[patch] Possible security hole in Sympa

[Olivier Salaun - CRU <adresse@cachée>]

A bug has been reported by "Frederic ALLIOD" <adresse@cachée> :

The problem occurs when sending a file/message/report to an email
address beginning with a "-". When invoking sendmail, this is considered
by sendmail like an argument which he doesn't understand. Sendmail call
fails and Sympa dies. 


Here is a patch :

Olivier Salaun

*** smtp.pm~    Tue Jun 29 17:21:03 1999
--- smtp.pm     Tue Sep 21 15:32:22 1999
***************
*** 67,72 ****
--- 67,83 ----
     my @t = $rcpt; \@t = $rcpt;
     do_log('debug2', '[smtpto] Msg from %s, %d rcpts',$from, $#t);
  
+    ## Escape "-" at beginning of recepient addresses
+    ## prevent sendmail from taking it as argument
+    if (ref($rcpt) eq 'SCALAR') {
+        $$rcpt =~ s/^-/\\-/;
+    }else {
+        my @emails = @$rcpt;
+        foreach my $i (0..$#emails) {
+          $rcpt->[$i] =~ s/^-/\\-/;
+        }
+    }
+ 
     ## Check how many open smtp's we have, if too many wait for a few
     ## to terminate and then do our job.
     print STDERR "Open = $opensmtp\n" if ($main::opt_d);