]> git.kaiwu.me - nginx.git/commit
projects / nginx.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: a1d1828) | patch
Mail: host validation.
authorRoman Arutyunyan <arut@nginx.com>
Thu, 26 Feb 2026 07:52:53 +0000 (11:52 +0400)
committerRoman Arutyunyan <arutyunyan.roman@gmail.com>
Tue, 24 Mar 2026 18:33:23 +0000 (22:33 +0400)
commit6a8513761fb327f67fcc6cfcf1ad216887e2589f
treed13355e714c45c06beae0361e2abff5c33c34d0etree | snapshot
parenta1d18284e0a173c4ef2b28425535d0f640ae0a82commit | diff
Mail: host validation.

Now host name resolved from client address is validated to only contain
the characters specified in RFC 1034, Section 3.5.  The validation allows
to avoid injections when using the resolved host name in auth_http and
smtp proxy.

Reported by Asim Viladi Oglu Manizada, Colin Warren,
Xiao Liu (Yunnan University), Yuan Tan (UC Riverside), and
Bird Liu (Lanzhou University).
src/mail/ngx_mail_smtp_handler.c diff | blob | history
nginx upstream