From: MegaBrutal <code+git@megabrutal.com>
Date: Fri, 23 Nov 2018 23:30:30 +0000 (+0100)
Subject: Block more HTTP request methods
X-Git-Url: http://git.megabrutal.com/?p=mgsmtp.git;a=commitdiff_plain;h=HEAD

Block more HTTP request methods

Block PUT, DELETE, CONNECT, OPTIONS, PATCH, and TRACE as well.

	modified:   Listener.pas
---

diff --git a/Listener.pas b/Listener.pas
index 52d753d..fd607c9 100644
--- a/Listener.pas
+++ b/Listener.pas
@@ -230,7 +230,9 @@ begin
 
          if (Length(Cmd) = 0) or (not ReadSucceeded) or UnexpectedFail then { Nothing. }
 
-         else if (Cmd = 'GET') or (Cmd = 'HEAD') or (Cmd = 'POST') then begin
+         else if (Cmd = 'GET') or (Cmd = 'HEAD') or (Cmd = 'PUT') or (Cmd = 'POST')
+            or (Cmd = 'DELETE') or (Cmd = 'CONNECT') or (Cmd = 'OPTIONS')
+            or (Cmd = 'PATCH') or (Cmd = 'TRACE') then begin
             SendAndLogResponse(SMTP_R_SERVICE_NA, 'Please learn to speak SMTP for I won''t speak HTTP. Stop abusing my service!');
             UnexpectedFail:= true;
          end