check a length when validating an email

An email address has two parts: - the local part (before the "@") = max 64 characters - the domain part (after the "@") = max 255 characters So maximum length is 64 + @ + 255 = 320 characters https://www.rfc-editor.org/rfc/rfc5321.html#section-4.5.3.1
2024-09-08 02:05:43 +02:00
parent 8634716aa7
commit a6ca71b131
1 changed files with 20 additions and 10 deletions
--- a/winixd/core/misc.cpp
+++ b/winixd/core/misc.cpp
@@ -5,7 +5,7 @@
 */

 /* 
- * Copyright (c) 2008-2023, Tomasz Sowa
+ * Copyright (c) 2008-2024, Tomasz Sowa
 * All rights reserved.
 * 
 * Redistribution and use in source and binary forms, with or without
@@ -820,8 +820,12 @@ return correct;

 bool ValidateEmail(const wchar_t * email)
 {
-	int at				= 0;	// how many '@'
-	int dots_after_at	= 0;	// how many dots in the domain part
+	int at				= 0;              // how many '@'
+	int dots_after_at	= 0;              // how many dots in the domain part
+	const size_t address_max_length = 64; // the max length before a '@'
+	const size_t domain_max_length = 255; // the max length after a '@'
+	size_t address_length = 0;
+	size_t domain_length = 0;

 	for(size_t i=0 ; email[i] != 0 ; ++i)
 	{
@@ -829,16 +833,22 @@ bool ValidateEmail(const wchar_t * email)
 			return false;
 				
 		if( email[i] == '@' )
+		{
 			++at;
+		}
+		else
+		{
+			if( at == 0 )
+				address_length += 1;
+			else
+				domain_length += 1;

-		if( email[i] == '.' && at > 0 )
-			++dots_after_at;
+			if( email[i] == '.' && at > 0 )
+				++dots_after_at;
+		}
 	}

-	if( at != 1 || dots_after_at == 0 )
-		return false;
-	
-return true;
+	return at == 1 && dots_after_at > 0 && address_length <= address_max_length && domain_length <= domain_max_length;
 }