From 9984ae5cb0ea0d61df1612b06952a61323c083d9 Mon Sep 17 00:00:00 2001 From: Florian Weimer Date: Mon, 17 Nov 2014 11:13:38 +0100 Subject: [PATCH 1/4] outof: Introduce expandaddr flag Document that address expansion is disabled unless the expandaddr binary option is set. This has been assigned CVE-2014-7844 for BSD mailx, but it is not a vulnerability in Heirloom mailx because this feature was documented. This patch is taken from ftp://ftp.debian.org/debian/pool/main/h/heirloom-mailx/heirloom-mailx_12.5-5.debian.tar.xz Upstream-Status: Inappropriate [upstream is dead] CVE: CVE-2014-7844 --- mailx.1 | 14 ++++++++++++++ names.c | 3 +++ 2 files changed, 17 insertions(+) diff --git a/mailx.1 b/mailx.1 index 70a7859..22a171b 100644 --- a/mailx.1 +++ b/mailx.1 @@ -656,6 +656,14 @@ but any reply returned to the machine will have the system wide alias expanded as all mail goes through sendmail. .SS "Recipient address specifications" +If the +.I expandaddr +option is not set (the default), recipient addresses must be names of +local mailboxes or Internet mail addresses. +.PP +If the +.I expandaddr +option is set, the following rules apply: When an address is used to name a recipient (in any of To, Cc, or Bcc), names of local mail folders @@ -2391,6 +2399,12 @@ and exits immediately. If this option is set, \fImailx\fR starts even with an empty mailbox. .TP +.B expandaddr +Causes +.I mailx +to expand message recipient addresses, as explained in the section, +Recipient address specifications. +.TP .B flipr Exchanges the .I Respond diff --git a/names.c b/names.c index 66e976b..c69560f 100644 --- a/names.c +++ b/names.c @@ -268,6 +268,9 @@ outof(struct name *names, FILE *fo, struct header *hp) FILE *fout, *fin; int ispipe; + if (value("expandaddr") == NULL) + return names; + top = names; np = names; time(&now); -- 1.9.3