usr/src/cmd/sendmail/src/headers.c

root/usr/src/cmd/sendmail/src/headers.c
/*
 * Copyright (c) 1998-2004, 2006, 2007 Sendmail, Inc. and its suppliers.
 *      All rights reserved.
 * Copyright (c) 1983, 1995-1997 Eric P. Allman.  All rights reserved.
 * Copyright (c) 1988, 1993
 *      The Regents of the University of California.  All rights reserved.
 *
 * By using this file, you agree to the terms and conditions set
 * forth in the LICENSE file which can be found at the top level of
 * the sendmail distribution.
 *
 */

#include <sendmail.h>
#include <sm/sendmail.h>

SM_RCSID("@(#)$Id: headers.c,v 8.317 2008/08/27 20:11:55 gshapiro Exp $")

static HDR      *allocheader __P((char *, char *, int, SM_RPOOL_T *, bool));
static size_t   fix_mime_header __P((HDR *, ENVELOPE *));
static int      priencode __P((char *));
static bool     put_vanilla_header __P((HDR *, char *, MCI *));

/*
**  SETUPHEADERS -- initialize headers in symbol table
**
**      Parameters:
**              none
**
**      Returns:
**              none
*/

void
setupheaders()
{
        struct hdrinfo *hi;
        STAB *s;

        for (hi = HdrInfo; hi->hi_field != NULL; hi++)
        {
                s = stab(hi->hi_field, ST_HEADER, ST_ENTER);
                s->s_header.hi_flags = hi->hi_flags;
                s->s_header.hi_ruleset = NULL;
        }
}

/*
**  DOCHOMPHEADER -- process and save a header line.
**
**      Called by chompheader.
**
**      Parameters:
**              line -- header as a text line.
**              pflag -- flags for chompheader() (from sendmail.h)
**              hdrp -- a pointer to the place to save the header.
**              e -- the envelope including this header.
**
**      Returns:
**              flags for this header.
**
**      Side Effects:
**              The header is saved on the header list.
**              Contents of 'line' are destroyed.
*/

static struct hdrinfo   NormalHeader =  { NULL, 0, NULL };
static unsigned long    dochompheader __P((char *, int, HDR **, ENVELOPE *));

static unsigned long
dochompheader(line, pflag, hdrp, e)
        char *line;
        int pflag;
        HDR **hdrp;
        ENVELOPE *e;
{
        unsigned char mid = '\0';
        register char *p;
        register HDR *h;
        HDR **hp;
        char *fname;
        char *fvalue;
        bool cond = false;
        bool dropfrom;
        bool headeronly;
        STAB *s;
        struct hdrinfo *hi;
        bool nullheader = false;
        BITMAP256 mopts;

        headeronly = hdrp != NULL;
        if (!headeronly)
                hdrp = &e->e_header;

        /* strip off options */
        clrbitmap(mopts);
        p = line;
        if (!bitset(pflag, CHHDR_USER) && *p == '?')
        {
                int c;
                register char *q;

                q = strchr(++p, '?');
                if (q == NULL)
                        goto hse;

                *q = '\0';
                c = *p & 0377;

                /* possibly macro conditional */
                if (c == MACROEXPAND)
                {
                        /* catch ?$? */
                        if (*++p == '\0')
                        {
                                *q = '?';
                                goto hse;
                        }

                        mid = (unsigned char) *p++;

                        /* catch ?$abc? */
                        if (*p != '\0')
                        {
                                *q = '?';
                                goto hse;
                        }
                }
                else if (*p == '$')
                {
                        /* catch ?$? */
                        if (*++p == '\0')
                        {
                                *q = '?';
                                goto hse;
                        }

                        mid = (unsigned char) macid(p);
                        if (bitset(0200, mid))
                        {
                                p += strlen(macname(mid)) + 2;
                                SM_ASSERT(p <= q);
                        }
                        else
                                p++;

                        /* catch ?$abc? */
                        if (*p != '\0')
                        {
                                *q = '?';
                                goto hse;
                        }
                }
                else
                {
                        while (*p != '\0')
                        {
                                if (!isascii(*p))
                                {
                                        *q = '?';
                                        goto hse;
                                }

                                setbitn(bitidx(*p), mopts);
                                cond = true;
                                p++;
                        }
                }
                p = q + 1;
        }

        /* find canonical name */
        fname = p;
        while (isascii(*p) && isgraph(*p) && *p != ':')
                p++;
        fvalue = p;
        while (isascii(*p) && isspace(*p))
                p++;
        if (*p++ != ':' || fname == fvalue)
        {
hse:
                syserr("553 5.3.0 header syntax error, line \"%s\"", line);
                return 0;
        }
        *fvalue = '\0';
        fvalue = p;

        /* if the field is null, go ahead and use the default */
        while (isascii(*p) && isspace(*p))
                p++;
        if (*p == '\0')
                nullheader = true;

        /* security scan: long field names are end-of-header */
        if (strlen(fname) > 100)
                return H_EOH;

        /* check to see if it represents a ruleset call */
        if (bitset(pflag, CHHDR_DEF))
        {
                char hbuf[50];

                (void) expand(fvalue, hbuf, sizeof(hbuf), e);
                for (p = hbuf; isascii(*p) && isspace(*p); )
                        p++;
                if ((*p++ & 0377) == CALLSUBR)
                {
                        auto char *endp;
                        bool strc;

                        strc = *p == '+';       /* strip comments? */
                        if (strc)
                                ++p;
                        if (strtorwset(p, &endp, ST_ENTER) > 0)
                        {
                                *endp = '\0';
                                s = stab(fname, ST_HEADER, ST_ENTER);
                                if (LogLevel > 9 &&
                                    s->s_header.hi_ruleset != NULL)
                                        sm_syslog(LOG_WARNING, NOQID,
                                                  "Warning: redefined ruleset for header=%s, old=%s, new=%s",
                                                  fname,
                                                  s->s_header.hi_ruleset, p);
                                s->s_header.hi_ruleset = newstr(p);
                                if (!strc)
                                        s->s_header.hi_flags |= H_STRIPCOMM;
                        }
                        return 0;
                }
        }

        /* see if it is a known type */
        s = stab(fname, ST_HEADER, ST_FIND);
        if (s != NULL)
                hi = &s->s_header;
        else
                hi = &NormalHeader;

        if (tTd(31, 9))
        {
                if (s == NULL)
                        sm_dprintf("no header flags match\n");
                else
                        sm_dprintf("header match, flags=%lx, ruleset=%s\n",
                                   hi->hi_flags,
                                   hi->hi_ruleset == NULL ? "<NULL>"
                                                          : hi->hi_ruleset);
        }

        /* see if this is a resent message */
        if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
            bitset(H_RESENT, hi->hi_flags))
                e->e_flags |= EF_RESENT;

        /* if this is an Errors-To: header keep track of it now */
        if (UseErrorsTo && !bitset(pflag, CHHDR_DEF) && !headeronly &&
            bitset(H_ERRORSTO, hi->hi_flags))
                (void) sendtolist(fvalue, NULLADDR, &e->e_errorqueue, 0, e);

        /* if this means "end of header" quit now */
        if (!headeronly && bitset(H_EOH, hi->hi_flags))
                return hi->hi_flags;

        /*
        **  Horrible hack to work around problem with Lotus Notes SMTP
        **  mail gateway, which generates From: headers with newlines in
        **  them and the <address> on the second line.  Although this is
        **  legal RFC 822, many MUAs don't handle this properly and thus
        **  never find the actual address.
        */

        if (bitset(H_FROM, hi->hi_flags) && SingleLineFromHeader)
        {
                while ((p = strchr(fvalue, '\n')) != NULL)
                        *p = ' ';
        }

        /*
        **  If there is a check ruleset, verify it against the header.
        */

        if (bitset(pflag, CHHDR_CHECK))
        {
                int rscheckflags;
                char *rs;

                rscheckflags = RSF_COUNT;
                if (!bitset(hi->hi_flags, H_FROM|H_RCPT))
                        rscheckflags |= RSF_UNSTRUCTURED;

                /* no ruleset? look for default */
                rs = hi->hi_ruleset;
                if (rs == NULL)
                {
                        s = stab("*", ST_HEADER, ST_FIND);
                        if (s != NULL)
                        {
                                rs = (&s->s_header)->hi_ruleset;
                                if (bitset((&s->s_header)->hi_flags,
                                           H_STRIPCOMM))
                                        rscheckflags |= RSF_RMCOMM;
                        }
                }
                else if (bitset(hi->hi_flags, H_STRIPCOMM))
                        rscheckflags |= RSF_RMCOMM;
                if (rs != NULL)
                {
                        int l, k;
                        char qval[MAXNAME];

                        l = 0;
                        qval[l++] = '"';

                        /* - 3 to avoid problems with " at the end */
                        /* should be sizeof(qval), not MAXNAME */
                        for (k = 0; fvalue[k] != '\0' && l < MAXNAME - 3; k++)
                        {
                                switch (fvalue[k])
                                {
                                  /* XXX other control chars? */
                                  case '\011': /* ht */
                                  case '\012': /* nl */
                                  case '\013': /* vt */
                                  case '\014': /* np */
                                  case '\015': /* cr */
                                        qval[l++] = ' ';
                                        break;
                                  case '"':
                                        qval[l++] = '\\';
                                        /* FALLTHROUGH */
                                  default:
                                        qval[l++] = fvalue[k];
                                        break;
                                }
                        }
                        qval[l++] = '"';
                        qval[l] = '\0';
                        k += strlen(fvalue + k);
                        if (k >= MAXNAME)
                        {
                                if (LogLevel > 9)
                                        sm_syslog(LOG_WARNING, e->e_id,
                                                  "Warning: truncated header '%s' before check with '%s' len=%d max=%d",
                                                  fname, rs, k, MAXNAME - 1);
                        }
                        macdefine(&e->e_macro, A_TEMP,
                                macid("{currHeader}"), qval);
                        macdefine(&e->e_macro, A_TEMP,
                                macid("{hdr_name}"), fname);

                        (void) sm_snprintf(qval, sizeof(qval), "%d", k);
                        macdefine(&e->e_macro, A_TEMP, macid("{hdrlen}"), qval);
                        if (bitset(H_FROM, hi->hi_flags))
                                macdefine(&e->e_macro, A_PERM,
                                        macid("{addr_type}"), "h s");
                        else if (bitset(H_RCPT, hi->hi_flags))
                                macdefine(&e->e_macro, A_PERM,
                                        macid("{addr_type}"), "h r");
                        else
                                macdefine(&e->e_macro, A_PERM,
                                        macid("{addr_type}"), "h");
                        (void) rscheck(rs, fvalue, NULL, e, rscheckflags, 3,
                                       NULL, e->e_id, NULL);
                }
        }

        /*
        **  Drop explicit From: if same as what we would generate.
        **  This is to make MH (which doesn't always give a full name)
        **  insert the full name information in all circumstances.
        */

        dropfrom = false;
        p = "resent-from";
        if (!bitset(EF_RESENT, e->e_flags))
                p += 7;
        if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
            !bitset(EF_QUEUERUN, e->e_flags) && sm_strcasecmp(fname, p) == 0)
        {
                if (tTd(31, 2))
                {
                        sm_dprintf("comparing header from (%s) against default (%s or %s)\n",
                                fvalue, e->e_from.q_paddr, e->e_from.q_user);
                }
                if (e->e_from.q_paddr != NULL &&
                    e->e_from.q_mailer != NULL &&
                    bitnset(M_LOCALMAILER, e->e_from.q_mailer->m_flags) &&
                    (strcmp(fvalue, e->e_from.q_paddr) == 0 ||
                     strcmp(fvalue, e->e_from.q_user) == 0))
                        dropfrom = true;
        }

        /* delete default value for this header */
        for (hp = hdrp; (h = *hp) != NULL; hp = &h->h_link)
        {
                if (sm_strcasecmp(fname, h->h_field) == 0 &&
                    !bitset(H_USER, h->h_flags) &&
                    !bitset(H_FORCE, h->h_flags))
                {
                        if (nullheader)
                        {
                                /* user-supplied value was null */
                                return 0;
                        }
                        if (dropfrom)
                        {
                                /* make this look like the user entered it */
                                h->h_flags |= H_USER;
                                return hi->hi_flags;
                        }
                        h->h_value = NULL;
                        if (!cond)
                        {
                                /* copy conditions from default case */
                                memmove((char *) mopts, (char *) h->h_mflags,
                                        sizeof(mopts));
                        }
                        h->h_macro = mid;
                }
        }

        /* create a new node */
        h = (HDR *) sm_rpool_malloc_x(e->e_rpool, sizeof(*h));
        h->h_field = sm_rpool_strdup_x(e->e_rpool, fname);
        h->h_value = sm_rpool_strdup_x(e->e_rpool, fvalue);
        h->h_link = NULL;
        memmove((char *) h->h_mflags, (char *) mopts, sizeof(mopts));
        h->h_macro = mid;
        *hp = h;
        h->h_flags = hi->hi_flags;
        if (bitset(pflag, CHHDR_USER) || bitset(pflag, CHHDR_QUEUE))
                h->h_flags |= H_USER;

        /* strip EOH flag if parsing MIME headers */
        if (headeronly)
                h->h_flags &= ~H_EOH;
        if (bitset(pflag, CHHDR_DEF))
                h->h_flags |= H_DEFAULT;
        if (cond || mid != '\0')
                h->h_flags |= H_CHECK;

        /* hack to see if this is a new format message */
        if (!bitset(pflag, CHHDR_DEF) && !headeronly &&
            bitset(H_RCPT|H_FROM, h->h_flags) &&
            (strchr(fvalue, ',') != NULL || strchr(fvalue, '(') != NULL ||
             strchr(fvalue, '<') != NULL || strchr(fvalue, ';') != NULL))
        {
                e->e_flags &= ~EF_OLDSTYLE;
        }

        return h->h_flags;
}

/*
**  CHOMPHEADER -- process and save a header line.
**
**      Called by collect, readcf, and readqf to deal with header lines.
**      This is just a wrapper for dochompheader().
**
**      Parameters:
**              line -- header as a text line.
**              pflag -- flags for chompheader() (from sendmail.h)
**              hdrp -- a pointer to the place to save the header.
**              e -- the envelope including this header.
**
**      Returns:
**              flags for this header.
**
**      Side Effects:
**              The header is saved on the header list.
**              Contents of 'line' are destroyed.
*/


unsigned long
chompheader(line, pflag, hdrp, e)
        char *line;
        int pflag;
        HDR **hdrp;
        register ENVELOPE *e;
{
        unsigned long rval;

        if (tTd(31, 6))
        {
                sm_dprintf("chompheader: ");
                xputs(sm_debug_file(), line);
                sm_dprintf("\n");
        }

        /* quote this if user (not config file) input */
        if (bitset(pflag, CHHDR_USER))
        {
                char xbuf[MAXLINE];
                char *xbp = NULL;
                int xbufs;

                xbufs = sizeof(xbuf);
                xbp = quote_internal_chars(line, xbuf, &xbufs);
                if (tTd(31, 7))
                {
                        sm_dprintf("chompheader: quoted: ");
                        xputs(sm_debug_file(), xbp);
                        sm_dprintf("\n");
                }
                rval = dochompheader(xbp, pflag, hdrp, e);
                if (xbp != xbuf)
                        sm_free(xbp);
        }
        else
                rval = dochompheader(line, pflag, hdrp, e);

        return rval;
}

/*
**  ALLOCHEADER -- allocate a header entry
**
**      Parameters:
**              field -- the name of the header field (will not be copied).
**              value -- the value of the field (will be copied).
**              flags -- flags to add to h_flags.
**              rp -- resource pool for allocations
**              space -- add leading space?
**
**      Returns:
**              Pointer to a newly allocated and populated HDR.
**
**      Notes:
**              o field and value must be in internal format, i.e.,
**              metacharacters must be "quoted", see quote_internal_chars().
**              o maybe add more flags to decide:
**                - what to copy (field/value)
**                - whether to convert value to an internal format
*/

static HDR *
allocheader(field, value, flags, rp, space)
        char *field;
        char *value;
        int flags;
        SM_RPOOL_T *rp;
        bool space;
{
        HDR *h;
        STAB *s;

        /* find info struct */
        s = stab(field, ST_HEADER, ST_FIND);

        /* allocate space for new header */
        h = (HDR *) sm_rpool_malloc_x(rp, sizeof(*h));
        h->h_field = field;
        if (space)
        {
                size_t l;
                char *n;

                l = strlen(value);
                SM_ASSERT(l + 2 > l);
                n = sm_rpool_malloc_x(rp, l + 2);
                n[0] = ' ';
                n[1] = '\0';
                sm_strlcpy(n + 1, value, l + 1);
                h->h_value = n;
        }
        else
                h->h_value = sm_rpool_strdup_x(rp, value);
        h->h_flags = flags;
        if (s != NULL)
                h->h_flags |= s->s_header.hi_flags;
        clrbitmap(h->h_mflags);
        h->h_macro = '\0';

        return h;
}

/*
**  ADDHEADER -- add a header entry to the end of the queue.
**
**      This bypasses the special checking of chompheader.
**
**      Parameters:
**              field -- the name of the header field (will not be copied).
**              value -- the value of the field (will be copied).
**              flags -- flags to add to h_flags.
**              e -- envelope.
**              space -- add leading space?
**
**      Returns:
**              none.
**
**      Side Effects:
**              adds the field on the list of headers for this envelope.
**
**      Notes: field and value must be in internal format, i.e.,
**              metacharacters must be "quoted", see quote_internal_chars().
*/

void
addheader(field, value, flags, e, space)
        char *field;
        char *value;
        int flags;
        ENVELOPE *e;
        bool space;
{
        register HDR *h;
        HDR **hp;
        HDR **hdrlist = &e->e_header;

        /* find current place in list -- keep back pointer? */
        for (hp = hdrlist; (h = *hp) != NULL; hp = &h->h_link)
        {
                if (sm_strcasecmp(field, h->h_field) == 0)
                        break;
        }

        /* allocate space for new header */
        h = allocheader(field, value, flags, e->e_rpool, space);
        h->h_link = *hp;
        *hp = h;
}

/*
**  INSHEADER -- insert a header entry at the specified index
**      This bypasses the special checking of chompheader.
**
**      Parameters:
**              idx -- index into the header list at which to insert
**              field -- the name of the header field (will be copied).
**              value -- the value of the field (will be copied).
**              flags -- flags to add to h_flags.
**              e -- envelope.
**              space -- add leading space?
**
**      Returns:
**              none.
**
**      Side Effects:
**              inserts the field on the list of headers for this envelope.
**
**      Notes:
**              - field and value must be in internal format, i.e.,
**              metacharacters must be "quoted", see quote_internal_chars().
**              - the header list contains headers that might not be
**              sent "out" (see putheader(): "skip"), hence there is no
**              reliable way to insert a header at an exact position
**              (except at the front or end).
*/

void
insheader(idx, field, value, flags, e, space)
        int idx;
        char *field;
        char *value;
        int flags;
        ENVELOPE *e;
        bool space;
{
        HDR *h, *srch, *last = NULL;

        /* allocate space for new header */
        h = allocheader(field, value, flags, e->e_rpool, space);

        /* find insertion position */
        for (srch = e->e_header; srch != NULL && idx > 0;
             srch = srch->h_link, idx--)
                last = srch;

        if (e->e_header == NULL)
        {
                e->e_header = h;
                h->h_link = NULL;
        }
        else if (srch == NULL)
        {
                SM_ASSERT(last != NULL);
                last->h_link = h;
                h->h_link = NULL;
        }
        else
        {
                h->h_link = srch->h_link;
                srch->h_link = h;
        }
}

/*
**  HVALUE -- return value of a header.
**
**      Only "real" fields (i.e., ones that have not been supplied
**      as a default) are used.
**
**      Parameters:
**              field -- the field name.
**              header -- the header list.
**
**      Returns:
**              pointer to the value part (internal format).
**              NULL if not found.
**
**      Side Effects:
**              none.
*/

char *
hvalue(field, header)
        char *field;
        HDR *header;
{
        register HDR *h;

        for (h = header; h != NULL; h = h->h_link)
        {
                if (!bitset(H_DEFAULT, h->h_flags) &&
                    sm_strcasecmp(h->h_field, field) == 0)
                {
                        char *s;

                        s = h->h_value;
                        if (s == NULL)
                                return NULL;
                        while (isascii(*s) && isspace(*s))
                                s++;
                        return s;
                }
        }
        return NULL;
}

/*
**  ISHEADER -- predicate telling if argument is a header.
**
**      A line is a header if it has a single word followed by
**      optional white space followed by a colon.
**
**      Header fields beginning with two dashes, although technically
**      permitted by RFC822, are automatically rejected in order
**      to make MIME work out.  Without this we could have a technically
**      legal header such as ``--"foo:bar"'' that would also be a legal
**      MIME separator.
**
**      Parameters:
**              h -- string to check for possible headerness.
**
**      Returns:
**              true if h is a header.
**              false otherwise.
**
**      Side Effects:
**              none.
*/

bool
isheader(h)
        char *h;
{
        char *s;

        s = h;
        if (s[0] == '-' && s[1] == '-')
                return false;

        while (*s > ' ' && *s != ':' && *s != '\0')
                s++;

        if (h == s)
                return false;

        /* following technically violates RFC822 */
        while (isascii(*s) && isspace(*s))
                s++;

        return (*s == ':');
}

/*
**  EATHEADER -- run through the stored header and extract info.
**
**      Parameters:
**              e -- the envelope to process.
**              full -- if set, do full processing (e.g., compute
**                      message priority).  This should not be set
**                      when reading a queue file because some info
**                      needed to compute the priority is wrong.
**              log -- call logsender()?
**
**      Returns:
**              none.
**
**      Side Effects:
**              Sets a bunch of global variables from information
**                      in the collected header.
*/

void
eatheader(e, full, log)
        register ENVELOPE *e;
        bool full;
        bool log;
{
        register HDR *h;
        register char *p;
        int hopcnt = 0;
        char buf[MAXLINE];

        /*
        **  Set up macros for possible expansion in headers.
        */

        macdefine(&e->e_macro, A_PERM, 'f', e->e_sender);
        macdefine(&e->e_macro, A_PERM, 'g', e->e_sender);
        if (e->e_origrcpt != NULL && *e->e_origrcpt != '\0')
                macdefine(&e->e_macro, A_PERM, 'u', e->e_origrcpt);
        else
                macdefine(&e->e_macro, A_PERM, 'u', NULL);

        /* full name of from person */
        p = hvalue("full-name", e->e_header);
        if (p != NULL)
        {
                if (!rfc822_string(p))
                {
                        /*
                        **  Quote a full name with special characters
                        **  as a comment so crackaddr() doesn't destroy
                        **  the name portion of the address.
                        */

                        p = addquotes(p, e->e_rpool);
                }
                macdefine(&e->e_macro, A_PERM, 'x', p);
        }

        if (tTd(32, 1))
                sm_dprintf("----- collected header -----\n");
        e->e_msgid = NULL;
        for (h = e->e_header; h != NULL; h = h->h_link)
        {
                if (tTd(32, 1))
                        sm_dprintf("%s:", h->h_field);
                if (h->h_value == NULL)
                {
                        if (tTd(32, 1))
                                sm_dprintf("<NULL>\n");
                        continue;
                }

                /* do early binding */
                if (bitset(H_DEFAULT, h->h_flags) &&
                    !bitset(H_BINDLATE, h->h_flags))
                {
                        if (tTd(32, 1))
                        {
                                sm_dprintf("(");
                                xputs(sm_debug_file(), h->h_value);
                                sm_dprintf(") ");
                        }
                        expand(h->h_value, buf, sizeof(buf), e);
                        if (buf[0] != '\0' &&
                            (buf[0] != ' ' || buf[1] != '\0'))
                        {
                                if (bitset(H_FROM, h->h_flags))
                                        expand(crackaddr(buf, e),
                                               buf, sizeof(buf), e);
                                h->h_value = sm_rpool_strdup_x(e->e_rpool, buf);
                                h->h_flags &= ~H_DEFAULT;
                        }
                }
                if (tTd(32, 1))
                {
                        xputs(sm_debug_file(), h->h_value);
                        sm_dprintf("\n");
                }

                /* count the number of times it has been processed */
                if (bitset(H_TRACE, h->h_flags))
                        hopcnt++;

                /* send to this person if we so desire */
                if (GrabTo && bitset(H_RCPT, h->h_flags) &&
                    !bitset(H_DEFAULT, h->h_flags) &&
                    (!bitset(EF_RESENT, e->e_flags) ||
                     bitset(H_RESENT, h->h_flags)))
                {
#if 0
                        int saveflags = e->e_flags;
#endif /* 0 */

                        (void) sendtolist(denlstring(h->h_value, true, false),
                                          NULLADDR, &e->e_sendqueue, 0, e);

#if 0
                        /*
                        **  Change functionality so a fatal error on an
                        **  address doesn't affect the entire envelope.
                        */

                        /* delete fatal errors generated by this address */
                        if (!bitset(EF_FATALERRS, saveflags))
                                e->e_flags &= ~EF_FATALERRS;
#endif /* 0 */
                }

                /* save the message-id for logging */
                p = "resent-message-id";
                if (!bitset(EF_RESENT, e->e_flags))
                        p += 7;
                if (sm_strcasecmp(h->h_field, p) == 0)
                {
                        e->e_msgid = h->h_value;
                        while (isascii(*e->e_msgid) && isspace(*e->e_msgid))
                                e->e_msgid++;
                        macdefine(&e->e_macro, A_PERM, macid("{msg_id}"),
                                  e->e_msgid);
                }
        }
        if (tTd(32, 1))
                sm_dprintf("----------------------------\n");

        /* if we are just verifying (that is, sendmail -t -bv), drop out now */
        if (OpMode == MD_VERIFY)
                return;

        /* store hop count */
        if (hopcnt > e->e_hopcount)
        {
                e->e_hopcount = hopcnt;
                (void) sm_snprintf(buf, sizeof(buf), "%d", e->e_hopcount);
                macdefine(&e->e_macro, A_TEMP, 'c', buf);
        }

        /* message priority */
        p = hvalue("precedence", e->e_header);
        if (p != NULL)
                e->e_class = priencode(p);
        if (e->e_class < 0)
                e->e_timeoutclass = TOC_NONURGENT;
        else if (e->e_class > 0)
                e->e_timeoutclass = TOC_URGENT;
        if (full)
        {
                e->e_msgpriority = e->e_msgsize
                                 - e->e_class * WkClassFact
                                 + e->e_nrcpts * WkRecipFact;
        }

        /* check for DSN to properly set e_timeoutclass */
        p = hvalue("content-type", e->e_header);
        if (p != NULL)
        {
                bool oldsupr;
                char **pvp;
                char pvpbuf[MAXLINE];
                extern unsigned char MimeTokenTab[256];

                /* tokenize header */
                oldsupr = SuprErrs;
                SuprErrs = true;
                pvp = prescan(p, '\0', pvpbuf, sizeof(pvpbuf), NULL,
                              MimeTokenTab, false);
                SuprErrs = oldsupr;

                /* Check if multipart/report */
                if (pvp != NULL && pvp[0] != NULL &&
                    pvp[1] != NULL && pvp[2] != NULL &&
                    sm_strcasecmp(*pvp++, "multipart") == 0 &&
                    strcmp(*pvp++, "/") == 0 &&
                    sm_strcasecmp(*pvp++, "report") == 0)
                {
                        /* Look for report-type=delivery-status */
                        while (*pvp != NULL)
                        {
                                /* skip to semicolon separator */
                                while (*pvp != NULL && strcmp(*pvp, ";") != 0)
                                        pvp++;

                                /* skip semicolon */
                                if (*pvp++ == NULL || *pvp == NULL)
                                        break;

                                /* look for report-type */
                                if (sm_strcasecmp(*pvp++, "report-type") != 0)
                                        continue;

                                /* skip equal */
                                if (*pvp == NULL || strcmp(*pvp, "=") != 0)
                                        continue;

                                /* check value */
                                if (*++pvp != NULL &&
                                    sm_strcasecmp(*pvp,
                                                  "delivery-status") == 0)
                                        e->e_timeoutclass = TOC_DSN;

                                /* found report-type, no need to continue */
                                break;
                        }
                }
        }

        /* message timeout priority */
        p = hvalue("priority", e->e_header);
        if (p != NULL)
        {
                /* (this should be in the configuration file) */
                if (sm_strcasecmp(p, "urgent") == 0)
                        e->e_timeoutclass = TOC_URGENT;
                else if (sm_strcasecmp(p, "normal") == 0)
                        e->e_timeoutclass = TOC_NORMAL;
                else if (sm_strcasecmp(p, "non-urgent") == 0)
                        e->e_timeoutclass = TOC_NONURGENT;
                else if (bitset(EF_RESPONSE, e->e_flags))
                        e->e_timeoutclass = TOC_DSN;
        }
        else if (bitset(EF_RESPONSE, e->e_flags))
                e->e_timeoutclass = TOC_DSN;

        /* date message originated */
        p = hvalue("posted-date", e->e_header);
        if (p == NULL)
                p = hvalue("date", e->e_header);
        if (p != NULL)
                macdefine(&e->e_macro, A_PERM, 'a', p);

        /* check to see if this is a MIME message */
        if ((e->e_bodytype != NULL &&
             sm_strcasecmp(e->e_bodytype, "8BITMIME") == 0) ||
            hvalue("MIME-Version", e->e_header) != NULL)
        {
                e->e_flags |= EF_IS_MIME;
                if (HasEightBits)
                        e->e_bodytype = "8BITMIME";
        }
        else if ((p = hvalue("Content-Type", e->e_header)) != NULL)
        {
                /* this may be an RFC 1049 message */
                p = strpbrk(p, ";/");
                if (p == NULL || *p == ';')
                {
                        /* yep, it is */
                        e->e_flags |= EF_DONT_MIME;
                }
        }

        /*
        **  From person in antiquated ARPANET mode
        **      required by UK Grey Book e-mail gateways (sigh)
        */

        if (OpMode == MD_ARPAFTP)
        {
                register struct hdrinfo *hi;

                for (hi = HdrInfo; hi->hi_field != NULL; hi++)
                {
                        if (bitset(H_FROM, hi->hi_flags) &&
                            (!bitset(H_RESENT, hi->hi_flags) ||
                             bitset(EF_RESENT, e->e_flags)) &&
                            (p = hvalue(hi->hi_field, e->e_header)) != NULL)
                                break;
                }
                if (hi->hi_field != NULL)
                {
                        if (tTd(32, 2))
                                sm_dprintf("eatheader: setsender(*%s == %s)\n",
                                        hi->hi_field, p);
                        setsender(p, e, NULL, '\0', true);
                }
        }

        /*
        **  Log collection information.
        */

        if (tTd(92, 2))
                sm_dprintf("eatheader: e_id=%s, EF_LOGSENDER=%d, LogLevel=%d, log=%d\n",
                        e->e_id, bitset(EF_LOGSENDER, e->e_flags), LogLevel,
                        log);
        if (log && bitset(EF_LOGSENDER, e->e_flags) && LogLevel > 4)
        {
                logsender(e, e->e_msgid);
                e->e_flags &= ~EF_LOGSENDER;
        }
}

/*
**  LOGSENDER -- log sender information
**
**      Parameters:
**              e -- the envelope to log
**              msgid -- the message id
**
**      Returns:
**              none
*/

void
logsender(e, msgid)
        register ENVELOPE *e;
        char *msgid;
{
        char *name;
        register char *sbp;
        register char *p;
        char hbuf[MAXNAME + 1];
        char sbuf[MAXLINE + 1];
        char mbuf[MAXNAME + 1];

        /* don't allow newlines in the message-id */
        /* XXX do we still need this? sm_syslog() replaces control chars */
        if (msgid != NULL)
        {
                size_t l;

                l = strlen(msgid);
                if (l > sizeof(mbuf) - 1)
                        l = sizeof(mbuf) - 1;
                memmove(mbuf, msgid, l);
                mbuf[l] = '\0';
                p = mbuf;
                while ((p = strchr(p, '\n')) != NULL)
                        *p++ = ' ';
        }

        if (bitset(EF_RESPONSE, e->e_flags))
                name = "[RESPONSE]";
        else if ((name = macvalue('_', e)) != NULL)
                /* EMPTY */
                ;
        else if (RealHostName == NULL)
                name = "localhost";
        else if (RealHostName[0] == '[')
                name = RealHostName;
        else
        {
                name = hbuf;
                (void) sm_snprintf(hbuf, sizeof(hbuf), "%.80s", RealHostName);
                if (RealHostAddr.sa.sa_family != 0)
                {
                        p = &hbuf[strlen(hbuf)];
                        (void) sm_snprintf(p, SPACELEFT(hbuf, p),
                                           " (%.100s)",
                                           anynet_ntoa(&RealHostAddr));
                }
        }

        /* some versions of syslog only take 5 printf args */
#if (SYSLOG_BUFSIZE) >= 256
        sbp = sbuf;
        (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
                "from=%.200s, size=%ld, class=%d, nrcpts=%d",
                e->e_from.q_paddr == NULL ? "<NONE>" : e->e_from.q_paddr,
                e->e_msgsize, e->e_class, e->e_nrcpts);
        sbp += strlen(sbp);
        if (msgid != NULL)
        {
                (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
                                ", msgid=%.100s", mbuf);
                sbp += strlen(sbp);
        }
        if (e->e_bodytype != NULL)
        {
                (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
                                ", bodytype=%.20s", e->e_bodytype);
                sbp += strlen(sbp);
        }
        p = macvalue('r', e);
        if (p != NULL)
        {
                (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
                                ", proto=%.20s", p);
                sbp += strlen(sbp);
        }
        p = macvalue(macid("{daemon_name}"), e);
        if (p != NULL)
        {
                (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
                                ", daemon=%.20s", p);
                sbp += strlen(sbp);
        }
        sm_syslog(LOG_INFO, e->e_id, "%.850s, relay=%s", sbuf, name);

#else /* (SYSLOG_BUFSIZE) >= 256 */

        sm_syslog(LOG_INFO, e->e_id,
                  "from=%s",
                  e->e_from.q_paddr == NULL ? "<NONE>"
                                            : shortenstring(e->e_from.q_paddr,
                                                            83));
        sm_syslog(LOG_INFO, e->e_id,
                  "size=%ld, class=%ld, nrcpts=%d",
                  e->e_msgsize, e->e_class, e->e_nrcpts);
        if (msgid != NULL)
                sm_syslog(LOG_INFO, e->e_id,
                          "msgid=%s",
                          shortenstring(mbuf, 83));
        sbp = sbuf;
        *sbp = '\0';
        if (e->e_bodytype != NULL)
        {
                (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
                                "bodytype=%.20s, ", e->e_bodytype);
                sbp += strlen(sbp);
        }
        p = macvalue('r', e);
        if (p != NULL)
        {
                (void) sm_snprintf(sbp, SPACELEFT(sbuf, sbp),
                                "proto=%.20s, ", p);
                sbp += strlen(sbp);
        }
        sm_syslog(LOG_INFO, e->e_id,
                  "%.400srelay=%s", sbuf, name);
#endif /* (SYSLOG_BUFSIZE) >= 256 */
}

/*
**  PRIENCODE -- encode external priority names into internal values.
**
**      Parameters:
**              p -- priority in ascii.
**
**      Returns:
**              priority as a numeric level.
**
**      Side Effects:
**              none.
*/

static int
priencode(p)
        char *p;
{
        register int i;

        for (i = 0; i < NumPriorities; i++)
        {
                if (sm_strcasecmp(p, Priorities[i].pri_name) == 0)
                        return Priorities[i].pri_val;
        }

        /* unknown priority */
        return 0;
}

/*
**  CRACKADDR -- parse an address and turn it into a macro
**
**      This doesn't actually parse the address -- it just extracts
**      it and replaces it with "$g".  The parse is totally ad hoc
**      and isn't even guaranteed to leave something syntactically
**      identical to what it started with.  However, it does leave
**      something semantically identical if possible, else at least
**      syntactically correct.
**
**      For example, it changes "Real Name <real@example.com> (Comment)"
**      to "Real Name <$g> (Comment)".
**
**      This algorithm has been cleaned up to handle a wider range
**      of cases -- notably quoted and backslash escaped strings.
**      This modification makes it substantially better at preserving
**      the original syntax.
**
**      Parameters:
**              addr -- the address to be cracked.
**              e -- the current envelope.
**
**      Returns:
**              a pointer to the new version.
**
**      Side Effects:
**              none.
**
**      Warning:
**              The return value is saved in local storage and should
**              be copied if it is to be reused.
*/

#define SM_HAVE_ROOM            ((bp < buflim) && (buflim <= bufend))

/*
**  Append a character to bp if we have room.
**  If not, punt and return $g.
*/

#define SM_APPEND_CHAR(c)                                       \
        do                                                      \
        {                                                       \
                if (SM_HAVE_ROOM)                               \
                        *bp++ = (c);                            \
                else                                            \
                        goto returng;                           \
        } while (0)

#if MAXNAME < 10
ERROR MAXNAME must be at least 10
#endif /* MAXNAME < 10 */

char *
crackaddr(addr, e)
        register char *addr;
        ENVELOPE *e;
{
        register char *p;
        register char c;
        int cmtlev;                     /* comment level in input string */
        int realcmtlev;                 /* comment level in output string */
        int anglelev;                   /* angle level in input string */
        int copylev;                    /* 0 == in address, >0 copying */
        int bracklev;                   /* bracket level for IPv6 addr check */
        bool addangle;                  /* put closing angle in output */
        bool qmode;                     /* quoting in original string? */
        bool realqmode;                 /* quoting in output string? */
        bool putgmac = false;           /* already wrote $g */
        bool quoteit = false;           /* need to quote next character */
        bool gotangle = false;          /* found first '<' */
        bool gotcolon = false;          /* found a ':' */
        register char *bp;
        char *buflim;
        char *bufhead;
        char *addrhead;
        char *bufend;
        static char buf[MAXNAME + 1];

        if (tTd(33, 1))
                sm_dprintf("crackaddr(%s)\n", addr);

        buflim = bufend = &buf[sizeof(buf) - 1];
        bp = bufhead = buf;

        /* skip over leading spaces but preserve them */
        while (*addr != '\0' && isascii(*addr) && isspace(*addr))
        {
                SM_APPEND_CHAR(*addr);
                addr++;
        }
        bufhead = bp;

        /*
        **  Start by assuming we have no angle brackets.  This will be
        **  adjusted later if we find them.
        */

        p = addrhead = addr;
        copylev = anglelev = cmtlev = realcmtlev = 0;
        bracklev = 0;
        qmode = realqmode = addangle = false;

        while ((c = *p++) != '\0')
        {
                /*
                **  Try to keep legal syntax using spare buffer space
                **  (maintained by buflim).
                */

                if (copylev > 0)
                        SM_APPEND_CHAR(c);

                /* check for backslash escapes */
                if (c == '\\')
                {
                        /* arrange to quote the address */
                        if (cmtlev <= 0 && !qmode)
                                quoteit = true;

                        if ((c = *p++) == '\0')
                        {
                                /* too far */
                                p--;
                                goto putg;
                        }
                        if (copylev > 0)
                                SM_APPEND_CHAR(c);
                        goto putg;
                }

                /* check for quoted strings */
                if (c == '"' && cmtlev <= 0)
                {
                        qmode = !qmode;
                        if (copylev > 0 && SM_HAVE_ROOM)
                        {
                                if (realqmode)
                                        buflim--;
                                else
                                        buflim++;
                                realqmode = !realqmode;
                        }
                        continue;
                }
                if (qmode)
                        goto putg;

                /* check for comments */
                if (c == '(')
                {
                        cmtlev++;

                        /* allow space for closing paren */
                        if (SM_HAVE_ROOM)
                        {
                                buflim--;
                                realcmtlev++;
                                if (copylev++ <= 0)
                                {
                                        if (bp != bufhead)
                                                SM_APPEND_CHAR(' ');
                                        SM_APPEND_CHAR(c);
                                }
                        }
                }
                if (cmtlev > 0)
                {
                        if (c == ')')
                        {
                                cmtlev--;
                                copylev--;
                                if (SM_HAVE_ROOM)
                                {
                                        realcmtlev--;
                                        buflim++;
                                }
                        }
                        continue;
                }
                else if (c == ')')
                {
                        /* syntax error: unmatched ) */
                        if (copylev > 0 && SM_HAVE_ROOM && bp > bufhead)
                                bp--;
                }

                /* count nesting on [ ... ] (for IPv6 domain literals) */
                if (c == '[')
                        bracklev++;
                else if (c == ']')
                        bracklev--;

                /* check for group: list; syntax */
                if (c == ':' && anglelev <= 0 && bracklev <= 0 &&
                    !gotcolon && !ColonOkInAddr)
                {
                        register char *q;

                        /*
                        **  Check for DECnet phase IV ``::'' (host::user)
                        **  or DECnet phase V ``:.'' syntaxes.  The latter
                        **  covers ``user@DEC:.tay.myhost'' and
                        **  ``DEC:.tay.myhost::user'' syntaxes (bletch).
                        */

                        if (*p == ':' || *p == '.')
                        {
                                if (cmtlev <= 0 && !qmode)
                                        quoteit = true;
                                if (copylev > 0)
                                {
                                        SM_APPEND_CHAR(c);
                                        SM_APPEND_CHAR(*p);
                                }
                                p++;
                                goto putg;
                        }

                        gotcolon = true;

                        bp = bufhead;
                        if (quoteit)
                        {
                                SM_APPEND_CHAR('"');

                                /* back up over the ':' and any spaces */
                                --p;
                                while (p > addr &&
                                       isascii(*--p) && isspace(*p))
                                        continue;
                                p++;
                        }
                        for (q = addrhead; q < p; )
                        {
                                c = *q++;
                                if (quoteit && c == '"')
                                        SM_APPEND_CHAR('\\');
                                SM_APPEND_CHAR(c);
                        }
                        if (quoteit)
                        {
                                if (bp == &bufhead[1])
                                        bp--;
                                else
                                        SM_APPEND_CHAR('"');
                                while ((c = *p++) != ':')
                                        SM_APPEND_CHAR(c);
                                SM_APPEND_CHAR(c);
                        }

                        /* any trailing white space is part of group: */
                        while (isascii(*p) && isspace(*p))
                        {
                                SM_APPEND_CHAR(*p);
                                p++;
                        }
                        copylev = 0;
                        putgmac = quoteit = false;
                        bufhead = bp;
                        addrhead = p;
                        continue;
                }

                if (c == ';' && copylev <= 0 && !ColonOkInAddr)
                        SM_APPEND_CHAR(c);

                /* check for characters that may have to be quoted */
                if (strchr(MustQuoteChars, c) != NULL)
                {
                        /*
                        **  If these occur as the phrase part of a <>
                        **  construct, but are not inside of () or already
                        **  quoted, they will have to be quoted.  Note that
                        **  now (but don't actually do the quoting).
                        */

                        if (cmtlev <= 0 && !qmode)
                                quoteit = true;
                }

                /* check for angle brackets */
                if (c == '<')
                {
                        register char *q;

                        /* assume first of two angles is bogus */
                        if (gotangle)
                                quoteit = true;
                        gotangle = true;

                        /* oops -- have to change our mind */
                        anglelev = 1;
                        if (SM_HAVE_ROOM)
                        {
                                if (!addangle)
                                        buflim--;
                                addangle = true;
                        }

                        bp = bufhead;
                        if (quoteit)
                        {
                                SM_APPEND_CHAR('"');

                                /* back up over the '<' and any spaces */
                                --p;
                                while (p > addr &&
                                       isascii(*--p) && isspace(*p))
                                        continue;
                                p++;
                        }
                        for (q = addrhead; q < p; )
                        {
                                c = *q++;
                                if (quoteit && c == '"')
                                {
                                        SM_APPEND_CHAR('\\');
                                        SM_APPEND_CHAR(c);
                                }
                                else
                                        SM_APPEND_CHAR(c);
                        }
                        if (quoteit)
                        {
                                if (bp == &buf[1])
                                        bp--;
                                else
                                        SM_APPEND_CHAR('"');
                                while ((c = *p++) != '<')
                                        SM_APPEND_CHAR(c);
                                SM_APPEND_CHAR(c);
                        }
                        copylev = 0;
                        putgmac = quoteit = false;
                        continue;
                }

                if (c == '>')
                {
                        if (anglelev > 0)
                        {
                                anglelev--;
                                if (SM_HAVE_ROOM)
                                {
                                        if (addangle)
                                                buflim++;
                                        addangle = false;
                                }
                        }
                        else if (SM_HAVE_ROOM)
                        {
                                /* syntax error: unmatched > */
                                if (copylev > 0 && bp > bufhead)
                                        bp--;
                                quoteit = true;
                                continue;
                        }
                        if (copylev++ <= 0)
                                SM_APPEND_CHAR(c);
                        continue;
                }

                /* must be a real address character */
        putg:
                if (copylev <= 0 && !putgmac)
                {
                        if (bp > buf && bp[-1] == ')')
                                SM_APPEND_CHAR(' ');
                        SM_APPEND_CHAR(MACROEXPAND);
                        SM_APPEND_CHAR('g');
                        putgmac = true;
                }
        }

        /* repair any syntactic damage */
        if (realqmode && bp < bufend)
                *bp++ = '"';
        while (realcmtlev-- > 0 && bp < bufend)
                *bp++ = ')';
        if (addangle && bp < bufend)
                *bp++ = '>';
        *bp = '\0';
        if (bp < bufend)
                goto success;

 returng:
        /* String too long, punt */
        buf[0] = '<';
        buf[1] = MACROEXPAND;
        buf[2]= 'g';
        buf[3] = '>';
        buf[4]= '\0';
        sm_syslog(LOG_ALERT, e->e_id,
                  "Dropped invalid comments from header address");

 success:
        if (tTd(33, 1))
        {
                sm_dprintf("crackaddr=>`");
                xputs(sm_debug_file(), buf);
                sm_dprintf("'\n");
        }
        return buf;
}

/*
**  PUTHEADER -- put the header part of a message from the in-core copy
**
**      Parameters:
**              mci -- the connection information.
**              hdr -- the header to put.
**              e -- envelope to use.
**              flags -- MIME conversion flags.
**
**      Returns:
**              true iff header part was written successfully
**
**      Side Effects:
**              none.
*/

bool
putheader(mci, hdr, e, flags)
        register MCI *mci;
        HDR *hdr;
        register ENVELOPE *e;
        int flags;
{
        register HDR *h;
        char buf[SM_MAX(MAXLINE,BUFSIZ)];
        char obuf[MAXLINE];

        if (tTd(34, 1))
                sm_dprintf("--- putheader, mailer = %s ---\n",
                        mci->mci_mailer->m_name);

        /*
        **  If we're in MIME mode, we're not really in the header of the
        **  message, just the header of one of the parts of the body of
        **  the message.  Therefore MCIF_INHEADER should not be turned on.
        */

        if (!bitset(MCIF_INMIME, mci->mci_flags))
                mci->mci_flags |= MCIF_INHEADER;

        for (h = hdr; h != NULL; h = h->h_link)
        {
                register char *p = h->h_value;
                char *q;

                if (tTd(34, 11))
                {
                        sm_dprintf("  %s:", h->h_field);
                        xputs(sm_debug_file(), p);
                }

                /* Skip empty headers */
                if (h->h_value == NULL)
                        continue;

                /* heuristic shortening of MIME fields to avoid MUA overflows */
                if (MaxMimeFieldLength > 0 &&
                    wordinclass(h->h_field,
                                macid("{checkMIMEFieldHeaders}")))
                {
                        size_t len;

                        len = fix_mime_header(h, e);
                        if (len > 0)
                        {
                                sm_syslog(LOG_ALERT, e->e_id,
                                          "Truncated MIME %s header due to field size (length = %ld) (possible attack)",
                                          h->h_field, (unsigned long) len);
                                if (tTd(34, 11))
                                        sm_dprintf("  truncated MIME %s header due to field size  (length = %ld) (possible attack)\n",
                                                   h->h_field,
                                                   (unsigned long) len);
                        }
                }

                if (MaxMimeHeaderLength > 0 &&
                    wordinclass(h->h_field,
                                macid("{checkMIMETextHeaders}")))
                {
                        size_t len;

                        len = strlen(h->h_value);
                        if (len > (size_t) MaxMimeHeaderLength)
                        {
                                h->h_value[MaxMimeHeaderLength - 1] = '\0';
                                sm_syslog(LOG_ALERT, e->e_id,
                                          "Truncated long MIME %s header (length = %ld) (possible attack)",
                                          h->h_field, (unsigned long) len);
                                if (tTd(34, 11))
                                        sm_dprintf("  truncated long MIME %s header (length = %ld) (possible attack)\n",
                                                   h->h_field,
                                                   (unsigned long) len);
                        }
                }

                if (MaxMimeHeaderLength > 0 &&
                    wordinclass(h->h_field,
                                macid("{checkMIMEHeaders}")))
                {
                        size_t len;

                        len = strlen(h->h_value);
                        if (shorten_rfc822_string(h->h_value,
                                                  MaxMimeHeaderLength))
                        {
                                if (len < MaxMimeHeaderLength)
                                {
                                        /* we only rebalanced a bogus header */
                                        sm_syslog(LOG_ALERT, e->e_id,
                                                  "Fixed MIME %s header (possible attack)",
                                                  h->h_field);
                                        if (tTd(34, 11))
                                                sm_dprintf("  fixed MIME %s header (possible attack)\n",
                                                           h->h_field);
                                }
                                else
                                {
                                        /* we actually shortened header */
                                        sm_syslog(LOG_ALERT, e->e_id,
                                                  "Truncated long MIME %s header (length = %ld) (possible attack)",
                                                  h->h_field,
                                                  (unsigned long) len);
                                        if (tTd(34, 11))
                                                sm_dprintf("  truncated long MIME %s header (length = %ld) (possible attack)\n",
                                                           h->h_field,
                                                           (unsigned long) len);
                                }
                        }
                }

                /*
                **  Suppress Content-Transfer-Encoding: if we are MIMEing
                **  and we are potentially converting from 8 bit to 7 bit
                **  MIME.  If converting, add a new CTE header in
                **  mime8to7().
                */

                if (bitset(H_CTE, h->h_flags) &&
                    bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME,
                           mci->mci_flags) &&
                    !bitset(M87F_NO8TO7, flags))
                {
                        if (tTd(34, 11))
                                sm_dprintf(" (skipped (content-transfer-encoding))\n");
                        continue;
                }

                if (bitset(MCIF_INMIME, mci->mci_flags))
                {
                        if (tTd(34, 11))
                                sm_dprintf("\n");
                        if (!put_vanilla_header(h, p, mci))
                                goto writeerr;
                        continue;
                }

                if (bitset(H_CHECK|H_ACHECK, h->h_flags) &&
                    !bitintersect(h->h_mflags, mci->mci_mailer->m_flags) &&
                    (h->h_macro == '\0' ||
                     (q = macvalue(bitidx(h->h_macro), e)) == NULL ||
                     *q == '\0'))
                {
                        if (tTd(34, 11))
                                sm_dprintf(" (skipped)\n");
                        continue;
                }

                /* handle Resent-... headers specially */
                if (bitset(H_RESENT, h->h_flags) && !bitset(EF_RESENT, e->e_flags))
                {
                        if (tTd(34, 11))
                                sm_dprintf(" (skipped (resent))\n");
                        continue;
                }

                /* suppress return receipts if requested */
                if (bitset(H_RECEIPTTO, h->h_flags) &&
                    (RrtImpliesDsn || bitset(EF_NORECEIPT, e->e_flags)))
                {
                        if (tTd(34, 11))
                                sm_dprintf(" (skipped (receipt))\n");
                        continue;
                }

                /* macro expand value if generated internally */
                if (bitset(H_DEFAULT, h->h_flags) ||
                    bitset(H_BINDLATE, h->h_flags))
                {
                        expand(p, buf, sizeof(buf), e);
                        p = buf;
                        if (*p == '\0')
                        {
                                if (tTd(34, 11))
                                        sm_dprintf(" (skipped -- null value)\n");
                                continue;
                        }
                }

                if (bitset(H_BCC, h->h_flags))
                {
                        /* Bcc: field -- either truncate or delete */
                        if (bitset(EF_DELETE_BCC, e->e_flags))
                        {
                                if (tTd(34, 11))
                                        sm_dprintf(" (skipped -- bcc)\n");
                        }
                        else
                        {
                                /* no other recipient headers: truncate value */
                                (void) sm_strlcpyn(obuf, sizeof(obuf), 2,
                                                   h->h_field, ":");
                                if (!putline(obuf, mci))
                                        goto writeerr;
                        }
                        continue;
                }

                if (tTd(34, 11))
                        sm_dprintf("\n");

                if (bitset(H_FROM|H_RCPT, h->h_flags))
                {
                        /* address field */
                        bool oldstyle = bitset(EF_OLDSTYLE, e->e_flags);

                        if (bitset(H_FROM, h->h_flags))
                                oldstyle = false;
                        commaize(h, p, oldstyle, mci, e,
                                 PXLF_HEADER | PXLF_STRIPMQUOTE);
                }
                else
                {
                        if (!put_vanilla_header(h, p, mci))
                                goto writeerr;
                }
        }

        /*
        **  If we are converting this to a MIME message, add the
        **  MIME headers (but not in MIME mode!).
        */

#if MIME8TO7
        if (bitset(MM_MIME8BIT, MimeMode) &&
            bitset(EF_HAS8BIT, e->e_flags) &&
            !bitset(EF_DONT_MIME, e->e_flags) &&
            !bitnset(M_8BITS, mci->mci_mailer->m_flags) &&
            !bitset(MCIF_CVT8TO7|MCIF_CVT7TO8|MCIF_INMIME, mci->mci_flags) &&
            hvalue("MIME-Version", e->e_header) == NULL)
        {
                if (!putline("MIME-Version: 1.0", mci))
                        goto writeerr;
                if (hvalue("Content-Type", e->e_header) == NULL)
                {
                        (void) sm_snprintf(obuf, sizeof(obuf),
                                        "Content-Type: text/plain; charset=%s",
                                        defcharset(e));
                        if (!putline(obuf, mci))
                                goto writeerr;
                }
                if (hvalue("Content-Transfer-Encoding", e->e_header) == NULL
                    && !putline("Content-Transfer-Encoding: 8bit", mci))
                        goto writeerr;
        }
#endif /* MIME8TO7 */
        return true;

  writeerr:
        return false;
}

/*
**  PUT_VANILLA_HEADER -- output a fairly ordinary header
**
**      Parameters:
**              h -- the structure describing this header
**              v -- the value of this header
**              mci -- the connection info for output
**
**      Returns:
**              true iff header was written successfully
*/

static bool
put_vanilla_header(h, v, mci)
        HDR *h;
        char *v;
        MCI *mci;
{
        register char *nlp;
        register char *obp;
        int putflags;
        char obuf[MAXLINE + 256];       /* additional length for h_field */

        putflags = PXLF_HEADER | PXLF_STRIPMQUOTE;
        if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
                putflags |= PXLF_STRIP8BIT;
        (void) sm_snprintf(obuf, sizeof(obuf), "%.200s:", h->h_field);
        obp = obuf + strlen(obuf);
        while ((nlp = strchr(v, '\n')) != NULL)
        {
                int l;

                l = nlp - v;

                /*
                **  XXX This is broken for SPACELEFT()==0
                **  However, SPACELEFT() is always > 0 unless MAXLINE==1.
                */

                if (SPACELEFT(obuf, obp) - 1 < (size_t) l)
                        l = SPACELEFT(obuf, obp) - 1;

                (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s", l, v);
                if (!putxline(obuf, strlen(obuf), mci, putflags))
                        goto writeerr;
                v += l + 1;
                obp = obuf;
                if (*v != ' ' && *v != '\t')
                        *obp++ = ' ';
        }

        /* XXX This is broken for SPACELEFT()==0 */
        (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.*s",
                           (int) (SPACELEFT(obuf, obp) - 1), v);
        return putxline(obuf, strlen(obuf), mci, putflags);

  writeerr:
        return false;
}

/*
**  COMMAIZE -- output a header field, making a comma-translated list.
**
**      Parameters:
**              h -- the header field to output.
**              p -- the value to put in it.
**              oldstyle -- true if this is an old style header.
**              mci -- the connection information.
**              e -- the envelope containing the message.
**              putflags -- flags for putxline()
**
**      Returns:
**              true iff header field was written successfully
**
**      Side Effects:
**              outputs "p" to "mci".
*/

bool
commaize(h, p, oldstyle, mci, e, putflags)
        register HDR *h;
        register char *p;
        bool oldstyle;
        register MCI *mci;
        register ENVELOPE *e;
        int putflags;
{
        register char *obp;
        int opos, omax, spaces;
        bool firstone = true;
        char **res;
        char obuf[MAXLINE + 3];

        /*
        **  Output the address list translated by the
        **  mailer and with commas.
        */

        if (tTd(14, 2))
                sm_dprintf("commaize(%s:%s)\n", h->h_field, p);

        if (bitnset(M_7BITHDRS, mci->mci_mailer->m_flags))
                putflags |= PXLF_STRIP8BIT;

        obp = obuf;
        (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%.200s:", h->h_field);
        /* opos = strlen(obp); instead of the next 3 lines? */
        opos = strlen(h->h_field) + 1;
        if (opos > 201)
                opos = 201;
        obp += opos;

        spaces = 0;
        while (*p != '\0' && isascii(*p) && isspace(*p))
        {
                ++spaces;
                ++p;
        }
        if (spaces > 0)
        {
                SM_ASSERT(sizeof(obuf) > opos  * 2);

                /*
                **  Restrict number of spaces to half the length of buffer
                **  so the header field body can be put in here too.
                **  Note: this is a hack...
                */

                if (spaces > sizeof(obuf) / 2)
                        spaces = sizeof(obuf) / 2;
                (void) sm_snprintf(obp, SPACELEFT(obuf, obp), "%*s", spaces,
                                "");
                opos += spaces;
                obp += spaces;
                SM_ASSERT(obp < &obuf[MAXLINE]);
        }

        omax = mci->mci_mailer->m_linelimit - 2;
        if (omax < 0 || omax > 78)
                omax = 78;

        /*
        **  Run through the list of values.
        */

        while (*p != '\0')
        {
                register char *name;
                register int c;
                char savechar;
                int flags;
                auto int status;

                /*
                **  Find the end of the name.  New style names
                **  end with a comma, old style names end with
                **  a space character.  However, spaces do not
                **  necessarily delimit an old-style name -- at
                **  signs mean keep going.
                */

                /* find end of name */
                while ((isascii(*p) && isspace(*p)) || *p == ',')
                        p++;
                name = p;
                res = NULL;
                for (;;)
                {
                        auto char *oldp;
                        char pvpbuf[PSBUFSIZE];

                        res = prescan(p, oldstyle ? ' ' : ',', pvpbuf,
                                      sizeof(pvpbuf), &oldp, ExtTokenTab, false);
                        p = oldp;
#if _FFR_IGNORE_BOGUS_ADDR
                        /* ignore addresses that can't be parsed */
                        if (res == NULL)
                        {
                                name = p;
                                continue;
                        }
#endif /* _FFR_IGNORE_BOGUS_ADDR */

                        /* look to see if we have an at sign */
                        while (*p != '\0' && isascii(*p) && isspace(*p))
                                p++;

                        if (*p != '@')
                        {
                                p = oldp;
                                break;
                        }
                        ++p;
                        while (*p != '\0' && isascii(*p) && isspace(*p))
                                p++;
                }
                /* at the end of one complete name */

                /* strip off trailing white space */
                while (p >= name &&
                       ((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
                        p--;
                if (++p == name)
                        continue;

                /*
                **  if prescan() failed go a bit backwards; this is a hack,
                **  there should be some better error recovery.
                */

                if (res == NULL && p > name &&
                    !((isascii(*p) && isspace(*p)) || *p == ',' || *p == '\0'))
                        --p;
                savechar = *p;
                *p = '\0';

                /* translate the name to be relative */
                flags = RF_HEADERADDR|RF_ADDDOMAIN;
                if (bitset(H_FROM, h->h_flags))
                        flags |= RF_SENDERADDR;
#if USERDB
                else if (e->e_from.q_mailer != NULL &&
                         bitnset(M_UDBRECIPIENT, e->e_from.q_mailer->m_flags))
                {
                        char *q;

                        q = udbsender(name, e->e_rpool);
                        if (q != NULL)
                                name = q;
                }
#endif /* USERDB */
                status = EX_OK;
                name = remotename(name, mci->mci_mailer, flags, &status, e);
                if (*name == '\0')
                {
                        *p = savechar;
                        continue;
                }
                name = denlstring(name, false, true);

                /* output the name with nice formatting */
                opos += strlen(name);
                if (!firstone)
                        opos += 2;
                if (opos > omax && !firstone)
                {
                        (void) sm_strlcpy(obp, ",\n", SPACELEFT(obuf, obp));
                        if (!putxline(obuf, strlen(obuf), mci, putflags))
                                goto writeerr;
                        obp = obuf;
                        (void) sm_strlcpy(obp, "        ", sizeof(obuf));
                        opos = strlen(obp);
                        obp += opos;
                        opos += strlen(name);
                }
                else if (!firstone)
                {
                        (void) sm_strlcpy(obp, ", ", SPACELEFT(obuf, obp));
                        obp += 2;
                }

                while ((c = *name++) != '\0' && obp < &obuf[MAXLINE])
                        *obp++ = c;
                firstone = false;
                *p = savechar;
        }
        if (obp < &obuf[sizeof(obuf)])
                *obp = '\0';
        else
                obuf[sizeof(obuf) - 1] = '\0';
        return putxline(obuf, strlen(obuf), mci, putflags);

  writeerr:
        return false;
}

/*
**  COPYHEADER -- copy header list
**
**      This routine is the equivalent of newstr for header lists
**
**      Parameters:
**              header -- list of header structures to copy.
**              rpool -- resource pool, or NULL
**
**      Returns:
**              a copy of 'header'.
**
**      Side Effects:
**              none.
*/

HDR *
copyheader(header, rpool)
        register HDR *header;
        SM_RPOOL_T *rpool;
{
        register HDR *newhdr;
        HDR *ret;
        register HDR **tail = &ret;

        while (header != NULL)
        {
                newhdr = (HDR *) sm_rpool_malloc_x(rpool, sizeof(*newhdr));
                STRUCTCOPY(*header, *newhdr);
                *tail = newhdr;
                tail = &newhdr->h_link;
                header = header->h_link;
        }
        *tail = NULL;

        return ret;
}

/*
**  FIX_MIME_HEADER -- possibly truncate/rebalance parameters in a MIME header
**
**      Run through all of the parameters of a MIME header and
**      possibly truncate and rebalance the parameter according
**      to MaxMimeFieldLength.
**
**      Parameters:
**              h -- the header to truncate/rebalance
**              e -- the current envelope
**
**      Returns:
**              length of last offending field, 0 if all ok.
**
**      Side Effects:
**              string modified in place
*/

static size_t
fix_mime_header(h, e)
        HDR *h;
        ENVELOPE *e;
{
        char *begin = h->h_value;
        char *end;
        size_t len = 0;
        size_t retlen = 0;

        if (begin == NULL || *begin == '\0')
                return 0;

        /* Split on each ';' */
        /* find_character() never returns NULL */
        while ((end = find_character(begin, ';')) != NULL)
        {
                char save = *end;
                char *bp;

                *end = '\0';

                len = strlen(begin);

                /* Shorten individual parameter */
                if (shorten_rfc822_string(begin, MaxMimeFieldLength))
                {
                        if (len < MaxMimeFieldLength)
                        {
                                /* we only rebalanced a bogus field */
                                sm_syslog(LOG_ALERT, e->e_id,
                                          "Fixed MIME %s header field (possible attack)",
                                          h->h_field);
                                if (tTd(34, 11))
                                        sm_dprintf("  fixed MIME %s header field (possible attack)\n",
                                                   h->h_field);
                        }
                        else
                        {
                                /* we actually shortened the header */
                                retlen = len;
                        }
                }

                /* Collapse the possibly shortened string with rest */
                bp = begin + strlen(begin);
                if (bp != end)
                {
                        char *ep = end;

                        *end = save;
                        end = bp;

                        /* copy character by character due to overlap */
                        while (*ep != '\0')
                                *bp++ = *ep++;
                        *bp = '\0';
                }
                else
                        *end = save;
                if (*end == '\0')
                        break;

                /* Move past ';' */
                begin = end + 1;
        }
        return retlen;
}
Illumos
