From 80ccc26415f380b67a7f9da91ba0d216c3fc6e74 Mon Sep 17 00:00:00 2001 From: Steve Holme Date: Mon, 10 Feb 2020 20:50:50 +0000 Subject: ftpserver: Corrected the e-mail address regex in MAIL_smtp() and RCTP_smtp() The dot character between the host and the tld was not being escaped, which meant it specified a match of 'any' character rather than an explicit dot separator. Additionally removed the dot character from the host name as it allowed the following to be specified as a valid address in our test cases: Both are typos from 98f7ca7 and 8880f84 :( I can't remember whether my intention was to allow sub-domains to be specified in the host or not with these additional dots, but by placing it outside of the host means it can only be specified once per domain and by placing a + after the new grouping support for sub-domains is kept. Closes #4912 --- tests/ftpserver.pl | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl index ac02722e9..e815619d6 100755 --- a/tests/ftpserver.pl +++ b/tests/ftpserver.pl @@ -6,7 +6,7 @@ # | (__| |_| | _ <| |___ # \___|\___/|_| \_\_____| # -# Copyright (C) 1998 - 2018, Daniel Stenberg, , et al. +# Copyright (C) 1998 - 2020, Daniel Stenberg, , et al. # # This software is licensed as described in the file COPYING, which # you should have received as part of this distribution. The terms @@ -828,7 +828,7 @@ sub MAIL_smtp { # Validate the from address (only <> and a valid email address inside # <> are allowed, such as ) if ((!$from) || (($from ne "<>") && ($from !~ - /^<([a-zA-Z0-9._%+-]+)\@([a-zA-Z0-9.-]+).([a-zA-Z]{2,4})>$/))) { + /^<([a-zA-Z0-9._%+-]+)\@(([a-zA-Z0-9-]+)\.)+([a-zA-Z]{2,4})>$/))) { sendcontrol "501 Invalid address\r\n"; } else { @@ -872,7 +872,7 @@ sub RCPT_smtp { # Validate the to address (only a valid email address inside <> is # allowed, such as ) if ($to !~ - /^<([a-zA-Z0-9._%+-]+)\@([a-zA-Z0-9.-]+).([a-zA-Z]{2,4})>$/) { + /^<([a-zA-Z0-9._%+-]+)\@(([a-zA-Z0-9-]+)\.)+([a-zA-Z]{2,4})>$/) { sendcontrol "501 Invalid address\r\n"; } else { -- cgit v1.2.3