blob: 13b955c4b5c85a80a6c269bc0b22173ced4519f0 [file] [log] [blame]
From 9984ae5cb0ea0d61df1612b06952a61323c083d9 Mon Sep 17 00:00:00 2001
From: Florian Weimer <fweimer@redhat.com>
Date: Mon, 17 Nov 2014 11:13:38 +0100
Subject: [PATCH 1/4] outof: Introduce expandaddr flag
Document that address expansion is disabled unless the expandaddr
binary option is set.
This has been assigned CVE-2014-7844 for BSD mailx, but it is not
a vulnerability in Heirloom mailx because this feature was documented.
This patch is taken from
ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz
Upstream-Status: Inappropriate [upstream is dead]
CVE: CVE-2014-7844
---
mailx.1 | 14 ++++++++++++++
names.c | 3 +++
2 files changed, 17 insertions(+)
diff --git a/mailx.1 b/mailx.1
index 70a7859..22a171b 100644
--- a/mailx.1
+++ b/mailx.1
@@ -656,6 +656,14 @@ but any reply returned to the machine
will have the system wide alias expanded
as all mail goes through sendmail.
.SS "Recipient address specifications"
+If the
+.I expandaddr
+option is not set (the default), recipient addresses must be names of
+local mailboxes or Internet mail addresses.
+.PP
+If the
+.I expandaddr
+option is set, the following rules apply:
When an address is used to name a recipient
(in any of To, Cc, or Bcc),
names of local mail folders
@@ -2391,6 +2399,12 @@ and exits immediately.
If this option is set,
\fImailx\fR starts even with an empty mailbox.
.TP
+.B expandaddr
+Causes
+.I mailx
+to expand message recipient addresses, as explained in the section,
+Recipient address specifications.
+.TP
.B flipr
Exchanges the
.I Respond
diff --git a/names.c b/names.c
index 66e976b..c69560f 100644
--- a/names.c
+++ b/names.c
@@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, struct header *hp)
FILE *fout, *fin;
int ispipe;
+ if (value("expandaddr") == NULL)
+ return names;
+
top = names;
np = names;
time(&now);
--
1.9.3