1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2018 */
6 /* Copyright (c) The Exim Maintainers 2020 */
7 /* See the file NOTICE for conditions of use and distribution. */
9 /* Functions for parsing addresses */
15 static const uschar *last_comment_position;
19 /* In stand-alone mode, provide a replacement for deliver_make_addr()
20 and rewrite_address[_qualify]() so as to avoid having to drag in too much
21 redundant apparatus. */
25 address_item *deliver_make_addr(uschar *address, BOOL copy)
27 address_item *addr = store_get(sizeof(address_item), FALSE);
30 addr->address = address;
34 uschar *rewrite_address(uschar *recipient, BOOL dummy1, BOOL dummy2, rewrite_rule
40 uschar *rewrite_address_qualify(uschar *recipient, BOOL dummy1)
50 /*************************************************
51 * Find the end of an address *
52 *************************************************/
54 /* Scan over a string looking for the termination of an address at a comma,
55 or end of the string. It's the source-routed addresses which cause much pain
56 here. Although Exim ignores source routes, it must recognize such addresses, so
57 we cannot get rid of this logic.
60 s pointer to the start of an address
61 nl_ends if TRUE, '\n' terminates an address
63 Returns: pointer past the end of the address
64 (i.e. points to null or comma)
68 parse_find_address_end(const uschar *s, BOOL nl_ends)
70 BOOL source_routing = *s == '@';
71 int no_term = source_routing? 1 : 0;
73 while (*s != 0 && (*s != ',' || no_term > 0) && (*s != '\n' || !nl_ends))
75 /* Skip single quoted characters. Strictly these should not occur outside
76 quoted strings in RFC 822 addresses, but they can in RFC 821 addresses. Pity
77 about the lack of consistency, isn't it? */
79 if (*s == '\\' && s[1] != 0) s += 2;
81 /* Skip quoted items that are not inside brackets. Note that
82 quoted pairs are allowed inside quoted strings. */
86 while (*(++s) != 0 && (*s != '\n' || !nl_ends))
88 if (*s == '\\' && s[1] != 0) s++;
89 else if (*s == '\"') { s++; break; }
93 /* Skip comments, which may include nested brackets, but quotes
94 are not recognized inside comments, though quoted pairs are. */
99 while (*(++s) != 0 && (*s != '\n' || !nl_ends))
101 if (*s == '\\' && s[1] != 0) s++;
102 else if (*s == '(') level++;
103 else if (*s == ')' && --level <= 0) { s++; break; }
107 /* Non-special character; just advance. Passing the colon in a source
108 routed address means that any subsequent comma or colon may terminate unless
109 inside angle brackets. */
115 source_routing = s[1] == '@';
116 no_term = source_routing? 2 : 1;
118 else if (*s == '>') no_term--;
119 else if (source_routing && *s == ':') no_term--;
129 /*************************************************
130 * Find last @ in an address *
131 *************************************************/
133 /* This function is used when we have something that may not qualified. If we
134 know it's qualified, searching for the rightmost '@' is sufficient. Here we
135 have to be a bit more clever than just a plain search, in order to handle
136 unqualified local parts like "thing@thong" correctly. Since quotes may not
137 legally be part of a domain name, we can give up on hitting the first quote
138 when searching from the right. Now that the parsing also permits the RFC 821
139 form of address, where quoted-pairs are allowed in unquoted local parts, we
140 must take care to handle that too.
142 Argument: pointer to an address, possibly unqualified
143 Returns: pointer to the last @ in an address, or NULL if none
147 parse_find_at(const uschar *s)
149 const uschar * t = s + Ustrlen(s);
153 int backslash_count = 0;
154 const uschar *tt = t - 1;
155 while (tt > s && *tt-- == '\\') backslash_count++;
156 if ((backslash_count & 1) == 0) return t;
167 /***************************************************************************
168 * In all the functions below that read a particular object type from *
169 * the input, return the new value of the pointer s (the first argument), *
170 * and put the object into the store pointed to by t (the second argument), *
171 * adding a terminating zero. If no object is found, t will point to zero *
173 ***************************************************************************/
176 /*************************************************
177 * Skip white space and comment *
178 *************************************************/
182 (2) If uschar not '(', return.
183 (3) Skip till matching ')', not counting any characters
185 (4) Move past ')' and goto (1).
187 The start of the last potential comment position is remembered to
188 make it possible to ignore comments at the end of compound items.
190 Argument: current character pointer
191 Returns: new character pointer
194 static const uschar *
195 skip_comment(const uschar *s)
197 last_comment_position = s;
202 if (Uskip_whitespace(&s) != '(') break;
206 if (c == '(') level++;
207 else if (c == ')') { if (--level <= 0) { s++; break; } }
208 else if (c == '\\' && s[1] != 0) s++;
216 /*************************************************
218 *************************************************/
220 /* A domain is a sequence of subdomains, separated by dots. See comments below
221 for detailed syntax of the subdomains.
223 If allow_domain_literals is TRUE, a "domain" may also be an IP address enclosed
224 in []. Make sure the output is set to the null string if there is a syntax
225 error as well as if there is no domain at all.
228 s current character pointer
229 t where to put the domain
230 errorptr put error message here on failure (*t will be 0 on exit)
232 Returns: new character pointer
235 static const uschar *
236 read_domain(const uschar *s, uschar *t, uschar **errorptr)
241 /* Handle domain literals if permitted. An RFC 822 domain literal may contain
242 any character except [ ] \, including linear white space, and may contain
243 quoted characters. However, RFC 821 restricts literals to being dot-separated
244 3-digit numbers, and we make the obvious extension for IPv6. Go for a sequence
245 of digits, dots, hex digits, and colons here; later this will be checked for
246 being a syntactically valid IP address if it ever gets to a router.
248 Allow both the formal IPv6 form, with IPV6: at the start, and the informal form
249 without it, and accept IPV4: as well, 'cause someone will use it sooner or
256 if (strncmpic(s, US"IPv6:", 5) == 0 || strncmpic(s, US"IPv4:", 5) == 0)
262 while (*s == '.' || *s == ':' || isxdigit(*s)) *t++ = *s++;
264 if (*s == ']') *t++ = *s++; else
266 *errorptr = US"malformed domain literal";
270 if (!allow_domain_literals)
272 *errorptr = US"domain literals not allowed";
276 return skip_comment(s);
279 /* Handle a proper domain, which is a sequence of dot-separated atoms. Remove
280 trailing dots if strip_trailing_dot is set. A subdomain is an atom.
282 An atom is a sequence of any characters except specials, space, and controls.
283 The specials are ( ) < > @ , ; : \ " . [ and ]. This is the rule for RFC 822
284 and its successor (RFC 2822). However, RFC 821 and its successor (RFC 2821) is
285 tighter, allowing only letters, digits, and hyphens, not starting with a
288 There used to be a global flag that got set when checking addresses that came
289 in over SMTP and which should therefore should be checked according to the
290 stricter rule. However, it seems silly to make the distinction, because I don't
291 suppose anybody ever uses local domains that are 822-compliant and not
292 821-compliant. Furthermore, Exim now has additional data on the spool file line
293 after an address (after "one_time" processing), and it makes use of a #
294 character to delimit it. When I wrote that code, I forgot about this 822-domain
295 stuff, and assumed # could never appear in a domain.
297 So the old code is now cut out for Release 4.11 onwards, on 09-Aug-02. In a few
298 years, when we are sure this isn't actually causing trouble, throw it away.
300 March 2003: the story continues: There is a camp that is arguing for the use of
301 UTF-8 in domain names as the way to internationalization, and other MTAs
302 support this. Therefore, we now have a flag that permits the use of characters
303 with values greater than 127, encoded in UTF-8, in subdomains, so that Exim can
304 be used experimentally in this way. */
310 /*********************
313 if (*s != '-') while (isalnum(*s) || *s == '-') *t++ = *s++;
316 while (!mac_iscntrl_or_special(*s)) *t++ = *s++;
317 *********************/
321 /* Only letters, digits, and hyphens */
323 if (!allow_utf8_domains)
325 while (isalnum(*s) || *s == '-') *t++ = *s++;
328 /* Permit legal UTF-8 characters to be included */
333 if (isalnum(*s) || *s == '-') /* legal ascii characters */
338 if ((*s & 0xc0) != 0xc0) break; /* not start of UTF-8 character */
340 for (i = 1; i < 6; i++) /* i is the number of additional bytes */
342 if ((d & 0x80) == 0) break;
345 if (i == 6) goto BAD_UTF8; /* invalid UTF-8 */
346 *t++ = *s++; /* leading UTF-8 byte */
347 while (i-- > 0) /* copy and check remainder */
349 if ((*s & 0xc0) != 0x80)
352 *errorptr = US"invalid UTF-8 byte sequence";
358 } /* End of loop for UTF-8 character */
359 } /* End of subdomain */
364 if (t == tsave) /* empty component */
366 if (strip_trailing_dot && t > tt && *s != '.') t[-1] = 0; else
368 *errorptr = US"domain missing or malformed";
374 if (*s != '.') break;
384 /*************************************************
385 * Read a local-part *
386 *************************************************/
388 /* A local-part is a sequence of words, separated by periods. A null word
389 between dots is not strictly allowed but apparently many mailers permit it,
390 so, sigh, better be compatible. Even accept a trailing dot...
392 A <word> is either a quoted string, or an <atom>, which is a sequence
393 of any characters except specials, space, and controls. The specials are
394 ( ) < > @ , ; : \ " . [ and ]. In RFC 822, a single quoted character, (a
395 quoted-pair) is not allowed in a word. However, in RFC 821, it is permitted in
396 the local part of an address. Rather than have separate parsing functions for
397 the different cases, take the liberal attitude always. At least one MUA is
398 happy to recognize this case; I don't know how many other programs do.
401 s current character pointer
402 t where to put the local part
403 error where to point error text
404 allow_null TRUE if an empty local part is not an error
406 Returns: new character pointer
409 static const uschar *
410 read_local_part(const uschar *s, uschar *t, uschar **error, BOOL allow_null)
420 /* Handle a quoted string */
425 while ((c = *++s) && c != '\"')
428 if (c == '\\' && s[1]) *t++ = *++s;
437 *error = US"unmatched doublequote in local part";
442 /* Handle an atom, but allow quoted pairs within it. */
444 else while (!mac_iscntrl_or_special(*s) || *s == '\\')
447 if (c == '\\' && *s) *t++ = *s++;
450 /* Terminate the word and skip subsequent comment */
455 /* If we have read a null component at this point, give an error unless it is
456 terminated by a dot - an extension to RFC 822 - or if it is the first
457 component of the local part and an empty local part is permitted, in which
458 case just return normally. */
460 if (t == tsave && *s != '.')
462 if (t == tt && !allow_null)
463 *error = US"missing or malformed local part";
467 /* Anything other than a dot terminates the local part. Treat multiple dots
468 as a single dot, as this seems to be a common extension. */
470 if (*s != '.') break;
471 do { *t++ = *s++; } while (*s == '.');
478 /*************************************************
479 * Read route part of route-addr *
480 *************************************************/
482 /* The pointer is at the initial "@" on entry. Return it following the
483 terminating colon. Exim no longer supports the use of source routes, but it is
484 required to accept the syntax.
487 s current character pointer
488 t where to put the route
489 errorptr where to put an error message
491 Returns: new character pointer
494 static const uschar *
495 read_route(const uschar *s, uschar *t, uschar **errorptr)
503 s = read_domain(s+1, t, errorptr);
504 if (*t == 0) return s;
505 t += Ustrlen((const uschar *)t);
506 if (*s != ',') break;
512 if (*s == ':') *t++ = *s++;
514 /* If there is no colon, and there were no commas, the most likely error
515 is in fact a missing local part in the address rather than a missing colon
518 else *errorptr = commas?
519 US"colon expected after route list" :
522 /* Terminate the route and return */
525 return skip_comment(s);
530 /*************************************************
532 *************************************************/
534 /* Addr-spec is local-part@domain. We make the domain optional -
535 the expected terminator for the whole thing is passed to check this.
536 This function is called only when we know we have a route-addr.
539 s current character pointer
540 t where to put the addr-spec
541 term expected terminator (0 or >)
542 errorptr where to put an error message
543 domainptr set to point to the start of the domain
545 Returns: new character pointer
548 static const uschar *
549 read_addr_spec(const uschar *s, uschar *t, int term, uschar **errorptr,
552 s = read_local_part(s, t, errorptr, FALSE);
553 if (*errorptr == NULL)
556 *errorptr = string_sprintf("\"@\" or \".\" expected after \"%s\"", t);
559 t += Ustrlen((const uschar *)t);
562 s = read_domain(s, t, errorptr);
569 /*************************************************
570 * Extract operative address *
571 *************************************************/
573 /* This function extracts an operative address from a full RFC822 mailbox and
574 returns it in a piece of dynamic store. We take the easy way and get a piece
575 of store the same size as the input, and then copy into it whatever is
576 necessary. If we cannot find a valid address (syntax error), return NULL, and
577 point the error pointer to the reason. The arguments "start" and "end" are used
578 to return the offsets of the first and one past the last characters in the
579 original mailbox of the address that has been extracted, to aid in re-writing.
580 The argument "domain" is set to point to the first character after "@" in the
581 final part of the returned address, or zero if there is no @.
583 Exim no longer supports the use of source routed addresses (those of the form
584 @domain,...:route_addr). It recognizes the syntax, but collapses such addresses
585 down to their final components. Formerly, collapse_source_routes had to be set
586 to achieve this effect. RFC 1123 allows collapsing with MAY, while the revision
587 of RFC 821 had increased this to SHOULD, so I've gone for it, because it makes
588 a lot of code elsewhere in Exim much simpler.
590 There are some special fudges here for handling RFC 822 group address notation
591 which may appear in certain headers. If the flag parse_allow_group is set
592 TRUE and parse_found_group is FALSE when this function is called, an address
593 which is the start of a group (i.e. preceded by a phrase and a colon) is
594 recognized; the phrase is ignored and the flag parse_found_group is set. If
595 this flag is TRUE at the end of an address, and if an extraneous semicolon is
596 found, it is ignored and the flag is cleared.
598 This logic is used only when scanning through addresses in headers, either to
599 fulfil the -t option, or for rewriting, or for checking header syntax. Because
600 the group "state" has to be remembered between multiple calls of this function,
601 the variables parse_{allow,found}_group are global. It is important to ensure
602 that they are reset to FALSE at the end of scanning a header's list of
606 mailbox points to the RFC822 mailbox
607 errorptr where to point an error message
608 start set to start offset in mailbox
609 end set to end offset in mailbox
610 domain set to domain offset in result, or 0 if no domain present
611 allow_null allow <> if TRUE
613 Returns: points to the extracted address, or NULL on error
616 #define FAILED(s) { *errorptr = s; goto PARSE_FAILED; }
619 parse_extract_address(const uschar *mailbox, uschar **errorptr, int *start, int *end,
620 int *domain, BOOL allow_null)
622 uschar *yield = store_get(Ustrlen(mailbox) + 1, is_tainted(mailbox));
623 const uschar *startptr, *endptr;
624 const uschar *s = US mailbox;
625 uschar *t = US yield;
629 /* At the start of the string we expect either an addr-spec or a phrase
630 preceding a <route-addr>. If groups are allowed, we might also find a phrase
631 preceding a colon and an address. If we find an initial word followed by
632 a dot, strict interpretation of the RFC would cause it to be taken
633 as the start of an addr-spec. However, many mailers break the rules
634 and use addresses of the form "a.n.other <ano@somewhere>" and so we
637 RESTART: /* Come back here after passing a group name */
640 startptr = s; /* In case addr-spec */
641 s = read_local_part(s, t, errorptr, TRUE); /* Dot separated words */
642 if (*errorptr) goto PARSE_FAILED;
644 /* If the terminator is neither < nor @ then the format of the address
645 must either be a bare local-part (we are now at the end), or a phrase
646 followed by a route-addr (more words must follow). */
648 if (*s != '@' && *s != '<')
650 if (*s == 0 || *s == ';')
652 if (*t == 0) FAILED(US"empty address");
653 endptr = last_comment_position;
654 goto PARSE_SUCCEEDED; /* Bare local part */
657 /* Expect phrase route-addr, or phrase : if groups permitted, but allow
658 dots in the phrase; complete the loop only when '<' or ':' is encountered -
659 end of string will produce a null local_part and therefore fail. We don't
660 need to keep updating t, as the phrase isn't to be kept. */
662 while (*s != '<' && (!f.parse_allow_group || *s != ':'))
664 s = read_local_part(s, t, errorptr, FALSE);
667 *errorptr = string_sprintf("%s (expected word or \"<\")", *errorptr);
674 f.parse_found_group = TRUE;
675 f.parse_allow_group = FALSE;
680 /* Assert *s == '<' */
683 /* At this point the next character is either '@' or '<'. If it is '@', only a
684 single local-part has previously been read. An angle bracket signifies the
685 start of an <addr-spec>. Throw away anything we have saved so far before
686 processing it. Note that this is "if" rather than "else if" because it's also
687 used after reading a preceding phrase.
689 There are a lot of broken sendmails out there that put additional pairs of <>
690 round <route-addr>s. If strip_excess_angle_brackets is set, allow a limited
691 number of them, as long as they match. */
695 uschar *domainptr = yield;
696 BOOL source_routed = FALSE;
697 int bracket_count = 1;
700 if (strip_excess_angle_brackets) while (*s == '<')
702 if(bracket_count++ > 5) FAILED(US"angle-brackets nested too deep");
710 /* Read an optional series of routes, each of which is a domain. They
711 are separated by commas and terminated by a colon. However, we totally ignore
712 such routes (RFC 1123 says we MAY, and the revision of RFC 821 says we
717 s = read_route(s, t, errorptr);
718 if (*errorptr) goto PARSE_FAILED;
719 *t = 0; /* Ensure route is ignored - probably overkill */
720 source_routed = TRUE;
723 /* Now an addr-spec, terminated by '>'. If there is no preceding route,
724 we must allow an empty addr-spec if allow_null is TRUE, to permit the
725 address "<>" in some circumstances. A source-routed address MUST have
726 a domain in the final part. */
728 if (allow_null && !source_routed && *s == '>')
735 s = read_addr_spec(s, t, '>', errorptr, &domainptr);
736 if (*errorptr) goto PARSE_FAILED;
737 *domain = domainptr - yield;
738 if (source_routed && *domain == 0)
739 FAILED(US"domain missing in source-routed address");
743 if (*errorptr != NULL) goto PARSE_FAILED;
744 while (bracket_count-- > 0) if (*s++ != '>')
746 *errorptr = s[-1] == 0
747 ? US"'>' missing at end of address"
748 : string_sprintf("malformed address: %.32s may not follow %.*s",
749 s-1, (int)(s - US mailbox - 1), mailbox);
756 /* Hitting '@' after the first local-part means we have definitely got an
757 addr-spec, on a strict reading of the RFC, and the rest of the string
758 should be the domain. However, for flexibility we allow for a route-address
759 not enclosed in <> as well, which is indicated by an empty first local
760 part preceding '@'. The source routing is, however, ignored. */
764 uschar *domainptr = yield;
765 s = read_route(s, t, errorptr);
766 if (*errorptr != NULL) goto PARSE_FAILED;
767 *t = 0; /* Ensure route is ignored - probably overkill */
768 s = read_addr_spec(s, t, 0, errorptr, &domainptr);
769 if (*errorptr != NULL) goto PARSE_FAILED;
770 *domain = domainptr - yield;
771 endptr = last_comment_position;
772 if (*domain == 0) FAILED(US"domain missing in source-routed address");
775 /* This is the strict case of local-part@domain. */
779 t += Ustrlen((const uschar *)t);
782 s = read_domain(s, t, errorptr);
783 if (*t == 0) goto PARSE_FAILED;
784 endptr = last_comment_position;
787 /* Use goto to get here from the bare local part case. Arrive by falling
788 through for other cases. Endptr may have been moved over whitespace, so
789 move it back past white space if necessary. */
794 if (f.parse_found_group && *s == ';')
796 f.parse_found_group = FALSE;
797 f.parse_allow_group = TRUE;
801 *errorptr = string_sprintf("malformed address: %.32s may not follow %.*s",
802 s, (int)(s - US mailbox), mailbox);
806 *start = startptr - US mailbox; /* Return offsets */
807 while (isspace(endptr[-1])) endptr--;
808 *end = endptr - US mailbox;
810 /* Although this code has no limitation on the length of address extracted,
811 other parts of Exim may have limits, and in any case, RFC 5321 limits email
812 addresses to 256, so we do a check here, giving an error if the address is
813 ridiculously long. */
815 if (*end - *start > EXIM_EMAILADDR_MAX)
817 *errorptr = string_sprintf("address is ridiculously long: %.64s...", yield);
823 /* Use goto (via the macro FAILED) to get to here from a variety of places.
824 We might have an empty address in a group - the caller can choose to ignore
825 this. We must, however, keep the flags correct. */
828 if (f.parse_found_group && *s == ';')
830 f.parse_found_group = FALSE;
831 f.parse_allow_group = TRUE;
840 /*************************************************
841 * Quote according to RFC 2047 *
842 *************************************************/
844 /* This function is used for quoting text in headers according to RFC 2047.
845 If the only characters that strictly need quoting are spaces, we return the
846 original string, unmodified.
848 Hmmph. As always, things get perverted for other uses. This function was
849 originally for the "phrase" part of addresses. Now it is being used for much
850 longer texts in ACLs and via the ${rfc2047: expansion item. This means we have
851 to check for overlong "encoded-word"s and split them. November 2004.
854 string the string to quote - already checked to contain non-printing
856 len the length of the string
857 charset the name of the character set; NULL => iso-8859-1
858 fold if TRUE, a newline is inserted before the separating space when
859 more than one encoded-word is generated
861 Returns: pointer to the original string, if no quoting needed, or
862 pointer to allocated memory containing the quoted string
866 parse_quote_2047(const uschar *string, int len, const uschar *charset,
869 const uschar * s = string;
872 BOOL first_byte = FALSE;
874 string_fmt_append(NULL, "=?%s?Q?", charset ? charset : US"iso-8859-1");
878 for (s = string; len > 0; s++, len--)
882 if (g->ptr - l > 67 && !first_byte)
884 g = fold ? string_catn(g, US"?=\n ", 4) : string_catn(g, US"?= ", 3);
886 g = string_catn(g, g->s, hlen);
889 if ( ch < 33 || ch > 126
890 || Ustrchr("?=()<>@,;:\\\".[]_", ch) != NULL)
894 g = string_catn(g, US"_", 1);
899 g = string_fmt_append(g, "=%02X", ch);
901 first_byte = !first_byte;
905 { g = string_catn(g, s, 1); first_byte = FALSE; }
909 string = string_from_gstring(g = string_catn(g, US"?=", 2));
913 gstring_release_unused(g);
920 /*************************************************
921 * Fix up an RFC 822 "phrase" *
922 *************************************************/
924 /* This function is called to repair any syntactic defects in the "phrase" part
925 of an RFC822 address. In particular, it is applied to the user's name as read
926 from the passwd file when accepting a local message, and to the data from the
929 If the string contains existing quoted strings or comments containing
930 freestanding quotes, then we just quote those bits that need quoting -
931 otherwise it would get awfully messy and probably not look good. If not, we
932 quote the whole thing if necessary. Thus
934 John Q. Smith => "John Q. Smith"
935 John "Jack" Smith => John "Jack" Smith
936 John "Jack" Q. Smith => John "Jack" "Q." Smith
937 John (Jack) Q. Smith => "John (Jack) Q. Smith"
938 John ("Jack") Q. Smith => John ("Jack") "Q." Smith
940 John (\"Jack\") Q. Smith => "John (\"Jack\") Q. Smith"
942 Sheesh! This is tedious code. It is a great pity that the syntax of RFC822 is
945 August 2000: Additional code added:
947 Previously, non-printing characters were turned into question marks, which do
948 not need to be quoted.
950 Now, a different tactic is used if there are any non-printing ASCII
951 characters. The encoding method from RFC 2047 is used, assuming iso-8859-1 as
954 We *could* use this for all cases, getting rid of the messy original code,
955 but leave it for now. It would complicate simple cases like "John Q. Smith".
957 The result is passed back in allocated memory.
960 phrase an RFC822 phrase
961 len the length of the phrase
963 Returns: the fixed RFC822 phrase
967 parse_fix_phrase(const uschar *phrase, int len)
971 const uschar *s, *end;
975 while (len > 0 && isspace(*phrase)) { phrase++; len--; }
977 /* See if there are any non-printing characters, and if so, use the RFC 2047
978 encoding for the whole thing. */
980 for (i = 0, s = phrase; i < len; i++, s++)
981 if ((*s < 32 && *s != '\t') || *s > 126) break;
984 return parse_quote_2047(phrase, len, headers_charset, FALSE);
986 /* No non-printers; use the RFC 822 quoting rules */
988 if (len <= 0 || len >= INT_MAX/4)
990 return string_copy_taint(CUS"", is_tainted(phrase));
993 buffer = store_get((len+1)*4, is_tainted(phrase));
997 yield = t = buffer + 1;
1003 /* Copy over quoted strings, remembering we encountered one */
1008 while (s < end && (ch = *s++) != '\"')
1011 if (ch == '\\' && s < end) *t++ = *s++;
1014 if (s >= end) break;
1018 /* Copy over comments, noting if they contain freestanding quote
1029 if (ch == '(') level++;
1030 else if (ch == ')') { if (--level <= 0) break; }
1031 else if (ch == '\\' && s < end) *t++ = *s++ & 127;
1032 else if (ch == '\"') quoted = TRUE;
1036 while (level--) *t++ = ')';
1041 /* Handle special characters that need to be quoted */
1043 else if (Ustrchr(")<>@,;:\\.[]", ch) != NULL)
1045 /* If hit previous quotes just make one quoted "word" */
1050 while (*(--tt) != ' ' && *tt != '\"' && *tt != ')') tt[1] = *tt;
1056 if (ch == ' ' || ch == '\"') { s--; break; } else *t++ = ch;
1061 /* Else quote the whole string so far, and the rest up to any following
1062 quotes. We must treat anything following a backslash as a literal. */
1066 BOOL escaped = (ch == '\\');
1070 /* Now look for the end or a quote */
1076 /* Handle escaped pairs */
1084 else if (ch == '\\')
1090 /* If hit subsequent quotes, insert our quote before any trailing
1091 spaces and back up to re-handle the quote in the outer loop. */
1093 else if (ch == '\"')
1096 while (t[-1] == ' ') { t--; count++; }
1098 while (count-- > 0) *t++ = ' ';
1103 /* If hit a subsequent comment, check it for unescaped quotes,
1104 and if so, end our quote before it. */
1108 const uschar *ss = s; /* uschar after '(' */
1113 if (ch == '(') level++;
1114 else if (ch == ')') { if (--level <= 0) break; }
1115 else if (ch == '\\' && ss+1 < end) ss++;
1116 else if (ch == '\"') { quoted = TRUE; break; }
1119 /* Comment contains unescaped quotes; end our quote before
1120 the start of the comment. */
1125 while (t[-1] == ' ') { t--; count++; }
1127 while (count-- > 0) *t++ = ' ';
1131 /* Comment does not contain unescaped quotes; include it in
1136 if (ss >= end) ss--;
1140 Ustrncpy(t, s, ss-s);
1147 /* Not a comment or quote; include this character in our quotes. */
1153 /* Add a final quote if we hit the end of the string. */
1155 if (s >= end) *t++ = '\"';
1158 /* Non-special character; just copy it over */
1164 store_release_above(t+1);
1169 /*************************************************
1170 * Extract addresses from a list *
1171 *************************************************/
1173 /* This function is called by the redirect router to scan a string containing a
1174 list of addresses separated by commas (with optional white space) or by
1175 newlines, and to generate a chain of address items from them. In other words,
1176 to unpick data from an alias or .forward file.
1178 The SunOS5 documentation for alias files is not very clear on the syntax; it
1179 does not say that either a comma or a newline can be used for separation.
1180 However, that is the way Smail does it, so we follow suit.
1182 If a # character is encountered in a white space position, then characters from
1183 there to the next newline are skipped.
1185 If an unqualified address begins with '\', just skip that character. This gives
1186 compatibility with Sendmail's use of \ to prevent looping. Exim has its own
1187 loop prevention scheme which handles other cases too - see the code in
1190 An "address" can be a specification of a file or a pipe; the latter may often
1191 need to be quoted because it may contain spaces, but we don't want to retain
1192 the quotes. Quotes may appear in normal addresses too, and should be retained.
1193 We can distinguish between these cases, because in addresses, quotes are used
1194 only for parts of the address, not the whole thing. Therefore, we remove quotes
1195 from items when they entirely enclose them, but not otherwise.
1197 An "address" can also be of the form :include:pathname to include a list of
1198 addresses contained in the specified file.
1200 Any unqualified addresses are qualified with and rewritten if necessary, via
1201 the rewrite_address() function.
1204 s the list of addresses (typically a complete
1205 .forward file or a list of entries in an alias file)
1206 options option bits for permitting or denying various special cases;
1207 not all bits are relevant here - some are for filter
1208 files; those we use here are:
1215 anchor where to hang the chain of newly-created addresses. This
1216 should be initialized to NULL.
1217 error where to return an error text
1218 incoming domain domain of the incoming address; used to qualify unqualified
1219 local parts preceded by \
1220 directory if NULL, no checks are done on :include: files
1221 otherwise, included file names must start with the given
1223 syntax_errors if not NULL, it carries on after syntax errors in addresses,
1224 building up a list of errors as error blocks chained on
1227 Returns: FF_DELIVERED addresses extracted
1228 FF_NOTDELIVERED no addresses extracted, but no errors
1229 FF_BLACKHOLE :blackhole:
1232 FF_INCLUDEFAIL some problem with :include:; *error set
1233 FF_ERROR other problems; *error is set
1237 parse_forward_list(const uschar *s, int options, address_item **anchor,
1238 uschar **error, const uschar *incoming_domain, uschar *directory,
1239 error_block **syntax_errors)
1243 DEBUG(D_route) debug_printf("parse_forward_list: %s\n", s);
1251 const uschar *ss, *nexts;
1253 BOOL inquote = FALSE;
1257 while (isspace(*s) || *s == ',') s++;
1258 if (*s == '#') { while (*s != 0 && *s != '\n') s++; } else break;
1261 /* When we reach the end of the list, we return FF_DELIVERED if any child
1262 addresses have been generated. If nothing has been generated, there are two
1263 possibilities: either the list is really empty, or there were syntax errors
1264 that are being skipped. (If syntax errors are not being skipped, an FF_ERROR
1265 return is generated on hitting a syntax error and we don't get here.) For a
1266 truly empty list we return FF_NOTDELIVERED so that the router can decline.
1267 However, if the list is empty only because syntax errors were skipped, we
1268 return FF_DELIVERED. */
1272 return (count > 0 || (syntax_errors && *syntax_errors))
1273 ? FF_DELIVERED : FF_NOTDELIVERED;
1275 /* This previous code returns FF_ERROR if nothing is generated but a
1276 syntax error has been skipped. I now think it is the wrong approach, but
1277 have left this here just in case, and for the record. */
1280 if (count > 0) return FF_DELIVERED; /* Something was generated */
1282 if (syntax_errors == NULL || /* Not skipping syntax errors, or */
1283 *syntax_errors == NULL) /* we didn't actually skip any */
1284 return FF_NOTDELIVERED;
1286 *error = string_sprintf("no addresses generated: syntax error in %s: %s",
1287 (*syntax_errors)->text2, (*syntax_errors)->text1);
1292 /* Find the end of the next address. Quoted strings in addresses may contain
1293 escaped characters; I haven't found a proper specification of .forward or
1294 alias files that mentions the quoting properties, but it seems right to do
1295 the escaping thing in all cases, so use the function that finds the end of an
1296 address. However, don't let a quoted string extend over the end of a line. */
1298 ss = parse_find_address_end(s, TRUE);
1300 /* Remember where we finished, for starting the next one. */
1304 /* Remove any trailing spaces; we know there's at least one non-space. */
1306 while (isspace((ss[-1]))) ss--;
1308 /* We now have s->start and ss->end of the next address. Remove quotes
1309 if they completely enclose, remembering the address started with a quote
1310 for handling pipes and files. Another round of removal of leading and
1311 trailing spaces is then required. */
1313 if (*s == '\"' && ss[-1] == '\"')
1318 while (s < ss && isspace(*s)) s++;
1319 while (ss > s && isspace((ss[-1]))) ss--;
1322 /* Set up the length of the address. */
1326 DEBUG(D_route) debug_printf("extract item: %.*s\n", len, s);
1328 /* Handle special addresses if permitted. If the address is :unknown:
1329 ignore it - this is for backward compatibility with old alias files. You
1330 don't need to use it nowadays - just generate an empty string. For :defer:,
1331 :blackhole:, or :fail: we have to set up the error message and give up right
1334 if (Ustrncmp(s, ":unknown:", len) == 0)
1340 if (Ustrncmp(s, ":defer:", 7) == 0)
1341 { special = FF_DEFER; specopt = RDO_DEFER; } /* specbit is 0 */
1342 else if (Ustrncmp(s, ":blackhole:", 11) == 0)
1343 { special = FF_BLACKHOLE; specopt = specbit = RDO_BLACKHOLE; }
1344 else if (Ustrncmp(s, ":fail:", 6) == 0)
1345 { special = FF_FAIL; specopt = RDO_FAIL; } /* specbit is 0 */
1349 uschar *ss = Ustrchr(s+1, ':') + 1;
1350 if ((options & specopt) == specbit)
1352 *error = string_sprintf("\"%.*s\" is not permitted", len, s);
1355 while (*ss && isspace(*ss)) ss++;
1356 while (s[len] && s[len] != '\n') len++;
1357 *error = string_copyn(ss, s + len - ss);
1361 /* If the address is of the form :include:pathname, read the file, and call
1362 this function recursively to extract the addresses from it. If directory is
1363 NULL, do no checks. Otherwise, insist that the file name starts with the
1364 given directory and is a regular file. */
1366 if (Ustrncmp(s, ":include:", 9) == 0)
1369 uschar filename[256];
1370 const uschar * t = s+9;
1373 struct stat statbuf;
1377 while (flen > 0 && isspace(*t)) { t++; flen--; }
1381 *error = US"file name missing after :include:";
1387 *error = string_sprintf("included file name \"%s\" is too long", t);
1391 Ustrncpy(filename, t, flen);
1394 /* Insist on absolute path */
1396 if (filename[0] != '/')
1398 *error = string_sprintf("included file \"%s\" is not an absolute path",
1403 /* Check if include is permitted */
1405 if (options & RDO_INCLUDE)
1407 *error = US"included files not permitted";
1411 if ((*error = is_tainted2(filename, 0, "Tainted name '%s' for included file not permitted\n", filename)))
1414 /* Check file name if required */
1418 int len = Ustrlen(directory);
1419 uschar *p = filename + len;
1421 if (Ustrncmp(filename, directory, len) != 0 || *p != '/')
1423 *error = string_sprintf("included file %s is not in directory %s",
1424 filename, directory);
1428 #ifdef EXIM_HAVE_OPENAT
1429 /* It is necessary to check that every component inside the directory
1430 is NOT a symbolic link, in order to keep the file inside the directory.
1431 This is mighty tedious. We open the directory and openat every component,
1432 with a flag that fails symlinks. */
1435 int fd = exim_open2(CS directory, O_RDONLY);
1438 *error = string_sprintf("failed to open directory %s", directory);
1447 while (*++p && *p != '/') ;
1451 fd2 = exim_openat(fd, CS q, O_RDONLY|O_NOFOLLOW);
1456 *error = string_sprintf("failed to open %s (component of included "
1457 "file); could be symbolic link", filename);
1462 f = fdopen(fd, "rb");
1465 /* It is necessary to check that every component inside the directory
1466 is NOT a symbolic link, in order to keep the file inside the directory.
1467 This is mighty tedious. It is also not totally foolproof in that it
1468 leaves the possibility of a race attack, but I don't know how to do
1474 while (*++p && *p != '/');
1477 if (Ulstat(filename, &statbuf) != 0)
1479 *error = string_sprintf("failed to stat %s (component of included "
1487 if ((statbuf.st_mode & S_IFMT) == S_IFLNK)
1489 *error = string_sprintf("included file %s in the %s directory "
1490 "involves a symbolic link", filename, directory);
1497 #ifdef EXIM_HAVE_OPENAT
1500 /* Open and stat the file */
1501 f = Ufopen(filename, "rb");
1505 *error = string_open_failed("included file %s", filename);
1506 return FF_INCLUDEFAIL;
1509 if (fstat(fileno(f), &statbuf) != 0)
1511 *error = string_sprintf("failed to stat included file %s: %s",
1512 filename, strerror(errno));
1514 return FF_INCLUDEFAIL;
1517 /* If directory was checked, double check that we opened a regular file */
1519 if (directory && (statbuf.st_mode & S_IFMT) != S_IFREG)
1521 *error = string_sprintf("included file %s is not a regular file in "
1522 "the %s directory", filename, directory);
1526 /* Get a buffer and read the contents */
1528 if (statbuf.st_size > MAX_INCLUDE_SIZE)
1530 *error = string_sprintf("included file %s is too big (max %d)",
1531 filename, MAX_INCLUDE_SIZE);
1535 filebuf = store_get(statbuf.st_size + 1, is_tainted(filename));
1536 if (fread(filebuf, 1, statbuf.st_size, f) != statbuf.st_size)
1538 *error = string_sprintf("error while reading included file %s: %s",
1539 filename, strerror(errno));
1543 filebuf[statbuf.st_size] = 0;
1547 frc = parse_forward_list(filebuf, options, &addr,
1548 error, incoming_domain, directory, syntax_errors);
1549 if (frc != FF_DELIVERED && frc != FF_NOTDELIVERED) return frc;
1553 for (last = addr; last->next; last = last->next) count++;
1554 last->next = *anchor;
1560 /* Else (not :include:) ensure address is syntactically correct and fully
1561 qualified if not a pipe or a file, removing a leading \ if present on an
1562 unqualified address. For pipes and files we must handle quoting. It's
1563 not quite clear exactly what to do for partially quoted things, but the
1564 common case of having the whole thing in quotes is straightforward. If this
1565 was the case, inquote will have been set TRUE above and the quotes removed.
1567 There is a possible ambiguity over addresses whose local parts start with
1568 a vertical bar or a slash, and the latter do in fact occur, thanks to X.400.
1569 Consider a .forward file that contains the line
1571 /X=xxx/Y=xxx/OU=xxx/@some.gate.way
1573 Is this a file or an X.400 address? Does it make any difference if it is in
1574 quotes? On the grounds that file names of this type are rare, Exim treats
1575 something that parses as an RFC 822 address and has a domain as an address
1576 rather than a file or a pipe. This is also how an address such as the above
1577 would be treated if it came in from outside. */
1581 int start, end, domain;
1582 const uschar *recipient = NULL;
1583 uschar * s_ltd = string_copyn(s, len);
1585 /* If it starts with \ and the rest of it parses as a valid mail address
1586 without a domain, carry on with that address, but qualify it with the
1587 incoming domain. Otherwise arrange for the address to fall through,
1588 causing an error message on the re-parse. */
1593 parse_extract_address(s_ltd+1, error, &start, &end, &domain, FALSE);
1595 recipient = domain != 0 ? NULL :
1596 string_sprintf("%s@%s", recipient, incoming_domain);
1599 /* Try parsing the item as an address. */
1601 if (!recipient) recipient =
1602 parse_extract_address(s_ltd, error, &start, &end, &domain, FALSE);
1604 /* If item starts with / or | and is not a valid address, or there
1605 is no domain, treat it as a file or pipe. If it was a quoted item,
1606 remove the quoting occurrences of \ within it. */
1608 if ((*s_ltd == '|' || *s_ltd == '/') && (recipient == NULL || domain == 0))
1610 uschar *t = store_get(Ustrlen(s_ltd) + 1, is_tainted(s_ltd));
1617 *p++ = (*q == '\\')? *(++q) : *q;
1623 addr = deliver_make_addr(t, TRUE);
1624 setflag(addr, af_pfr); /* indicates pipe/file/reply */
1625 if (*s_ltd != '|') setflag(addr, af_file); /* indicates file */
1628 /* Item must be an address. Complain if not, else qualify, rewrite and set
1629 up the control block. It appears that people are in the habit of using
1630 empty addresses but with comments as a way of putting comments into
1631 alias and forward files. Therefore, ignore the error "empty address".
1632 Mailing lists might want to tolerate syntax errors; there is therefore
1633 an option to do so. */
1639 if (Ustrcmp(*error, "empty address") == 0)
1648 error_block *e = store_get(sizeof(error_block), FALSE);
1649 error_block *last = *syntax_errors;
1650 if (!last) *syntax_errors = e; else
1652 while (last->next) last = last->next;
1663 *error = string_sprintf("%s in \"%s\"", *error, s_ltd);
1668 /* Address was successfully parsed. Rewrite, and then make an address
1671 recipient = ((options & RDO_REWRITE) != 0)?
1672 rewrite_address(recipient, TRUE, FALSE, global_rewrite_rules,
1673 rewrite_existflags) :
1674 rewrite_address_qualify(recipient, TRUE); /*XXX loses track of const */
1675 addr = deliver_make_addr(US recipient, TRUE); /* TRUE => copy recipient, so deconst ok */
1678 /* Add the original data to the output chain. */
1680 addr->next = *anchor;
1685 /* Advance pointer for the next address */
1692 /*************************************************
1693 * Extract a Message-ID *
1694 *************************************************/
1696 /* This function is used to extract message ids from In-Reply-To: and
1697 References: header lines.
1700 str pointer to the start of the message-id
1701 yield put pointer to the message id (in dynamic memory) here
1702 error put error message here on failure
1704 Returns: points after the processed message-id or NULL on error
1708 parse_message_id(const uschar *str, uschar **yield, uschar **error)
1710 uschar *domain = NULL;
1714 str = skip_comment(str);
1717 *error = US"Missing '<' before message-id";
1721 /* Getting a block the size of the input string will definitely be sufficient
1722 for the answer, but it may also be very long if we are processing a header
1723 line. Therefore, take care to release unwanted store afterwards. */
1725 reset_point = store_mark();
1726 id = *yield = store_get(Ustrlen(str) + 1, is_tainted(str));
1729 str = read_addr_spec(str, id, '>', error, &domain);
1733 if (*str != '>') *error = US"Missing '>' after message-id";
1734 else if (domain == NULL) *error = US"domain missing in message-id";
1739 store_reset(reset_point);
1746 store_release_above(id);
1748 return skip_comment(str);
1752 /*************************************************
1753 * Parse a fixed digit number *
1754 *************************************************/
1756 /* Parse a string containing an ASCII encoded fixed digits number
1759 str pointer to the start of the ASCII encoded number
1760 n pointer to the resulting value
1761 digits number of required digits
1763 Returns: points after the processed date or NULL on error
1766 static const uschar *
1767 parse_number(const uschar *str, int *n, int digits)
1772 if (*str<'0' || *str>'9') return NULL;
1773 *n=10*(*n)+(*str++-'0');
1779 /*************************************************
1780 * Parse a RFC 2822 day of week *
1781 *************************************************/
1783 /* Parse the day of the week from a RFC 2822 date, but do not
1784 decode it, because it is only for humans.
1787 str pointer to the start of the day of the week
1789 Returns: points after the parsed day or NULL on error
1792 static const uschar *
1793 parse_day_of_week(const uschar * str)
1796 day-of-week = ([FWS] day-name) / obs-day-of-week
1798 day-name = "Mon" / "Tue" / "Wed" / "Thu" /
1799 "Fri" / "Sat" / "Sun"
1801 obs-day-of-week = [CFWS] day-name [CFWS]
1804 static const uschar *day_name[7]={ US"mon", US"tue", US"wed", US"thu", US"fri", US"sat", US"sun" };
1808 str = skip_comment(str);
1809 for (i = 0; i < 3; ++i)
1811 if ((day[i] = tolower(*str)) == '\0') return NULL;
1815 for (i = 0; i<7; ++i) if (Ustrcmp(day,day_name[i]) == 0) break;
1816 if (i == 7) return NULL;
1817 return skip_comment(str);
1821 /*************************************************
1822 * Parse a RFC 2822 date *
1823 *************************************************/
1825 /* Parse the date part of a RFC 2822 date-time, extracting the
1826 day, month and year.
1829 str pointer to the start of the date
1830 d pointer to the resulting day
1831 m pointer to the resulting month
1832 y pointer to the resulting year
1834 Returns: points after the processed date or NULL on error
1837 static const uschar *
1838 parse_date(const uschar *str, int *d, int *m, int *y)
1841 date = day month year
1843 year = 4*DIGIT / obs-year
1845 obs-year = [CFWS] 2*DIGIT [CFWS]
1847 month = (FWS month-name FWS) / obs-month
1849 month-name = "Jan" / "Feb" / "Mar" / "Apr" /
1850 "May" / "Jun" / "Jul" / "Aug" /
1851 "Sep" / "Oct" / "Nov" / "Dec"
1853 obs-month = CFWS month-name CFWS
1855 day = ([FWS] 1*2DIGIT) / obs-day
1857 obs-day = [CFWS] 1*2DIGIT [CFWS]
1860 const uschar * s, * n;
1861 static const uschar *month_name[]={ US"jan", US"feb", US"mar", US"apr", US"may", US"jun", US"jul", US"aug", US"sep", US"oct", US"nov", US"dec" };
1865 str = skip_comment(str);
1866 if ((str = parse_number(str,d,1)) == NULL) return NULL;
1868 if (*str>='0' && *str<='9') *d = 10*(*d)+(*str++-'0');
1869 s = skip_comment(str);
1870 if (s == str) return NULL;
1873 for (i = 0; i<3; ++i) if ((month[i]=tolower(*(str+i))) == '\0') return NULL;
1875 for (i = 0; i<12; ++i) if (Ustrcmp(month,month_name[i]) == 0) break;
1876 if (i == 12) return NULL;
1879 s = skip_comment(str);
1880 if (s == str) return NULL;
1883 if ((n = parse_number(str,y,4)))
1886 if (*y<1900) return NULL;
1889 else if ((n = parse_number(str,y,2)))
1891 str = skip_comment(n);
1892 while (*(str-1) == ' ' || *(str-1) == '\t') --str; /* match last FWS later */
1900 /*************************************************
1901 * Parse a RFC 2822 Time *
1902 *************************************************/
1904 /* Parse the time part of a RFC 2822 date-time, extracting the
1905 hour, minute, second and timezone.
1908 str pointer to the start of the time
1909 h pointer to the resulting hour
1910 m pointer to the resulting minute
1911 s pointer to the resulting second
1912 z pointer to the resulting timezone (offset in seconds)
1914 Returns: points after the processed time or NULL on error
1917 static const uschar *
1918 parse_time(const uschar *str, int *h, int *m, int *s, int *z)
1921 time = time-of-day FWS zone
1923 time-of-day = hour ":" minute [ ":" second ]
1925 hour = 2DIGIT / obs-hour
1927 obs-hour = [CFWS] 2DIGIT [CFWS]
1929 minute = 2DIGIT / obs-minute
1931 obs-minute = [CFWS] 2DIGIT [CFWS]
1933 second = 2DIGIT / obs-second
1935 obs-second = [CFWS] 2DIGIT [CFWS]
1937 zone = (( "+" / "-" ) 4DIGIT) / obs-zone
1939 obs-zone = "UT" / "GMT" / ; Universal Time
1942 "EST" / "EDT" / ; Eastern: - 5/ - 4
1943 "CST" / "CDT" / ; Central: - 6/ - 5
1944 "MST" / "MDT" / ; Mountain: - 7/ - 6
1945 "PST" / "PDT" / ; Pacific: - 8/ - 7
1947 %d65-73 / ; Military zones - "A"
1948 %d75-90 / ; through "I" and "K"
1949 %d97-105 / ; through "Z", both
1950 %d107-122 ; upper and lower case
1955 str = skip_comment(str);
1956 if ((str = parse_number(str,h,2)) == NULL) return NULL;
1957 str = skip_comment(str);
1958 if (*str!=':') return NULL;
1960 str = skip_comment(str);
1961 if ((str = parse_number(str,m,2)) == NULL) return NULL;
1962 c = skip_comment(str);
1966 str = skip_comment(str);
1967 if ((str = parse_number(str,s,2)) == NULL) return NULL;
1968 c = skip_comment(str);
1970 if (c == str) return NULL;
1972 if (*str == '+' || *str == '-')
1976 neg = (*str == '-');
1978 if ((str = parse_number(str,z,4)) == NULL) return NULL;
1979 *z = (*z/100)*3600+(*z%100)*60;
1985 struct { const char *name; int off; } zone_name[10] =
1986 { {"gmt",0}, {"ut",0}, {"est",-5}, {"edt",-4}, {"cst",-6}, {"cdt",-5}, {"mst",-7}, {"mdt",-6}, {"pst",-8}, {"pdt",-7}};
1989 for (i = 0; i<4; ++i)
1991 zone[i] = tolower(*(str+i));
1992 if (zone[i]<'a' || zone[i]>'z') break;
1995 for (j = 0; j<10 && strcmp(zone,zone_name[j].name); ++j);
1996 /* Besides zones named in the grammar, RFC 2822 says other alphabetic */
1997 /* time zones should be treated as unknown offsets. */
2000 *z = zone_name[j].off*3600;
2003 else if (zone[0]<'a' || zone[1]>'z') return 0;
2006 while ((*str>='a' && *str<='z') || (*str>='A' && *str<='Z')) ++str;
2014 /*************************************************
2015 * Parse a RFC 2822 date-time *
2016 *************************************************/
2018 /* Parse a RFC 2822 date-time and return it in seconds since the epoch.
2021 str pointer to the start of the date-time
2022 t pointer to the parsed time
2024 Returns: points after the processed date-time or NULL on error
2028 parse_date_time(const uschar *str, time_t *t)
2031 date-time = [ day-of-week "," ] date FWS time [CFWS]
2036 extern char **environ;
2038 static char gmt0[]="TZ=GMT0";
2039 static char *gmt_env[]={ gmt0, (char*)0 };
2042 if ((try = parse_day_of_week(str)))
2045 if (*str!=',') return 0;
2048 if ((str = parse_date(str,&tm.tm_mday,&tm.tm_mon,&tm.tm_year)) == NULL) return NULL;
2049 if (*str!=' ' && *str!='\t') return NULL;
2050 while (*str == ' ' || *str == '\t') ++str;
2051 if ((str = parse_time(str,&tm.tm_hour,&tm.tm_min,&tm.tm_sec,&zone)) == NULL) return NULL;
2053 old_environ = environ;
2056 environ = old_environ;
2057 if (*t == -1) return NULL;
2059 return skip_comment(str);
2065 /*************************************************
2066 **************************************************
2067 * Stand-alone test program *
2068 **************************************************
2069 *************************************************/
2071 #if defined STAND_ALONE
2074 int start, end, domain;
2075 uschar buffer[1024];
2078 big_buffer = store_malloc(big_buffer_size);
2080 /* strip_trailing_dot = TRUE; */
2081 allow_domain_literals = TRUE;
2083 printf("Testing parse_fix_phrase\n");
2085 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
2087 buffer[Ustrlen(buffer)-1] = 0;
2088 if (buffer[0] == 0) break;
2089 printf("%s\n", CS parse_fix_phrase(buffer, Ustrlen(buffer)));
2092 printf("Testing parse_extract_address without group syntax and without UTF-8\n");
2094 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
2098 buffer[Ustrlen(buffer) - 1] = 0;
2099 if (buffer[0] == 0) break;
2100 out = parse_extract_address(buffer, &errmess, &start, &end, &domain, FALSE);
2102 printf("*** bad address: %s\n", errmess);
2105 uschar extract[1024];
2106 Ustrncpy(extract, buffer+start, end-start);
2107 extract[end-start] = 0;
2108 printf("%s %d %d %d \"%s\"\n", out, start, end, domain, extract);
2112 printf("Testing parse_extract_address without group syntax but with UTF-8\n");
2114 allow_utf8_domains = TRUE;
2115 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
2119 buffer[Ustrlen(buffer) - 1] = 0;
2120 if (buffer[0] == 0) break;
2121 out = parse_extract_address(buffer, &errmess, &start, &end, &domain, FALSE);
2123 printf("*** bad address: %s\n", errmess);
2126 uschar extract[1024];
2127 Ustrncpy(extract, buffer+start, end-start);
2128 extract[end-start] = 0;
2129 printf("%s %d %d %d \"%s\"\n", out, start, end, domain, extract);
2132 allow_utf8_domains = FALSE;
2134 printf("Testing parse_extract_address with group syntax\n");
2136 f.parse_allow_group = TRUE;
2137 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
2142 buffer[Ustrlen(buffer) - 1] = 0;
2143 if (buffer[0] == 0) break;
2147 uschar *ss = parse_find_address_end(s, FALSE);
2148 int terminator = *ss;
2150 out = parse_extract_address(buffer, &errmess, &start, &end, &domain, FALSE);
2154 printf("*** bad address: %s\n", errmess);
2157 uschar extract[1024];
2158 Ustrncpy(extract, buffer+start, end-start);
2159 extract[end-start] = 0;
2160 printf("%s %d %d %d \"%s\"\n", out, start, end, domain, extract);
2163 s = ss + (terminator? 1:0);
2164 Uskip_whitespace(&s);
2168 printf("Testing parse_find_at\n");
2170 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
2173 buffer[Ustrlen(buffer)-1] = 0;
2174 if (buffer[0] == 0) break;
2175 s = parse_find_at(buffer);
2176 if (s == NULL) printf("no @ found\n");
2177 else printf("offset = %d\n", s - buffer);
2180 printf("Testing parse_extract_addresses\n");
2182 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
2186 address_item *anchor = NULL;
2187 buffer[Ustrlen(buffer) - 1] = 0;
2188 if (buffer[0] == 0) break;
2189 if ((extracted = parse_forward_list(buffer, -1, &anchor,
2190 &errmess, US"incoming.domain", NULL, NULL)) == FF_DELIVERED)
2192 while (anchor != NULL)
2194 address_item *addr = anchor;
2195 anchor = anchor->next;
2196 printf("%d %s\n", testflag(addr, af_pfr), addr->address);
2199 else printf("Failed: %d %s\n", extracted, errmess);
2202 printf("Testing parse_message_id\n");
2204 while (Ufgets(buffer, sizeof(buffer), stdin) != NULL)
2206 uschar *s, *t, *errmess;
2207 buffer[Ustrlen(buffer) - 1] = 0;
2208 if (buffer[0] == 0) break;
2212 s = parse_message_id(s, &t, &errmess);
2213 if (errmess != NULL)
2215 printf("Failed: %s\n", errmess);
2227 /* End of parse.c */