From c9c6d9107387fd09d3b26206c81a66326f138de9 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Thu, 9 Jun 2016 16:34:25 +0200
Subject: [PATCH] catch malformed mailto/mailfrom in sendmail

---
 src/PVE/Tools.pm | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/src/PVE/Tools.pm b/src/PVE/Tools.pm
index 58a2006..039c9fb 100644
--- a/src/PVE/Tools.pm
+++ b/src/PVE/Tools.pm
@@ -1224,19 +1224,24 @@ sub sync_mountpoint {
 # mailto may be a single email string or an array of receivers
 sub sendmail {
     my ($mailto, $subject, $text, $html, $mailfrom, $author) = @_;
+    my $mail_re = qr/[^-a-zA-Z0-9+._@]/;
 
     $mailto = [ $mailto ] if !ref($mailto);
 
-    my $rcvrarg = '';
-    foreach my $r (@$mailto) {
-	$rcvrarg .= " '$r'";
+    foreach (@$mailto) {
+	die "illegal character in mailto address\n"
+	    if ($_ =~ $mail_re);
     }
+
     my $rcvrtxt = join (', ', @$mailto);
 
     $mailfrom = $mailfrom || "root";
+    die "illegal character in mailfrom address\n"
+	if $mailfrom =~ $mail_re;
+
     $author = $author || 'Proxmox VE';
 
-    open (MAIL,"|sendmail -B 8BITMIME -f $mailfrom $rcvrarg") ||
+    open (MAIL, "|-", "sendmail", "-B", "8BITMIME", "-f", $mailfrom, @$mailto) ||
 	die "unable to open 'sendmail' - $!";
 
     # multipart spec see https://www.ietf.org/rfc/rfc1521.txt
-- 
2.39.2