From 877bb325611c6f9a7ce1ead0259776b762d672e6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Fonseca?= <jrfonseca@users.sourceforge.net>
Date: Thu, 10 Mar 2005 13:43:17 +0000
Subject: Do not pass multiple address to the MDA quoted as a single argument
 (Kusanagi Kouichi).

---
 NEWS    |  3 +++
 local.c | 20 ++++++++++++--------
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/NEWS b/NEWS
index cd698ae..8f65fe3 100644
--- a/NEWS
+++ b/NEWS
@@ -16,6 +16,9 @@ News
     by adding a qualifying domain name. Allow forcing envelope-from and Sender
     headers. Drop possible admin-added sgid priveleges to be dropped after
     reading the config. (Bernhard Link)
+
+    * Do not pass multiple address to the MDA quoted as a single argument
+    (Kusanagi Kouichi).
   
 
   * Version 0.5.0 (2003-11-14):
diff --git a/local.c b/local.c
index f7a51c6..0937178 100644
--- a/local.c
+++ b/local.c
@@ -59,6 +59,7 @@ void local_init(message_t *message)
 	if (strstr(before, "%T"))
 	{
 		struct list_head *ptr;
+		char *p;
 
 		/*
 		 * We go through this in order to be able to handle very
@@ -71,21 +72,26 @@ void local_init(message_t *message)
 			
 			assert(recipient->address);
 			
-			nameslen += (strlen(recipient->address) + 1);	/* string + ' ' */
+			nameslen += (strlen(recipient->address) + 3);	/* string + quotes + ' ' */
 		}
 
 		names = (char *)xmalloc(nameslen + 1);		/* account for '\0' */
-		names[0] = '\0';
+		p = names;
 		list_for_each(ptr, &message->local_recipients)
 		{
 			recipient_t *recipient = list_entry(ptr, recipient_t, list);
+			int written;
 			
-			strcat(names, recipient->address);
-			strcat(names, " ");
+			sanitize(recipient->address);
+			written = sprintf(p, "'%s' ", recipient->address);
+			if (written < 0)
+			{
+				perror(NULL);
+				exit(EX_OSERR);
+			}
+			p += written;
 		}
 		names[--nameslen] = '\0';		/* chop trailing space */
-
-		sanitize(names);
 	}
 
 	/* get From address for %F */
@@ -129,10 +135,8 @@ void local_init(message_t *message)
 			/* need to expand? BTW, no here overflow, because in
 			** the worst case (end of string) sp[1] == '\0' */
 			if (sp[1] == 'T') {
-				*dp++ = '\'';
 				strcpy(dp, names);
 				dp += nameslen;
-				*dp++ = '\'';
 				sp++;		/* position sp over [sT] */
 				dp--;		/* adjust dp */
 			} else if (sp[1] == 'F') {
-- 
cgit v1.2.3