[RFC PATCH] git-send-email: Validate recipient_cmd (to-cmd, cc-cmd) addresses

Joe Perches <joe@xxxxxxxxxxx> · Wed, 20 Apr 2011 14:50:53 -0700

On Wed, 2011-04-20 at 12:45 -0300, Thiago Farina wrote:
> On Wed, Apr 20, 2011 at 12:03 AM, Joe Perches <joe@xxxxxxxxxxx> wrote:
> > On Tue, 2011-04-19 at 16:52 -0500, Jonathan Nieder wrote:
> >> Thiago Farina wrote:
> >> > when I run:
> >> > $ git send-email --to linux-kernel@xxxxxxxxxxxxxxx --cc-cmd
> >> > scripts/get_maintainer.pl foo
> >> > I'm getting some lines like:
> >> > Use of uninitialized value $cc in string eq at
> >> > /home/tfarina/libexec/git-core/git-send-email line 964.
> >> Yes, sounds like a bug.  Cc-ing some send-email people for tips.

Perhaps some patch like this.

Validate the address(es) returned from recipient_cmd.
Die if the output contains an invalid address.

Signed-off-by: Joe Perches <joe@xxxxxxxxxxx>
---
 git-send-email.perl |   18 ++++++++++++------
 1 files changed, 12 insertions(+), 6 deletions(-)

diff --git a/git-send-email.perl b/git-send-email.perl
index 76565de..9273cf2 100755
--- a/git-send-email.perl
+++ b/git-send-email.perl
@@ -870,10 +870,14 @@ sub is_rfc2047_quoted {
 # use the simplest quoting being able to handle the recipient
 sub sanitize_address {
 	my ($recipient) = @_;
-	my ($recipient_name, $recipient_addr) = ($recipient =~ /^(.*?)\s*(<.*)/);
+	my ($recipient_name, $recipient_addr) = ($recipient =~ /^\s*(.*?)\s*(<[^>]+>)/);
 
 	if (not $recipient_name) {
-		return $recipient;
+		return $recipient_addr if ($recipient_addr);
+		if ($recipient =~ /^\s*(.+\@\S*).*$/) {
+			return $1;
+		}
+		return "";
 	}
 
 	# if recipient_name is already quoted, do nothing
@@ -1343,11 +1347,13 @@ sub recipients_cmd {
 	while (my $address = <$fh>) {
 		$address =~ s/^\s*//g;
 		$address =~ s/\s*$//g;
-		$address = sanitize_address($address);
-		next if ($address eq $sanitized_sender and $suppress_from);
-		push @addresses, $address;
+		my $sanitized_address = sanitize_address($address);
+		next if ($sanitized_address eq $sanitized_sender and $suppress_from);
+		die "($prefix) '$cmd' returned invalid address: '$address'\n"
+			if ($address =~ /.*${sanitized_address}.+/);
+		push @addresses, $sanitized_address;
 		printf("($prefix) Adding %s: %s from: '%s'\n",
-		       $what, $address, $cmd) unless $quiet;
+		       $what, $sanitized_address, $cmd) unless $quiet;
 		}
 	close $fh
 	    or die "($prefix) failed to close pipe to '$cmd'";


--
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html





