **		full -- if set, do full processing (e.g., compute
681 **			message priority).  This should not be set
682 **			when reading a queue file because some info
683 **			needed to compute the priority is wrong.
684 **		log -- call logsender()?
685 **
686 **	Returns:
687 **		none.
688 **
689 **	Side Effects:
690 **		Sets a bunch of global variables from information
691 **			in the collected header.
692 */
693 
694 void
695 eatheader(e, full, log)
696 	register ENVELOPE *e;
697 	bool full;
698 	bool log;
699 {
700 	register HDR *h;
701 	register char *p;
702 	int hopcnt = 0;
703 	char buf[MAXLINE];
704 
705 	/*
706 	**  Set up macros for possible expansion in headers.
707 	*/
708 
709 	macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
710 	macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
711 	if (e->e_origrcpt != NULL && *e->e_origrcpt != '\0')
712 		macdefine(&e->e_macro, A_PERM, 'u', e->e_origrcpt);
713 	else
714 		macdefine(&e->e_macro, A_PERM, 'u', NULL);
715 
716 	/* full name of from person */
717 	p = hvalue("full-name", e->e_header);
718 	if (p != NULL)
719 	{
720 		if (!rfc822_string(p))
721 		{
722 			/*
723 			**  Quote a full name with special characters
724 			**  as a comment so crackaddr() doesn't destroy
725 			**  the name portion of the address.
726 			*/
727 
728 			p = addquotes(p, e->e_rpool);
729 		}
730 		macdefine(&e->e_macro, A_PERM, 'x', p);
731 	}
732 
733 	if (tTd(32, 1))
734 		sm_dprintf("----- collected header -----\n");
735 	e->e_msgid = NULL;
736 	for (h = e->e_header; h != NULL; h = h->h_link)
737 	{
738 		if (tTd(32, 1))
739 			sm_dprintf("%s: ", h->h_field);
740 		if (h->h_value == NULL)
741 		{
742 			if (tTd(32, 1))
743 				sm_dprintf("<NULL>\n");
744 			continue;
745 		}
746 
747 		/* do early binding */
748 		if (bitset(H_DEFAULT, h->h_flags) &&
749 		    !bitset(H_BINDLATE, h->h_flags))
750 		{
751 			if (tTd(32, 1))
752 			{
753 				sm_dprintf("(");
754 				xputs(sm_debug_file(), h->h_value);
755 				sm_dprintf(") ");
756 			}
757 			expand(h->h_value, buf, sizeof buf, e);
758 			if (buf[0] != '\0')
759 			{
760 				if (bitset(H_FROM, h->h_flags))
761 					expand(crackaddr(buf, e),
762 					       buf, sizeof buf, e);
763 				h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
764 				h->h_flags &= ~H_DEFAULT;
765 			}
766 		}
767 		if (tTd(32, 1))
768 		{
769 			xputs(sm_debug_file(), h->h_value);
770 			sm_dprintf("\n");
771 		}
772 
773 		/* count the number of times it has been processed */
774 		if (bitset(H_TRACE, h->h_flags))
775 			hopcnt++;
776 
777 		/* send to this person if we so desire */
778 		if (GrabTo && bitset(H_RCPT, h->h_flags) &&
779 		    !bitset(H_DEFAULT, h->h_flags) &&
780 		    (!bitset(EF_RESENT, e->e_flags) ||
781 		     bitset(H_RESENT, h->h_flags)))
782 		{
783 #if 0
784 			int saveflags = e->e_flags;
785 #endif /* 0 */
786 
787 			(void) sendtolist(denlstring(h->h_value, true, false),
788 					  NULLADDR, &e->e_sendqueue, 0, e);
789 
790 #if 0
791 			/*
792 			**  Change functionality so a fatal error on an
793 			**  address doesn't affect the entire envelope.
794 			*/
795 
796 			/* delete fatal errors generated by this address */
797 			if (!bitset(EF_FATALERRS, saveflags))
798 				e->e_flags &= ~EF_FATALERRS;
799 #endif /* 0 */
800 		}
801 
802 		/* save the message-id for logging */
803 		p = "resent-message-id";
804 		if (!bitset(EF_RESENT, e->e_flags))
805 			p += 7;
806 		if (sm_strcasecmp(h->h_field, p) == 0)
807 		{
808 			e->e_msgid = h->h_value;
809 			while (isascii(*e->e_msgid) && isspace(*e->e_msgid))
810 				e->e_msgid++;
811 			macdefine(&e->e_macro, A_PERM, macid("{msg_id}"),
812 				  e->e_msgid);
813 		}
814 	}
815 	if (tTd(32, 1))
816 		sm_dprintf("----------------------------\n");
817 
818 	/* if we are just verifying (that is, sendmail -t -bv), drop out now */
819 	if (OpMode == MD_VERIFY)
820 		return;
821 
822 	/* store hop count */
823 	if (hopcnt > e->e_hopcount)
824 	{
825 		e->e_hopcount = hopcnt;
826 		(void) sm_snprintf(buf, sizeof buf, "%d", e->e_hopcount);
827 		macdefine(&e->e_macro, A_TEMP, 'c', buf);
828 	}
829 
830 	/* message priority */
831 	p = hvalue("precedence", e->e_header);
832 	if (p != NULL)
833 		e->e_class = priencode(p);
834 	if (e->e_class < 0)
835 		e->e_timeoutclass = TOC_NONURGENT;
836 	else if (e->e_class > 0)
837 		e->e_timeoutclass = TOC_URGENT;
838 	if (full)
839 	{
840 		e->e_msgpriority = e->e_msgsize
841 				 - e->e_class * WkClassFact
842 				 + e->e_nrcpts * WkRecipFact;
843 	}
844 
845 	/* check for DSN to properly set e_timeoutclass */
846 	p = hvalue("content-type", e->e_header);
847 	if (p != NULL)
848 	{
849 		bool oldsupr;
850 		char **pvp;
851 		char pvpbuf[MAXLINE];
852 		extern unsigned char MimeTokenTab[256];
853 
854 		/* tokenize header */
855 		oldsupr = SuprErrs;
856 		SuprErrs = true;
857 		pvp = prescan(p, '\0', pvpbuf, sizeof pvpbuf, NULL,
858 			      MimeTokenTab, false);
859 		SuprErrs = oldsupr;
860 
861 		/* Check if multipart/report */
862 		if (pvp != NULL && pvp[0] != NULL &&
863 		    pvp[1] != NULL && pvp[2] != NULL &&
864 		    sm_strcasecmp(*pvp++, "multipart") == 0 &&
865 		    strcmp(*pvp++, "/") == 0 &&
866 		    sm_strcasecmp(*pvp++, "report") == 0)
867 		{
868 			/* Look for report-type=delivery-status */
869 			while (*pvp != NULL)
870 			{
871 				/* skip to semicolon separator */
872 				while (*pvp != NULL && strcmp(*pvp, ";") != 0)
873 					pvp++;
874 
875 				/* skip semicolon */
876 				if (*pvp++ == NULL || *pvp == NULL)
877 					break;
878 
879 				/* look for report-type */
880 				if (sm_strcasecmp(*pvp++, "report-type") != 0)
881 					continue;
882 
883 				/* skip equal */
884 				if (*pvp == NULL || strcmp(*pvp, "=") != 0)
885 					continue;
886 
887 				/* check value */
888 				if (*++pvp != NULL &&
889 				    sm_strcasecmp(*pvp,
890 						  "delivery-status") == 0)
891 					e->e_timeoutclass = TOC_DSN;
892 
893 				/* found report-type, no need to continue */
894 				break;
895 			}
896 		}
897 	}
898 
899 	/* message timeout priority */
900 	p = hvalue("priority", e->e_header);
901 	if (p != NULL)
902 	{
903 		/* (this should be in the configuration file) */
904 		if (sm_strcasecmp(p, "urgent") == 0)
905 			e->e_timeoutclass = TOC_URGENT;
906 		else if (sm_strcasecmp(p, "normal") == 0)
907 			e->e_timeoutclass = TOC_NORMAL;
908 		else if (sm_strcasecmp(p, "non-urgent") == 0)
909 			e->e_timeoutclass = TOC_NONURGENT;
910 		else if (bitset(EF_RESPONSE, e->e_flags))
911 			e->e_timeoutclass = TOC_DSN;
912 	}
913 	else if (bitset(EF_RESPONSE, e->e_flags))
914 		e->e_timeoutclass = TOC_DSN;
915 
916 	/* date message originated */
917 	p = hvalue("posted-date", e->e_header);
918 	if (p == NULL)
919 		p = hvalue("date", e->e_header);
920 	if (p != NULL)
921 		macdefine(&e->e_macro, A_PERM, 'a', p);
922 
923 	/* check to see if this is a MIME message */
924 	if ((e->e_bodytype != NULL &&
925 	     sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0) ||
926 	    hvalue("MIME-Version", e->e_header) != NULL)
927 	{
928 		e->e_flags |= EF_IS_MIME;
929 		if (HasEightBits)
930 			e->e_bodytype = "8BITMIME";
931 	}
932 	else if ((p = hvalue("Content-Type", e->e_header)) != NULL)
933 	{
934 		/* this may be an RFC 1049 message */
935 		p = strpbrk(p, ";/");
936 		if (p == NULL || *p == ';')
937 		{
938 			/* yep, it is */
939 			e->e_flags |= EF_DONT_MIME;
940 		}
941 	}
942 
943 	/*
944 	**  From person in antiquated ARPANET mode
945 	**	required by UK Grey Book e-mail gateways (sigh)
946 	*/
947 
948 	if (OpMode == MD_ARPAFTP)
949 	{
950 		register struct hdrinfo *hi;
951 
952 		for (hi = HdrInfo; hi->hi_field != NULL; hi++)
953 		{
954 			if (bitset(H_FROM, hi->hi_flags) &&
955 			    (!bitset(H_RESENT, hi->hi_flags) ||
956 			     bitset(EF_RESENT, e->e_flags)) &&
957 			    (p = hvalue(hi->hi_field, e->e_header)) != NULL)
958 				break;
959 		}
960 		if (hi->hi_field != NULL)
961 		{
962 			if (tTd(32, 2))
963 				sm_dprintf("eatheader: setsender(*%s == %s)\n",
964 					hi->hi_field, p);
965 			setsender(p, e, NULL, '\0', true);
966 		}
967 	}
968 
969 	/*
970 	**  Log collection information.
971 	*/
972 
973 	if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
974 	{
975 		logsender(e, e->e_msgid);
976 		e->e_flags &= ~EF_LOGSENDER;
977 	}
978 }
979 /*
980 **  LOGSENDER -- log sender information
981 **
982 **	Parameters:
983 **		e -- the envelope to log
984 **		msgid -- the message id
985 **
986 **	Returns:
987 **		none
988 */
989 
990 void
991 logsender(e, msgid)
992 	register ENVELOPE *e;
993 	char *msgid;
994 {
995 	char *name;
996 	register char *sbp;
997 	register char *p;
998 	char hbuf[MAXNAME + 1];
999 	char sbuf[MAXLINE + 1];
1000 	char mbuf[MAXNAME + 1];
1001 
1002 	/* don't allow newlines in the message-id */
1003 	/* XXX do we still need this? sm_syslog() replaces control chars */
1004 	if (msgid != NULL)
1005 	{
1006 		size_t l;
1007 
1008 		l = strlen(msgid);
1009 		if (l > sizeof mbuf - 1)
1010 			l = sizeof mbuf - 1;
1011 		memmove(mbuf, msgid, l);
1012 		mbuf[l] = '\0';
1013 		p = mbuf;
1014 		while ((p = strchr(p, '\n')) != NULL)
1015 			*p++ = ' ';
1016 	}
1017 
1018 	if (bitset(EF_RESPONSE, e->e_flags))
1019 		name = "[RESPONSE]";
1020 	else if ((name = macvalue('_', e)) != NULL)
1021 		/* EMPTY */
1022 		;
1023 	else if (RealHostName == NULL)
1024 		name = "localhost";
1025 	else if (RealHostName[0] == '[')
1026 		name = RealHostName;
1027 	else
1028 	{
1029 		name = hbuf;
1030 		(void) sm_snprintf(hbuf, sizeof hbuf, "%.80s", RealHostName);
1031 		if (RealHostAddr.sa.sa_family != 0)
1032 		{
1033 			p = &hbuf[strlen(hbuf)];
1034 			(void) sm_snprintf(p, SPACELEFT(hbuf, p),
1035 					   " (%.100s)",
1036 					   anynet_ntoa(&RealHostAddr));
1037 		}
1038 	}
1039 
1040 	/* some versions of syslog only take 5 printf args */
1041 #if (SYSLOG_BUFSIZE) >= 256
1042 	sbp = sbuf;
1043 	(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1044 		"from=%.200s, size=%ld, class=%d, nrcpts=%d",
1045 		e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
1046 		e->e_msgsize, e->e_class, e->e_nrcpts);
1047 	sbp += strlen(sbp);
1048 	if (msgid != NULL)
1049 	{
1050 		(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1051 				", msgid=%.100s", mbuf);
1052 		sbp += strlen(sbp);
1053 	}
1054 	if (e->e_bodytype != NULL)
1055 	{
1056 		(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1057 				", bodytype=%.20s", e->e_bodytype);
1058 		sbp += strlen(sbp);
1059 	}
1060 	p = macvalue('r', e);
1061 	if (p != NULL)
1062 	{
1063 		(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1064 				", proto=%.20s", p);
1065 		sbp += strlen(sbp);
1066 	}
1067 	p = macvalue(macid("{daemon_name}"), e);
1068 	if (p != NULL)
1069 	{
1070 		(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1071 				", daemon=%.20s", p);
1072 		sbp += strlen(sbp);
1073 	}
1074 	sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name);
1075 
1076 #else /* (SYSLOG_BUFSIZE) >= 256 */
1077 
1078 	sm_syslog(LOG_INFO, e->e_id,
1079 		  "from=%s",
1080 		  e->e_from.q_paddr == NULL ? "<NONE>"
1081 					    : shortenstring(e->e_from.q_paddr,
1082 							    83));
1083 	sm_syslog(LOG_INFO, e->e_id,
1084 		  "size=%ld, class=%ld, nrcpts=%d",
1085 		  e->e_msgsize, e->e_class, e->e_nrcpts);
1086 	if (msgid != NULL)
1087 		sm_syslog(LOG_INFO, e->e_id,
1088 			  "msgid=%s",
1089 			  shortenstring(mbuf, 83));
1090 	sbp = sbuf;
1091 	*sbp = '\0';
1092 	if (e->e_bodytype != NULL)
1093 	{
1094 		(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1095 				"bodytype=%.20s, ", e->e_bodytype);
1096 		sbp += strlen(sbp);
1097 	}
1098 	p = macvalue('r', e);
1099 	if (p != NULL)
1100 	{
1101 		(void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
1102 				"proto=%.20s, ", p);
1103 		sbp += strlen(sbp);
1104 	}
1105 	sm_syslog(LOG_INFO, e->e_id,
1106 		  "%.400srelay=%s", sbuf, name);
1107 #endif /* (SYSLOG_BUFSIZE) >= 256 */
1108 }
1109 /*
1110 **  PRIENCODE -- encode external priority names into internal values.
1111 **
1112 **	Parameters:
1113 **		p -- priority in ascii.
1114 **
1115 **	Returns:
1116 **		priority as a numeric level.
1117 **
1118 **	Side Effects:
1119 **		none.
1120 */
1121 
1122 static int
1123 priencode(p)
1124 	char *p;
1125 {
1126 	register int i;
1127 
1128 	for (i = 0; i < NumPriorities; i++)
1129 	{
1130 		if (sm_strcasecmp(p, Priorities[i].pri_name) == 0)
1131 			return Priorities[i].pri_val;
1132 	}
1133 
1134 	/* unknown priority */
1135 	return 0;
1136 }
1137 /*
1138 **  CRACKADDR -- parse an address and turn it into a macro
1139 **
1140 **	This doesn't actually parse the address -- it just extracts
1141 **	it and replaces it with "$g".  The parse is totally ad hoc
1142 **	and isn't even guaranteed to leave something syntactically
1143 **	identical to what it started with.  However, it does leave
1144 **	something semantically identical if possible, else at least
1145 **	syntactically correct.
1146 **
1147 **	For example, it changes "Real Name <real@example.com> (Comment)"
1148 **	to "Real Name <$g> (Comment)".
1149 **
1150 **	This algorithm has been cleaned up to handle a wider range
1151 **	of cases -- notably quoted and backslash escaped strings.
1152 **	This modification makes it substantially better at preserving
1153 **	the original syntax.
1154 **
1155 **	Parameters:
1156 **		addr -- the address to be cracked.
1157 **		e -- the current envelope.
1158 **
1159 **	Returns:
1160 **		a pointer to the new version.
1161 **
1162 **	Side Effects:
1163 **		none.
1164 **
1165 **	Warning:
1166 **		The return value is saved in local storage and should
1167 **		be copied if it is to be reused.
1168 */
1169 
1170 #define SM_HAVE_ROOM		((bp < buflim) && (buflim <= bufend))
1171 
1172 /*
1173 **  Append a character to bp if we have room.
1174 **  If not, punt and return $g.
1175 */
1176 
1177 #define SM_APPEND_CHAR(c)					\
1178 	do							\
1179 	{							\
1180 		if (SM_HAVE_ROOM)				\
1181 			*bp++ = (c);				\
1182 		else						\
1183 			goto returng;				\
1184 	} while (0)
1185 
1186 #if MAXNAME < 10
1187 ERROR MAXNAME must be at least 10
1188 #endif /* MAXNAME < 10 */
1189 
1190 char *
1191 crackaddr(addr, e)
1192 	register char *addr;
1193 	ENVELOPE *e;
1194 {
1195 	register char *p;
1196 	register char c;
1197 	int cmtlev;			/* comment level in input string */
1198 	int realcmtlev;			/* comment level in output string */
1199 	int anglelev;			/* angle level in input string */
1200 	int copylev;			/* 0 == in address, >0 copying */
1201 	int bracklev;			/* bracket level for IPv6 addr check */
1202 	bool addangle;			/* put closing angle in output */
1203 	bool qmode;			/* quoting in original string? */
1204 	bool realqmode;			/* quoting in output string? */
1205 	bool putgmac = false;		/* already wrote $g */
1206 	bool quoteit = false;		/* need to quote next character */
1207 	bool gotangle = false;		/* found first '<' */
1208 	bool gotcolon = false;		/* found a ':' */
1209 	register char *bp;
1210 	char *buflim;
1211 	char *bufhead;
1212 	char *addrhead;
1213 	char *bufend;
1214 	static char buf[MAXNAME + 1];
1215 
1216 	if (tTd(33, 1))
1217 		sm_dprintf("crackaddr(%s)\n", addr);
1218 
1219 	/* strip leading spaces */
1220 	while (*addr != '\0' && isascii(*addr) && isspace(*addr))
1221 		addr++;
1222 
1223 	/*
1224 	**  Start by assuming we have no angle brackets.  This will be
1225 	**  adjusted later if we find them.
1226 	*/
1227 
1228 	buflim = bufend = &buf[sizeof(buf) - 1];
1229 	bp = bufhead = buf;
1230 	p = addrhead = addr;
1231 	copylev = anglelev = cmtlev = realcmtlev = 0;
1232 	bracklev = 0;
1233 	qmode = realqmode = addangle = false;
1234 
1235 	while ((c = *p++) != '\0')
1236 	{
1237 		/*
1238 		**  Try to keep legal syntax using spare buffer space
1239 		**  (maintained by buflim).
1240 		*/
1241 
1242 		if (copylev > 0)
1243 			SM_APPEND_CHAR(c);
1244 
1245 		/* check for backslash escapes */
1246 		if (c == '\\')
1247 		{
1248 			/* arrange to quote the address */
1249 			if (cmtlev <= 0 && !qmode)
1250 				quoteit = true;
1251 
1252 			if ((c = *p++) == '\0')
1253 			{
1254 				/* too far */
1255 				p--;
1256 				goto putg;
1257 			}
1258 			if (copylev > 0)
1259 				SM_APPEND_CHAR(c);
1260 			goto putg;
1261 		}
1262 
1263 		/* check for quoted strings */
1264 		if (c == '"' && cmtlev <= 0)
1265 		{
1266 			qmode = !qmode;
1267 			if (copylev > 0 && SM_HAVE_ROOM)
1268 			{
1269 				if (realqmode)
1270 					buflim--;
1271 				else
1272 					buflim++;
1273 				realqmode = !realqmode;
1274 			}
1275 			continue;
1276 		}
1277 		if (qmode)
1278 			goto putg;
1279 
1280 		/* check for comments */
1281 		if (c == '(')
1282 		{
1283 			cmtlev++;
1284 
1285 			/* allow space for closing paren */
1286 			if (SM_HAVE_ROOM)
1287 			{
1288 				buflim--;
1289 				realcmtlev++;
1290 				if (copylev++ <= 0)
1291 				{
1292 					if (bp != bufhead)
1293 						SM_APPEND_CHAR(' ');
1294 					SM_APPEND_CHAR(c);
1295 				}
1296 			}
1297 		}
1298 		if (cmtlev > 0)
1299 		{
1300 			if (c == ')')
1301 			{
1302 				cmtlev--;
1303 				copylev--;
1304 				if (SM_HAVE_ROOM)
1305 				{
1306 					realcmtlev--;
1307 					buflim++;
1308 				}
1309 			}
1310 			continue;
1311 		}
1312 		else if (c == ')')
1313 		{
1314 			/* syntax error: unmatched ) */
1315 			if (copylev > 0 && SM_HAVE_ROOM && bp > bufhead)
1316 				bp--;
1317 		}
1318 
1319 		/* count nesting on [ ... ] (for IPv6 domain literals) */
1320 		if (c == '[')
1321 			bracklev++;
1322 		else if (c == ']')
1323 			bracklev--;
1324 
1325 		/* check for group: list; syntax */
1326 		if (c == ':' && anglelev <= 0 && bracklev <= 0 &&
1327 		    !gotcolon && !ColonOkInAddr)
1328 		{
1329 			register char *q;
1330 
1331 			/*
1332 			**  Check for DECnet phase IV ``::'' (host::user)
1333 			**  or DECnet phase V ``:.'' syntaxes.  The latter
1334 			**  covers ``user@DEC:.tay.myhost'' and
1335 			**  ``DEC:.tay.myhost::user'' syntaxes (bletch).
1336 			*/
1337 
1338 			if (*p == ':' || *p == '.')
1339 			{
1340 				if (cmtlev <= 0 && !qmode)
1341 					quoteit = true;
1342 				if (copylev > 0)
1343 				{
1344 					SM_APPEND_CHAR(c);
1345 					SM_APPEND_CHAR(*p);
1346 				}
1347 				p++;
1348 				goto putg;
1349 			}
1350 
1351 			gotcolon = true;
1352 
1353 			bp = bufhead;
1354 			if (quoteit)
1355 			{
1356 				SM_APPEND_CHAR('"');
1357 
1358 				/* back up over the ':' and any spaces */
1359 				--p;
1360 				while (p > addr &&
1361 				       isascii(*--p) && isspace(*p))
1362 					continue;
1363 				p++;
1364 			}
1365 			for (q = addrhead; q < p; )
1366 			{
1367 				c = *q++;
1368 				if (quoteit && c == '"')
1369 					SM_APPEND_CHAR('\\');
1370 				SM_APPEND_CHAR(c);
1371 			}
1372 			if (quoteit)
1373 			{
1374 				if (bp == &bufhead[1])
1375 					bp--;
1376 				else
1377 					SM_APPEND_CHAR('"');
1378 				while ((c = *p++) != ':')
1379 					SM_APPEND_CHAR(c);
1380 				SM_APPEND_CHAR(c);
1381 			}
1382 
1383 			/* any trailing white space is part of group: */
1384 			while (isascii(*p) && isspace(*p))
1385 			{
1386 				SM_APPEND_CHAR(*p);
1387 				p++;
1388 			}
1389 			copylev = 0;
1390 			putgmac = quoteit = false;
1391 			bufhead = bp;
1392 			addrhead = p;
1393 			continue;
1394 		}
1395 
1396 		if (c == ';' && copylev <= 0 && !ColonOkInAddr)
1397 			SM_APPEND_CHAR(c);
1398 
1399 		/* check for characters that may have to be quoted */
1400 		if (strchr(MustQuoteChars, c) != NULL)
1401 		{
1402 			/*
1403 			**  If these occur as the phrase part of a <>
1404 			**  construct, but are not inside of () or already
1405 			**  quoted, they will have to be quoted.  Note that
1406 			**  now (but don't actually do the quoting).
1407 			*/
1408 
1409 			if (cmtlev <= 0 && !qmode)
1410 				quoteit = true;
1411 		}
1412 
1413 		/* check for angle brackets */
1414 		if (c == '<')
1415 		{
1416 			register char *q;
1417 
1418 			/* assume first of two angles is bogus */
1419 			if (gotangle)
1420 				quoteit = true;
1421 			gotangle = true;
1422 
1423 			/* oops -- have to change our mind */
1424 			anglelev = 1;
1425 			if (SM_HAVE_ROOM)
1426 			{
1427 				if (!addangle)
1428 					buflim--;
1429 				addangle = true;
1430 			}
1431 
1432 			bp = bufhead;
1433 			if (quoteit)
1434 			{
1435 				SM_APPEND_CHAR('"');
1436 
1437 				/* back up over the '<' and any spaces */
1438 				--p;
1439 				while (p > addr &&
1440 				       isascii(*--p) && isspace(*p))
1441 					continue;
1442 				p++;
1443 			}
1444 			for (q = addrhead; q < p; )
1445 			{
1446 				c = *q++;
1447 				if (quoteit && c == '"')
1448 				{
1449 					SM_APPEND_CHAR('\\');
1450 					SM_APPEND_CHAR(c);
1451 				}
1452 				else
1453 					SM_APPEND_CHAR(c);
1454 			}
1455 			if (quoteit)
1456 			{
1457 				if (bp == &buf[1])
1458 					bp--;
1459 				else
1460 					SM_APPEND_CHAR('"');
1461 				while ((c = *p++) != '<')
1462 					SM_APPEND_CHAR(c);
1463 				SM_APPEND_CHAR(c);
1464 			}
1465 			copylev = 0;
1466 			putgmac = quoteit = false;
1467 			continue;
1468 		}
1469 
1470 		if (c == '>')
1471 		{
1472 			if (anglelev > 0)
1473 			{
1474 				anglelev--;
1475 				if (SM_HAVE_ROOM)
1476 				{
1477 					if (addangle)
1478 						buflim++;
1479 					addangle = false;
1480 				}
1481 			}
1482 			else if (SM_HAVE_ROOM)
1483 			{
1484 				/* syntax error: unmatched > */
1485 				if (copylev > 0 && bp > bufhead)
1486 					bp--;
1487 				quoteit = true;
1488 				continue;
1489 			}
1490 			if (copylev++ <= 0)
1491 				SM_APPEND_CHAR(c);
1492 			continue;
1493 		}
1494 
1495 		/* must be a real address character */
1496 	putg:
1497 		if (copylev <= 0 && !putgmac)
1498 		{
1499 			if (bp > buf && bp[-1] == ')')
1500 				SM_APPEND_CHAR(' ');
1501 			SM_APPEND_CHAR(MACROEXPAND);
1502 			SM_APPEND_CHAR('g');
1503 			putgmac = true;
1504 		}
1505 	}
1506 
1507 	/* repair any syntactic damage */
1508 	if (realqmode && bp < bufend)
1509 		*bp++ = '"';
1510 	while (realcmtlev-- > 0 && bp < bufend)
1511 		*bp++ = ')';
1512 	if (addangle && bp < bufend)
1513 		*bp++ = '>';
1514 	*bp = '\0';
1515 	if (bp < bufend)
1516 		goto success;
1517 
1518  returng:
1519 	/* String too long, punt */
1520 	buf[0] = '<';
1521 	buf[1] = MACROEXPAND;
1522 	buf[2]= 'g';
1523 	buf[3] = '>';
1524 	buf[4]= '\0';
1525 	sm_syslog(LOG_ALERT, e->e_id,
1526 		  "Dropped invalid comments from header address");
1527 
1528  success:
1529 	if (tTd(33, 1))
1530 	{
1531 		sm_dprintf("crackaddr=>`");
1532 		xputs(sm_debug_file(), buf);
1533 		sm_dprintf("'\n");
1534 	}
1535 	return buf;
1536 }
1537 /*
1538 **  PUTHEADER -- put the header part of a message from the in-core copy
1539 **
1540 **	Parameters:
1541 **		mci -- the connection information.
1542 **		hdr -- the header to put.
1543 **		e -- envelope to use.
1544 **		flags -- MIME conversion flags.
1545 **
1546 **	Returns:
1547 **		true iff header part was written successfully
1548 **
1549 **	Side Effects:
1550 **		none.
1551 */
1552 
1553 bool
1554 putheader(mci, hdr, e, flags)
1555 	register MCI *mci;
1556 	HDR *hdr;
1557 	register ENVELOPE *e;
1558 	int flags;
1559 {
1560 	register HDR *h;
1561 	char buf[SM_MAX(MAXLINE,BUFSIZ)];
1562 	char obuf[MAXLINE];
1563 
1564 	if (tTd(34, 1))
1565 		sm_dprintf("--- putheader, mailer = %s ---\n",
1566 			mci->mci_mailer->m_name);
1567 
1568 	/*
1569 	**  If we're in MIME mode, we're not really in the header of the
1570 	**  message, just the header of one of the parts of the body of
1571 	**  the message.  Therefore MCIF_INHEADER should not be turned on.
1572 	*/
1573 
1574 	if (!bitset(MCIF_INMIME, mci->mci_flags))
1575 		mci->mci_flags |= MCIF_INHEADER;
1576 
1577 	for (h = hdr; h != NULL; h = h->h_link)
1578 	{
1579 		register char *p = h->h_value;
1580 		char *q;
1581 
1582 		if (tTd(34, 11))
1583 		{
1584 			sm_dprintf("  %s: ", h->h_field);
1585 			xputs(sm_debug_file(), p);
1586 		}
1587 
1588 		/* Skip empty headers */
1589 		if (h->h_value == NULL)
1590 			continue;
1591 
1592 		/* heuristic shortening of MIME fields to avoid MUA overflows */
1593 		if (MaxMimeFieldLength > 0 &&
1594 		    wordinclass(h->h_field,
1595 				macid("{checkMIMEFieldHeaders}")))
1596 		{
1597 			size_t len;
1598 
1599 			len = fix_mime_header(h, e);
1600 			if (len > 0)
1601 			{
1602 				sm_syslog(LOG_ALERT, e->e_id,
1603 					  "Truncated MIME %s header due to field size (length = %ld) (possible attack)",
1604 					  h->h_field, (unsigned long) len);
1605 				if (tTd(34, 11))
1606 					sm_dprintf("  truncated MIME %s header due to field size  (length = %ld) (possible attack)\n",
1607 						   h->h_field,
1608 						   (unsigned long) len);
1609 			}
1610 		}
1611 
1612 		if (MaxMimeHeaderLength > 0 &&
1613 		    wordinclass(h->h_field,
1614 				macid("{checkMIMETextHeaders}")))
1615 		{
1616 			size_t len;
1617 
1618 			len = strlen(h->h_value);
1619 			if (len > (size_t) MaxMimeHeaderLength)
1620 			{
1621 				h->h_value[MaxMimeHeaderLength - 1] = '\0';
1622 				sm_syslog(LOG_ALERT, e->e_id,
1623 					  "Truncated long MIME %s header (length = %ld) (possible attack)",
1624 					  h->h_field, (unsigned long) len);
1625 				if (tTd(34, 11))
1626 					sm_dprintf("  truncated long MIME %s header (length = %ld) (possible attack)\n",
1627 						   h->h_field,
1628 						   (unsigned long) len);
1629 			}
1630 		}
1631 
1632 		if (MaxMimeHeaderLength > 0 &&
1633 		    wordinclass(h->h_field,
1634 				macid("{checkMIMEHeaders}")))
1635 		{
1636 			size_t len;
1637 
1638 			len = strlen(h->h_value);
1639 			if (shorten_rfc822_string(h->h_value,
1640 						  MaxMimeHeaderLength))
1641 			{
1642 				if (len < MaxMimeHeaderLength)
1643 				{
1644 					/* we only rebalanced a bogus header */
1645 					sm_syslog(LOG_ALERT, e->e_id,
1646 						  "Fixed MIME %s header (possible attack)",
1647 						  h->h_field);
1648 					if (tTd(34, 11))
1649 						sm_dprintf("  fixed MIME %s header (possible attack)\n",
1650 							   h->h_field);
1651 				}
1652 				else
1653 				{
1654 					/* we actually shortened header */
1655 					sm_syslog(LOG_ALERT, e->e_id,
1656 						  "Truncated long MIME %s header (length = %ld) (possible attack)",
1657 						  h->h_field,
1658 						  (unsigned long) len);
1659 					if (tTd(34, 11))
1660 						sm_dprintf("  truncated long MIME %s header (length = %ld) (possible attack)\n",
1661 							   h->h_field,
1662 							   (unsigned long) len);
1663 				}
1664 			}
1665 		}
1666 
1667 		/*
1668 		**  Suppress Content-Transfer-Encoding: if we are MIMEing
1669 		**  and we are potentially converting from 8 bit to 7 bit
1670 		**  MIME.  If converting, add a new CTE header in
1671 		**  mime8to7().
1672 		*/
1673 
1674 		if (bitset(H_CTE, h->h_flags) &&
1675 		    bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
1676 			   mci->mci_flags) &&
1677 		    !bitset(M87F_NO8TO7, flags))
1678 		{
1679 			if (tTd(34, 11))
1680 				sm_dprintf(" (skipped (content-transfer-encoding))\n");
1681 			continue;
1682 		}
1683 
1684 		if (bitset(MCIF_INMIME, mci->mci_flags))
1685 		{
1686 			if (tTd(34, 11))
1687 				sm_dprintf("\n");
1688 			if (!put_vanilla_header(h, p, mci))
1689 				goto writeerr;
1690 			continue;
1691 		}
1692 
1693 		if (bitset(H_CHECK|H_ACHECK, h->h_flags) &&
1694 		    !bitintersect(h->h_mflags, mci->mci_mailer->m_flags) &&
1695 		    (h->h_macro == '\0' ||
1696 		     (q = macvalue(bitidx(h->h_macro), e)) == NULL ||
1697 		     *q == '\0'))
1698 		{
1699 			if (tTd(34, 11))
1700 				sm_dprintf(" (skipped)\n");
1701 			continue;
1702 		}
1703 
1704 		/* handle Resent-... headers specially */
1705 		if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
1706 		{
1707 			if (tTd(34, 11))
1708 				sm_dprintf(" (skipped (resent))\n");
1709 			continue;
1710 		}
1711 
1712 		/* suppress return receipts if requested */
1713 		if (bitset(H_RECEIPTTO, h->h_flags) &&
1714 		    (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
1715 		{
1716 			if (tTd(34, 11))
1717 				sm_dprintf(" (skipped (receipt))\n");
1718 			continue;
1719 		}
1720 
1721 		/* macro expand value if generated internally */
1722 		if (bitset(H_DEFAULT, h->h_flags) ||
1723 		    bitset(H_BINDLATE, h->h_flags))
1724 		{
1725 			expand(p, buf, sizeof buf, e);
1726 			p = buf;
1727 			if (*p == '\0')
1728 			{
1729 				if (tTd(34, 11))
1730 					sm_dprintf(" (skipped -- null value)\n");
1731 				continue;
1732 			}
1733 		}
1734 
1735 		if (bitset(H_BCC, h->h_flags))
1736 		{
1737 			/* Bcc: field -- either truncate or delete */
1738 			if (bitset(EF_DELETE_BCC, e->e_flags))
1739 			{
1740 				if (tTd(34, 11))
1741 					sm_dprintf(" (skipped -- bcc)\n");
1742 			}
1743 			else
1744 			{
1745 				/* no other recipient headers: truncate value */
1746 				(void) sm_strlcpyn(obuf, sizeof obuf, 2,
1747 						   h->h_field, ":");
1748 				if (!putline(obuf, mci))
1749 					goto writeerr;
1750 			}
1751 			continue;
1752 		}
1753 
1754 		if (tTd(34, 11))
1755 			sm_dprintf("\n");
1756 
1757 		if (bitset(H_FROM|H_RCPT, h->h_flags))
1758 		{
1759 			/* address field */
1760 			bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);
1761 
1762 			if (bitset(H_FROM, h->h_flags))
1763 				oldstyle = false;
1764 			commaize(h, p, oldstyle, mci, e);
1765 		}
1766 		else
1767 		{
1768 			if (!put_vanilla_header(h, p, mci))
1769 				goto writeerr;
1770 		}
1771 	}
1772 
1773 	/*
1774 	**  If we are converting this to a MIME message, add the
1775 	**  MIME headers (but not in MIME mode!).
1776 	*/
1777 
1778 #if MIME8TO7
1779 	if (bitset(MM_MIME8BIT, MimeMode) &&
1780 	    bitset(EF_HAS8BIT, e->e_flags) &&
1781 	    !bitset(EF_DONT_MIME, e->e_flags) &&
1782 	    !bitnset(M_8BITS, mci->mci_mailer->m_flags) &&
1783 	    !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
1784 	    hvalue("MIME-Version", e->e_header) == NULL)
1785 	{
1786 		if (!putline("MIME-Version: 1.0", mci))
1787 			goto writeerr;
1788 		if (hvalue("Content-Type", e->e_header) == NULL)
1789 		{
1790 			(void) sm_snprintf(obuf, sizeof obuf,
1791 					"Content-Type: text/plain; charset=%s",
1792 					defcharset(e));
1793 			if (!putline(obuf, mci))
1794 				goto writeerr;
1795 		}
1796 		if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL
1797 		    && !putline("Content-Transfer-Encoding: 8bit", mci))
1798 			goto writeerr;
1799 	}
1800 #endif /* MIME8TO7 */
1801 	return true;
1802 
1803   writeerr:
1804 	return false;
1805 }
1806 /*
1807 **  PUT_VANILLA_HEADER -- output a fairly ordinary header
1808 **
1809 **	Parameters:
1810 **		h -- the structure describing this header
1811 **		v -- the value of this header
1812 **		mci -- the connection info for output
1813 **
1814 **	Returns:
1815 **		true iff header was written successfully
1816 */
1817 
1818 static bool
1819 put_vanilla_header(h, v, mci)
1820 	HDR *h;
1821 	char *v;
1822 	MCI *mci;
1823 {
1824 	register char *nlp;
1825 	register char *obp;
1826 	int putflags;
1827 	char obuf[MAXLINE + 256];	/* additional length for h_field */
1828 
1829 	putflags = PXLF_HEADER;
1830 	if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1831 		putflags |= PXLF_STRIP8BIT;
1832 	(void) sm_snprintf(obuf, sizeof obuf, "%.200s: ", h->h_field);
1833 	obp = obuf + strlen(obuf);
1834 	while ((nlp = strchr(v, '\n')) != NULL)
1835 	{
1836 		int l;
1837 
1838 		l = nlp - v;
1839 
1840 		/*
1841 		**  XXX This is broken for SPACELEFT()==0
1842 		**  However, SPACELEFT() is always > 0 unless MAXLINE==1.
1843 		*/
1844 
1845 		if (SPACELEFT(obuf, obp) - 1 < (size_t) l)
1846 			l = SPACELEFT(obuf, obp) - 1;
1847 
1848 		(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
1849 		if (!putxline(obuf, strlen(obuf), mci, putflags))
1850 			goto writeerr;
1851 		v += l + 1;
1852 		obp = obuf;
1853 		if (*v != ' ' && *v != '\t')
1854 			*obp++ = ' ';
1855 	}
1856 
1857 	/* XXX This is broken for SPACELEFT()==0 */
1858 	(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
1859 			   (int) (SPACELEFT(obuf, obp) - 1), v);
1860 	return putxline(obuf, strlen(obuf), mci, putflags);
1861 
1862   writeerr:
1863 	return false;
1864 }
1865 /*
1866 **  COMMAIZE -- output a header field, making a comma-translated list.
1867 **
1868 **	Parameters:
1869 **		h -- the header field to output.
1870 **		p -- the value to put in it.
1871 **		oldstyle -- true if this is an old style header.
1872 **		mci -- the connection information.
1873 **		e -- the envelope containing the message.
1874 **
1875 **	Returns:
1876 **		true iff header field was written successfully
1877 **
1878 **	Side Effects:
1879 **		outputs "p" to file "fp".
1880 */
1881 
1882 bool
1883 commaize(h, p, oldstyle, mci, e)
1884 	register HDR *h;
1885 	register char *p;
1886 	bool oldstyle;
1887 	register MCI *mci;
1888 	register ENVELOPE *e;
1889 {
1890 	register char *obp;
1891 	int opos;
1892 	int omax;
1893 	bool firstone = true;
1894 	int putflags = PXLF_HEADER;
1895 	char **res;
1896 	char obuf[MAXLINE + 3];
1897 
1898 	/*
1899 	**  Output the address list translated by the
1900 	**  mailer and with commas.
1901 	*/
1902 
1903 	if (tTd(14, 2))
1904 		sm_dprintf("commaize(%s: %s)\n", h->h_field, p);
1905 
1906 	if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
1907 		putflags |= PXLF_STRIP8BIT;
1908 
1909 	obp = obuf;
1910 	(void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.200s: ",
1911 			h->h_field);
1912 
1913 	/* opos = strlen(obp); */
1914 	opos = strlen(h->h_field) + 2;
1915 	if (opos > 202)
1916 		opos = 202;
1917 	obp += opos;
1918 	omax = mci->mci_mailer->m_linelimit - 2;
1919 	if (omax < 0 || omax > 78)
1920 		omax = 78;
1921 
1922 	/*
1923 	**  Run through the list of values.
1924 	*/
1925 
1926 	while (*p != '\0')
1927 	{
1928 		register char *name;
1929 		register int c;
1930 		char savechar;
1931 		int flags;
1932 		auto int status;
1933 
1934 		/*
1935 		**  Find the end of the name.  New style names
1936 		**  end with a comma, old style names end with
1937 		**  a space character.  However, spaces do not
1938 		**  necessarily delimit an old-style name -- at
1939 		**  signs mean keep going.
1940 		*/
1941 
1942 		/* find end of name */
1943 		while ((isascii(*p) && isspace(*p)) || *p == ',')
1944 			p++;
1945 		name = p;
1946 		res = NULL;
1947 		for (;;)
1948 		{
1949 			auto char *oldp;
1950 			char pvpbuf[PSBUFSIZE];
1951 
1952 			res = prescan(p, oldstyle ? ' ' : ',', pvpbuf,
1953 				      sizeof pvpbuf, &oldp, NULL, false);
1954 			p = oldp;
1955 #if _FFR_IGNORE_BOGUS_ADDR
1956 			/* ignore addresses that can't be parsed */
1957 			if (res == NULL)
1958 			{
1959 				name = p;
1960 				continue;
1961 			}
1962 #endif /* _FFR_IGNORE_BOGUS_ADDR */
1963 
1964 			/* look to see if we have an at sign */
1965 			while (*p != '\0' && isascii(*p) && isspace(*p))
1966 				p++;
1967 
1968 			if (*p != '@')
1969 			{
1970 				p = oldp;
1971 				break;
1972 			}
1973 			++p;
1974 			while (*p != '\0' && isascii(*p) && isspace(*p))
1975 				p++;
1976 		}
1977 		/* at the end of one complete name */
1978 
1979 		/* strip off trailing white space */
1980 		while (p >= name &&
1981 		       ((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
1982 			p--;
1983 		if (++p == name)
1984 			continue;
1985 
1986 		/*
1987 		**  if prescan() failed go a bit backwards; this is a hack,
1988 		**  there should be some better error recovery.
1989 		*/
1990 
1991 		if (res == NULL && p > name &&
1992 		    !((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
1993 			--p;
1994 		savechar = *p;
1995 		*p = '\0';
1996 
1997 		/* translate the name to be relative */
1998 		flags = RF_HEADERADDR|RF_ADDDOMAIN;
1999 		if (bitset(H_FROM, h->h_flags))
2000 			flags |= RF_SENDERADDR;
2001 #if USERDB
2002 		else if (e->e_from.q_mailer != NULL &&
2003 			 bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags))
2004 		{
2005 			char *q;
2006 
2007 			q = udbsender(name, e->e_rpool);
2008 			if (q != NULL)
2009 				name = q;
2010 		}
2011 #endif /* USERDB */
2012 		status = EX_OK;
2013 		name = remotename(name, mci->mci_mailer, flags, &status, e);
2014 		if (*name == '\0')
2015 		{
2016 			*p = savechar;
2017 			continue;
2018 		}
2019 		name = denlstring(name, false, true);
2020 
2021 		/* output the name with nice formatting */
2022 		opos += strlen(name);
2023 		if (!firstone)
2024 			opos += 2;
2025 		if (opos > omax && !firstone)
2026 		{
2027 			(void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
2028 			if (!putxline(obuf, strlen(obuf), mci, putflags))
2029 				goto writeerr;
2030 			obp = obuf;
2031 			(void) sm_strlcpy(obp, "        ", sizeof obuf);
2032 			opos = strlen(obp);
2033 			obp += opos;
2034 			opos += strlen(name);
2035 		}
2036 		else if (!firstone)
2037 		{
2038 			(void) sm_strlcpy(obp, ", ", SPACELEFT(obuf, obp));
2039 			obp += 2;
2040 		}
2041 
2042 		while ((c = *name++) != '\0' && obp < &obuf[MAXLINE])
2043 			*obp++ = c;
2044 		firstone = false;
2045 		*p = savechar;
2046 	}
2047 	if (obp < &obuf[sizeof obuf])
2048 		*obp = '\0';
2049 	else
2050 		obuf[sizeof obuf - 1] = '\0';
2051 	return putxline(obuf, strlen(obuf), mci, putflags);
2052 
2053   writeerr:
2054 	return false;
2055 }
2056 
2057 /*
2058 **  COPYHEADER -- copy header list
2059 **
2060 **	This routine is the equivalent of newstr for header lists
2061 **
2062 **	Parameters:
2063 **		header -- list of header structures to copy.
2064 **		rpool -- resource pool, or NULL
2065 **
2066 **	Returns:
2067 **		a copy of 'header'.
2068 **
2069 **	Side Effects:
2070 **		none.
2071 */
2072 
2073 HDR *
2074 copyheader(header, rpool)
2075 	register HDR *header;
2076 	SM_RPOOL_T *rpool;
2077 {
2078 	register HDR *newhdr;
2079 	HDR *ret;
2080 	register HDR **tail = &ret;
2081 
2082 	while (header != NULL)
2083 	{
2084 		newhdr = (HDR *) sm_rpool_malloc_x(rpool, sizeof *newhdr);
2085 		STRUCTCOPY(*header, *newhdr);
2086 		*tail = newhdr;
2087 		tail = &newhdr->h_link;
2088 		header = header->h_link;
2089 	}
2090 	*tail = NULL;
2091 
2092 	return ret;
2093 }
2094 /*
2095 **  FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header
2096 **
2097 **	Run through all of the parameters of a MIME header and
2098 **	possibly truncate and rebalance the parameter according
2099 **	to MaxMimeFieldLength.
2100 **
2101 **	Parameters:
2102 **		h -- the header to truncate/rebalance
2103 **		e -- the current envelope
2104 **
2105 **	Returns:
2106 **		length of last offending field, 0 if all ok.
2107 **
2108 **	Side Effects:
2109 **		string modified in place
2110 */
2111 
2112 static size_t
2113 fix_mime_header(h, e)
2114 	HDR *h;
2115 	ENVELOPE *e;
2116 {
2117 	char *begin = h->h_value;
2118 	char *end;
2119 	size_t len = 0;
2120 	size_t retlen = 0;
2121 
2122 	if (begin == NULL || *begin == '\0')
2123 		return 0;
2124 
2125 	/* Split on each ';' */
2126 	/* find_character() never returns NULL */
2127 	while ((end = find_character(begin, ';')) != NULL)
2128 	{
2129 		char save = *end;
2130 		char *bp;
2131 
2132 		*end = '\0';
2133 
2134 		len = strlen(begin);
2135 
2136 		/* Shorten individual parameter */
2137 		if (shorten_rfc822_string(begin, MaxMimeFieldLength))
2138 		{
2139 			if (len < MaxMimeFieldLength)
2140 			{
2141 				/* we only rebalanced a bogus field */
2142 				sm_syslog(LOG_ALERT, e->e_id,
2143 					  "Fixed MIME %s header field (possible attack)",
2144 					  h->h_field);
2145 				if (tTd(34, 11))
2146 					sm_dprintf("  fixed MIME %s header field (possible attack)\n",
2147 						   h->h_field);
2148 			}
2149 			else
2150 			{
2151 				/* we actually shortened the header */
2152 				retlen = len;
2153 			}
2154 		}
2155 
2156 		/* Collapse the possibly shortened string with rest */
2157 		bp = begin + strlen(begin);
2158 		if (bp != end)
2159 		{
2160 			char *ep = end;
2161 
2162 			*end = save;
2163 			end = bp;
2164 
2165 			/* copy character by character due to overlap */
2166 			while (*ep != '\0')
2167 				*bp++ = *ep++;
2168 			*bp = '\0';
2169 		}
2170 		else
2171 			*end = save;
2172 		if (*end == '\0')
2173 			break;
2174 
2175 		/* Move past ';' */
2176 		begin = end + 1;
2177 	}
2178 	return retlen;
2179 }
2180