From 7644c1d064d9eedd92ab9de643b1c926d9711c2f Mon Sep 17 00:00:00 2001
From: bagyenda <>
Date: Thu, 2 Mar 2006 10:57:19 +0000
Subject: [PATCH] - Added escaping of shell characters in parameters to
sendmail command - Cleanup documentation (colour schemes)
---
mbuni/doc/userguide.shtml | 357 +++++++++++++++++++++++++++++++++-----
mbuni/mmlib/mms_util.c | 44 ++++-
mbuni/mmlib/mms_util.h | 4 +
3 files changed, 357 insertions(+), 48 deletions(-)
diff --git a/mbuni/doc/userguide.shtml b/mbuni/doc/userguide.shtml
index 72c0286..db9b297 100644
--- a/mbuni/doc/userguide.shtml
+++ b/mbuni/doc/userguide.shtml
@@ -663,23 +663,20 @@ max-send-threads
= 5
send-mail-prog
-= /usr/sbin/sendmail -f '%f' '%t'
+= /usr/sbin/sendmail -f %f %t
...
The table below -lists all the configuration directives. Items in black are used by - both modes of operation, while those in blue - are used only when - operating in VAS Gateway mode, and those in red when +lists all the configuration directives. The column Mode + indicates operation mode in which the parameter is applicable: + Config params marked VAS GW + are only applicable when + operating in VAS Gateway mode, while those marked MMSC + are only applicable when operating in - MMSC mode.
+ MMSC mode. The rest are used in both modes.+ Mode + | +Type | @@ -697,6 +699,11 @@ lists all the configuration directives. Items in black are used by||||||||
group | ++ ALL + + | +mbuni | @@ -706,20 +713,35 @@ lists all the configuration directives. Items in black are used by|||||||
name | + ++ ALL + + | + +string | +User-friendly name for the Gateway, used in notices, etc | ||||||
hostname | ++ MMSC + + | +string | @@ -729,10 +751,16 @@ lists all the configuration directives. Items in black are used by Email or to a foreign MMSC via SMTP. Defaults to localhost|||||||
host-alias | + ++ MMSC + + | +string | @@ -747,11 +775,17 @@ lists all the configuration directives. Items in black are used by notifications. If you do not supply a host alias, the gateway will create a long form URL (http://hostname:port/msgtoken) when it sends notifications|||||||
local-mmsc-domains | + ++ MMSC + + | +List of Internet domains (comma separated) @@ -762,9 +796,16 @@ lists all the configuration directives. Items in black are used by or MMS messages received destined to these domains should be treated as local | |||||||
local-prefixes | + + ++ MMSC + + | +Number prefix list @@ -780,6 +821,12 @@ lists all the configuration directives. Items in black are used by storage-directory | + ++ ALL + + | +Directory name (string) @@ -794,6 +841,12 @@ lists all the configuration directives. Items in black are used by | max-send-threads | + ++ ALL + + | +Number | @@ -803,10 +856,16 @@ lists all the configuration directives. Items in black are used by faster.||
send-mail-prog | + ++ MMSC + + | +String | @@ -815,7 +874,9 @@ lists all the configuration directives. Items in black are used by (MMS-to-email or to foreign MMS gateways via SMTP). This command can include variables: %f – replaced with the message from address, %t – replaced with the recipient address (RFC 822 compliant), %s – the message subject, %m - – the message ID + – the message ID. (NOTE: Special shell characters — + &, |, $, (, ), and so on &mdash are escaped + after variable substitution, hence parameter quoting is not necessary.)|||||||
+ ALL + + | +Number list | @@ -841,6 +908,12 @@ lists all the configuration directives. Items in black are used by maximum-send-attempts + ++ ALL + + | +integer | @@ -855,6 +928,12 @@ lists all the configuration directives. Items in black are used by default-message-expiry + ++ ALL + + | +Integer | @@ -869,6 +948,12 @@ lists all the configuration directives. Items in black are used by queue-run-interval + ++ ALL + + | +Real | @@ -882,6 +967,12 @@ lists all the configuration directives. Items in black are used by send-attempt-back-off + ++ ALL + + | +Integer | @@ -890,10 +981,16 @@ lists all the configuration directives. Items in black are used by delivery attempts, when a delivery attempt fails.
sendsms-url | + ++ MMSC + + | +String | @@ -904,11 +1001,16 @@ lists all the configuration directives. Items in black are used by parameters (udh, from, to, text, etc.)|||||||
sendsms-username | ++ MMSC + + | +String | @@ -917,10 +1019,15 @@ lists all the configuration directives. Items in black are used by pass (for authentication) to send-sms URL|||||||
sendsms-password | ++ MMSC + + | +String | @@ -929,10 +1036,15 @@ lists all the configuration directives. Items in black are used by pass (for authentication) to send-sms URL|||||||
sendsms-global-sender | ++ MMSC + + | +String | @@ -941,11 +1053,16 @@ lists all the configuration directives. Items in black are used by (to field) to use in send sms url|||||||
mms-port | ++ MMSC + + | +Integer | @@ -956,11 +1073,17 @@ lists all the configuration directives. Items in black are used by|||||||
mm7-port | + ++ MMSC + + | +Integer | @@ -975,6 +1098,12 @@ lists all the configuration directives. Items in black are used byallow-ip | + ++ ALL + + | +List of IP addresses @@ -993,6 +1122,12 @@ lists all the configuration directives. Items in black are used by | deny-ip | + ++ ALL + + | +List of IP addresses @@ -1005,10 +1140,16 @@ lists all the configuration directives. Items in black are used by | |
mms-client-msisdn-header | + ++ MMSC + + | +String | @@ -1021,10 +1162,16 @@ lists all the configuration directives. Items in black are used by (default header name is X-WAP-Network-Client-MSISDN)|||||||
mms-client-ip-header | + ++ MMSC + + | +String | @@ -1040,10 +1187,16 @@ lists all the configuration directives. Items in black are used by|||||||
allow-ip-type | + ++ MMSC + + | +Boolean | @@ -1052,10 +1205,16 @@ lists all the configuration directives. Items in black are used by senders identified by IP address (i.e. not by MSISDN). Default: True.|||||||
optimize-notification-size | + ++ MMSC + + | +Boolean | @@ -1065,10 +1224,16 @@ lists all the configuration directives. Items in black are used by fields. Default: false|||||||
content-adaptation | + ++ MMSC + + | +Boolean | @@ -1079,10 +1244,16 @@ lists all the configuration directives. Items in black are used by|||||||
email2mms-relay-hosts | + ++ MMSC + + | +Number list | @@ -1100,10 +1271,16 @@ lists all the configuration directives. Items in black are used by queued, otherwise it is discarded.|||||||
billing-library | + ++ MMSC + + | +String | @@ -1114,10 +1291,16 @@ lists all the configuration directives. Items in black are used by generation. See mms_billing.h for details.|||||||
billing-module-parameters | + ++ MMSC + + | +String | @@ -1128,10 +1311,16 @@ lists all the configuration directives. Items in black are used by|||||||
resolver-library | + ++ MMSC + + | +String | @@ -1145,10 +1334,16 @@ lists all the configuration directives. Items in black are used by mms_resolve.h for details.|||||||
resolver-module-parameters | + ++ MMSC + + | +String | @@ -1159,13 +1354,19 @@ lists all the configuration directives. Items in black are used by|||||||
detokenizer-library | String | + ++ MMSC + + | +Optional library containing functions for finding MSISDN from request URL @@ -1176,10 +1377,16 @@ lists all the configuration directives. Items in black are used by mms_detokenize.h for details. | ||||||
detokenizer-module-parameters | + ++ MMSC + + | +String | @@ -1190,10 +1397,16 @@ lists all the configuration directives. Items in black are used by|||||||
prov-server-notify-script | + ++ MMSC + + | +String | @@ -1207,10 +1420,16 @@ lists all the configuration directives. Items in black are used by failed fetch provides a description of the error (e.g. message expired).|||||||
prov-server-sub-status-script | + ++ MMSC + + | +string | @@ -1225,10 +1444,16 @@ lists all the configuration directives. Items in black are used by mmsrelay will deliver the message (see below).|||||||
notify-unprovisioned | + ++ MMSC + + | +Boolean | @@ -1238,23 +1463,35 @@ lists all the configuration directives. Items in black are used by (e.g. SMS) when an MMS message is received for them.|||||||
mms-notify-text | String | + ++ MMSC + + | +Message to send to device that does not support MMS, when a message is received for the user. This message is sent as plain SMS via the Send SMS URL specified above. | ||||||
mms-notify-unprovisioned-text | + ++ MMSC + + | +String | @@ -1264,10 +1501,16 @@ lists all the configuration directives. Items in black are used by notify-unprovisioned is true).|||||||
mms-message-too-large-txt | + ++ MMSC + + | +String | @@ -1279,10 +1522,16 @@ lists all the configuration directives. Items in black are used by part of an MMS message.|||||||
mms-to-email-html | + ++ MMSC + + | +string | @@ -1296,10 +1545,16 @@ lists all the configuration directives. Items in black are used by is tagged at the bottom of the HTML.|||||||
mms-to-email-txt | + ++ MMSC + + | +String | @@ -1311,10 +1566,16 @@ lists all the configuration directives. Items in black are used by|||||||
sendmms-port | + ++ VAS GW + + | +number | @@ -1323,10 +1584,16 @@ lists all the configuration directives. Items in black are used by requests. (Optional.)|||||||
sendmms-port-ssl | + ++ VAS GW + + | +Boolean | diff --git a/mbuni/mmlib/mms_util.c b/mbuni/mmlib/mms_util.c index 1c17b81..efdf9fc 100644 --- a/mbuni/mmlib/mms_util.c +++ b/mbuni/mmlib/mms_util.c @@ -637,6 +637,7 @@ static int send2email(Octstr *to, Octstr *from, Octstr *subject, i = 0; for (;;) { + Octstr *tmp; while (sendmail_cmd[i]) { char c = sendmail_cmd[i]; if (c == '%' && sendmail_cmd[i + 1]) @@ -649,22 +650,37 @@ static int send2email(Octstr *to, Octstr *from, Octstr *subject, switch(sendmail_cmd[i+1]) { case 't': - octstr_append(cmd, to); + tmp = octstr_duplicate(to); + escape_shell_chars(tmp); + octstr_append(cmd, tmp); + octstr_destroy(tmp); break; case 'f': if (append_hostname) { Octstr *xfrom = octstr_duplicate(from); addmmscname(xfrom, myhostname); + escape_shell_chars(xfrom); + octstr_append(cmd, xfrom); octstr_destroy(xfrom); - } else - octstr_append(cmd, from); + } else { + tmp = octstr_duplicate(from); + escape_shell_chars(tmp); + octstr_append(cmd, tmp); + octstr_destroy(tmp); + } break; case 's': + tmp = octstr_duplicate(subject); + escape_shell_chars(tmp); octstr_append(cmd, subject); + octstr_destroy(tmp); break; case 'm': + tmp = octstr_duplicate(msgid); + escape_shell_chars(tmp); octstr_append(cmd, msgid); + octstr_destroy(tmp); break; case '%': octstr_format_append(cmd, "%%"); @@ -1019,3 +1035,25 @@ int is_allowed_host(Octstr *host, Octstr *host_list) return ret; } + +#define SHELLCHARS "'|\"()[]{}$&!?*><%`\n \t" +void escape_shell_chars(Octstr *str) +{ + Octstr *tmp; + int i, n, prev; + + octstr_strip_blanks(str); + + tmp = octstr_duplicate(str); + octstr_delete(str, 0, octstr_len(str)); + + for (i = 0, prev=0, n = octstr_len(tmp); i < n; i++) { + int ch = octstr_get_char(tmp,i); + + if (strchr(SHELLCHARS, ch) != NULL && prev != '\\') + octstr_append_char(str, '\\'); + octstr_append_char(str, ch); + prev = ch; + } + octstr_destroy(tmp); +} diff --git a/mbuni/mmlib/mms_util.h b/mbuni/mmlib/mms_util.h index 85f687b..2dd0e42 100644 --- a/mbuni/mmlib/mms_util.h +++ b/mbuni/mmlib/mms_util.h @@ -143,6 +143,10 @@ void _mms_fixup_address(Octstr *address); /* Check that host is one of hosts in semi-colon separated list in host_list */ int is_allowed_host(Octstr *host, Octstr *host_list); + +/* escape (backlash) special shell characters. */ +void escape_shell_chars(Octstr *str); + #define MAXQTRIES 100 #define BACKOFF_FACTOR 5*60 /* In seconds */ #define QUEUERUN_INTERVAL 15*60 /* 15 minutes. */