From c30fc43f400370d2dfe89c36449d290ba3e73a8c Mon Sep 17 00:00:00 2001
From: Frédéric Buclin <LpSolit@gmail.com>
Date: Tue, 21 Oct 2014 12:07:31 +0200
Subject: Bug 1083737: Validate the smtpserver parameter r=dkl a=glob

---
 Bugzilla/Config/Common.pm | 31 ++++++++++++++++++++++++++++++-
 Bugzilla/Config/MTA.pm    |  3 ++-
 2 files changed, 32 insertions(+), 2 deletions(-)

(limited to 'Bugzilla/Config')

diff --git a/Bugzilla/Config/Common.pm b/Bugzilla/Config/Common.pm
index 9f38436e8..fe6a2c2c0 100644
--- a/Bugzilla/Config/Common.pm
+++ b/Bugzilla/Config/Common.pm
@@ -29,7 +29,7 @@ use parent qw(Exporter);
        check_mail_delivery_method check_notification check_utf8
        check_bug_status check_smtp_auth check_theschwartz_available
        check_maxattachmentsize check_email check_smtp_ssl
-       check_comment_taggers_group
+       check_comment_taggers_group check_smtp_server
 );
 
 # Checking functions for the various values
@@ -342,6 +342,33 @@ sub check_notification {
     return "";
 }
 
+sub check_smtp_server {
+    my $host = shift;
+    my $port;
+
+    if ($host =~ /:/) {
+        ($host, $port) = split(/:/, $host, 2);
+        unless ($port && detaint_natural($port)) {
+            return "Invalid port. It must be an integer (typically 25, 465 or 587)";
+        }
+    }
+    trick_taint($host);
+    # Let's first try to connect using SSL. If this fails, we fall back to
+    # an unencrypted connection.
+    foreach my $method (['Net::SMTP::SSL', 465], ['Net::SMTP', 25]) {
+        my ($class, $default_port) = @$method;
+        next if $class eq 'Net::SMTP::SSL' && !Bugzilla->feature('smtp_ssl');
+        eval "require $class";
+        my $smtp = $class->new($host, Port => $port || $default_port, Timeout => 5);
+        if ($smtp) {
+            # The connection works!
+            $smtp->quit;
+            return '';
+        }
+    }
+    return "Cannot connect to $host" . ($port ? " using port $port" : "");
+}
+
 sub check_smtp_auth {
     my $username = shift;
     if ($username and !Bugzilla->feature('smtp_auth')) {
@@ -498,6 +525,8 @@ valid group is provided.
 
 =item check_shadowdb
 
+=item check_smtp_server
+
 =item check_smtp_auth
 
 =item check_url
diff --git a/Bugzilla/Config/MTA.pm b/Bugzilla/Config/MTA.pm
index 7be439bf6..467bdab3f 100644
--- a/Bugzilla/Config/MTA.pm
+++ b/Bugzilla/Config/MTA.pm
@@ -42,7 +42,8 @@ sub get_param_list {
   {
    name => 'smtpserver',
    type => 't',
-   default => 'localhost'
+   default => 'localhost',
+   checker => \&check_smtp_server
   },
   {
    name => 'smtp_username',
-- 
cgit v1.2.3-24-g4f1b