(james-jspf) 01/02: [ENHANCEMENT] Reject clearly linebreaks in input / output

[btellier]

This is an automated email from the ASF dual-hosted git repository.

chibenwa pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-jspf.git

commit bd72bcb83da4ca3b774d5962d9684acf82f7a7ca
Author: Benoit TELLIER <btell...@linagora.com>
AuthorDate: Sat Apr 25 22:32:48 2026 +0200

    [ENHANCEMENT] Reject clearly linebreaks in input / output
---
 .../src/main/java/org/apache/james/jspf/core/MacroExpand.java  |  3 +++
 .../src/main/java/org/apache/james/jspf/core/SPFSession.java   | 10 ++++++++++
 2 files changed, 13 insertions(+)

diff --git a/resolver/src/main/java/org/apache/james/jspf/core/MacroExpand.java 
b/resolver/src/main/java/org/apache/james/jspf/core/MacroExpand.java
index 578c671..4a882c8 100644
--- a/resolver/src/main/java/org/apache/james/jspf/core/MacroExpand.java
+++ b/resolver/src/main/java/org/apache/james/jspf/core/MacroExpand.java
@@ -239,6 +239,9 @@ public class MacroExpand {
         }
         
         String domainName = expandMacroString(input, macroData, false);
+        if (domainName.indexOf('\r') >= 0 || domainName.indexOf('\n') >= 0) {
+            throw new PermErrorException("Macro-expanded domain contains 
illegal CR or LF characters");
+        }
         // reduce to less than 255 characters, deleting subdomains from left
         int split = 0;
         while (domainName.length() > 255 && split > -1) {
diff --git a/resolver/src/main/java/org/apache/james/jspf/core/SPFSession.java 
b/resolver/src/main/java/org/apache/james/jspf/core/SPFSession.java
index 7c9cf2b..7173852 100644
--- a/resolver/src/main/java/org/apache/james/jspf/core/SPFSession.java
+++ b/resolver/src/main/java/org/apache/james/jspf/core/SPFSession.java
@@ -88,6 +88,12 @@ public class SPFSession implements MacroData {
      */
     public SPFSession(String mailFrom, String heloDomain, String clientIP) {
         super();
+        if (containsCRLF(mailFrom)) {
+            throw new IllegalArgumentException("mailFrom must not contain CR 
or LF characters");
+        }
+        if (containsCRLF(heloDomain)) {
+            throw new IllegalArgumentException("heloDomain must not contain CR 
or LF characters");
+        }
         this.mailFrom = mailFrom.trim();
         this.hostName = heloDomain.trim();
        
@@ -400,6 +406,10 @@ public class SPFSession implements MacroData {
         return currentResultExpanded;
     }
 
+    private static boolean containsCRLF(String s) {
+        return s.indexOf('\r') >= 0 || s.indexOf('\n') >= 0;
+    }
+
     @Override
     public String toString() {
         return "SPFSession{" +


---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org