From 8880f84e1a8f9642b883e429588e26f928711245 Mon Sep 17 00:00:00 2001
From: Steve Holme <steve_holme@hotmail.com>
Date: Sun, 22 Sep 2013 15:05:43 +0100
Subject: [PATCH] ftpserver.pl: Expanded the SMTP RCPT handler to validate TO
 addresses

RCPT_smtp() will now check for a correctly formatted TO address which
allows for invalid recipient addresses to be added.
---
 tests/ftpserver.pl | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/tests/ftpserver.pl b/tests/ftpserver.pl
index 588f98d5d1..be2d545ba5 100755
--- a/tests/ftpserver.pl
+++ b/tests/ftpserver.pl
@@ -849,13 +849,22 @@ sub RCPT_smtp {
 
     logmsg "RCPT_smtp got $args\n";
 
+    # Get the TO parameter
     if($args !~ /^TO:(.*)/) {
         sendcontrol "501 Unrecognized parameter\r\n";
     }
     else {
         $smtp_rcpt = $1;
 
-        sendcontrol "250 Recipient OK\r\n";
+        # Validate the to address (only a valid email address inside <> is
+        # allowed, such as <user@example.com>)
+        if ($smtp_rcpt !~
+            /^<([a-zA-Z0-9._%+-]+)\@([a-zA-Z0-9.-]+).([a-zA-Z]{2,4})>$/) {
+            sendcontrol "501 Invalid address\r\n";
+        }
+        else {
+            sendcontrol "250 Recipient OK\r\n";
+        }
     }
 
     return 0;
-- 
2.47.2