K9 permits the injection of control characters into email addresses such that the SMTP session breaks and the outgoing email is lost.
Expected behavior
Display of the complete server error message via a notification
Store the not-yet-send email message in the outbox or draft directory for inspection and fixing.
Or ideally:
Sanitize the email address that is retrieved via 'Add from Contacts'. Especially remove leading/trailing control characters like newline or carriage-return. Otherwise detect characters that are invalid in email addresses and don't insert them verbatim into a SMTP session.
Actual behavior
K9 just displays a truncated server error message.
K9 drops the problematic email message. That means the content of a potentially long and important email is lost.
K9 inserts an email address with invalid characters verbatim into a SMTP session.
K9 stacktrace from adb logcat:
06-20 22:44:45.639 18226 18272 E k9 : Failed to send message
06-20 22:44:45.639 18226 18272 E k9 : com.fsck.k9.mail.transport.SmtpTransport$NegativeSmtpReplyException: Negative SMTP reply: 501 5.1.3 Bad recipient address syntax
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.mail.transport.SmtpTransport.checkLine(SmtpTransport.java:639)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.mail.transport.SmtpTransport.executeSimpleCommand(SmtpTransport.java:680)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.mail.transport.SmtpTransport.executeSimpleCommand(SmtpTransport.java:644)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.mail.transport.SmtpTransport.sendMessageTo(SmtpTransport.java:523)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.mail.transport.SmtpTransport.sendMessage(SmtpTransport.java:496)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.controller.MessagingController.sendPendingMessagesSynchronous(MessagingController.java:3014)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.controller.MessagingController.access$1700(MessagingController.java:115)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.controller.MessagingController$21.run(MessagingController.java:2895)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.controller.MessagingController.runInBackground(MessagingController.java:204)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.controller.MessagingController.access$000(MessagingController.java:115)
06-20 22:44:45.639 18226 18272 E k9 : at com.fsck.k9.controller.MessagingController$1.run(MessagingController.java:173)
06-20 22:44:45.639 18226 18272 E k9 : at java.lang.Thread.run(Thread.java:761)
Truncated K9 notification text (really is truncated, can't be expanded):
Failed to send some messages
Negative SMTP reply: 501 5.1.3 Bad recipient address synt..
Snippet from verbose postfix log:
Jun 20 23:08:32 example.com postfix/smtpd[9010]: < client.example.net: RCPT TO:<juser@example.org
Jun 20 23:08:32 example.com postfix/smtpd[9010]: > client.example.net: 501 5.1.3 Bad recipient address syntax
Note how the closing > character is missing after the email address, because the email-address plus newline characters is inserted as-is into the SMTP session.
Steps to reproduce
Create a contact with an email address that ends with a newline character (i.e. 0xa), e.g.:
Create a QR code on a computer: echo juser@example.org | qrcode (the QR code contains a trailing newline character)
Scan it on android with the ZXing Barcode Scanner app (which automatically copies it into the clipboard - including the trailing newline)
Create a new contact in the contact app
Paste the email address into the contact (the trailing newline character is pasted, as well)
Save the contact
Start K9
Compose new email
Select recipient with problematic email address via 'Add from Contacts'
Send the mail (ideally with postfix as outgoing SMTP server)
Environment
K-9 Mail version: 5.206
Android version: LineageOS 14.1 (Android 7.1.2)
Account type (IMAP, POP3, WebDAV/Exchange):
IMAP+SMTP
K9 permits the injection of control characters into email addresses such that the SMTP session breaks and the outgoing email is lost.
Expected behavior
Or ideally:
Sanitize the email address that is retrieved via 'Add from Contacts'. Especially remove leading/trailing control characters like newline or carriage-return. Otherwise detect characters that are invalid in email addresses and don't insert them verbatim into a SMTP session.
Actual behavior
K9 inserts an email address with invalid characters verbatim into a SMTP session.
K9 stacktrace from
adb logcat
:Truncated K9 notification text (really is truncated, can't be expanded):
Snippet from verbose postfix log:
Note how the closing
>
character is missing after the email address, because the email-address plus newline characters is inserted as-is into the SMTP session.Steps to reproduce
echo juser@example.org | qrcode
(the QR code contains a trailing newline character)Environment
K-9 Mail version: 5.206
Android version: LineageOS 14.1 (Android 7.1.2)
Account type (IMAP, POP3, WebDAV/Exchange): IMAP+SMTP
Postfix Version: 2.10.1