feat: relax email requirements (#7829)

The current email restrictions were put in place because of a security issue with sendmail (https://github.com/go-gitea/gitea/pull/17688). Remove this restriction and instead ensure that this security issue cannot happen with sendmail. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7829 Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org> Reviewed-by: Gusted <gusted@noreply.codeberg.org> Co-authored-by: famfo <famfo@famfo.xyz> Co-committed-by: famfo <famfo@famfo.xyz>
2025-08-05 18:05:19 +02:00 · 2025-05-22 12:20:25 +02:00 · 2025-05-22 12:20:25 +02:00 · dda37e86bd
commit dda37e86bd
parent de1adf224d
11 changed files with 45 additions and 46 deletions
--- a/modules/setting/mailer.go
+++ b/modules/setting/mailer.go
@ -215,6 +215,11 @@ func loadMailerFrom(rootCfg ConfigProvider) {
 		if err != nil {
 			log.Error("Failed to parse Sendmail args: '%s' with error %v", sec.Key("SENDMAIL_ARGS").String(), err)
 		}
+
+		if len(MailService.SendmailArgs) == 0 || MailService.SendmailArgs[len(MailService.SendmailArgs)-1] != "--" {
+			log.Warn("SENDMAIL_ARGS setting does not end in \"--\", appending it to prevent argument injection")
+			MailService.SendmailArgs = append(MailService.SendmailArgs, "--")
+		}
 	case "smtp", "smtps", "smtp+starttls", "smtp+unix":
 		ips := tryResolveAddr(MailService.SMTPAddr)
 		if MailService.Protocol == "smtp" {
--- a/modules/setting/mailer_test.go
+++ b/modules/setting/mailer_test.go
@ -51,4 +51,28 @@ func Test_loadMailerFrom(t *testing.T) {
 		assert.Equal(t, "jane.doe@example.com", MailService.User)
 		assert.Equal(t, "y0u'll n3v3r gUess th1S!!1", MailService.Passwd)
 	})
+
+	t.Run("sendmail argument sanitization", func(t *testing.T) {
+		cfg, _ := NewConfigProviderFromData("")
+		sec := cfg.Section("mailer")
+		sec.NewKey("ENABLED", "true")
+		sec.NewKey("PROTOCOL", "sendmail")
+		sec.NewKey("SENDMAIL_ARGS", "-B 8BITMIME")
+
+		loadMailerFrom(cfg)
+
+		assert.Equal(t, []string{"-B", "8BITMIME", "--"}, MailService.SendmailArgs)
+	})
+
+	t.Run("empty sendmail args", func(t *testing.T) {
+		cfg, _ := NewConfigProviderFromData("")
+		sec := cfg.Section("mailer")
+		sec.NewKey("ENABLED", "true")
+		sec.NewKey("PROTOCOL", "sendmail")
+		sec.NewKey("SENDMAIL_ARGS", "")
+
+		loadMailerFrom(cfg)
+
+		assert.Equal(t, []string{"--"}, MailService.SendmailArgs)
+	})
 }