From 40525d07a858c90293bc09188fb539a1cec3f8aa Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 6 May 2017 21:01:45 +0100 Subject: [PATCH] Teach SMTP input sync check ("input sent too soon") about SMTP input buffering --- doc/doc-txt/ChangeLog | 5 +++++ src/src/smtp_in.c | 13 +++++++++++-- test/log/0901 | 2 +- test/rejectlog/0901 | 2 +- test/scripts/0000-Basic/0901 | 8 ++++---- test/scripts/2000-GnuTLS/2031 | 4 ++-- test/scripts/5730-OCSP-GnuTLS-events/5730 | 4 ++-- test/stdout/0901 | 8 ++++---- 8 files changed, 30 insertions(+), 16 deletions(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index a7b441e64..aca12ea00 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -73,6 +73,11 @@ JH/11 Bug 2104: Fix continued use of a transport connection with TLS. In the which naturally failed, giving a failed delivery and bloating the retry database. Investigation and fix prototype from Wolfgang Breyha. +JH/12 Fix check on SMTP command input synchronisation. Previously there were + false-negatives in the check that the sender had not preempted a response + or prompt from Exim (running as a server), due to that code's lack of + awareness of the SMTP input buferring. + Exim version 4.89 ----------------- diff --git a/src/src/smtp_in.c b/src/src/smtp_in.c index 01c12caf6..8832908f3 100644 --- a/src/src/smtp_in.c +++ b/src/src/smtp_in.c @@ -343,6 +343,9 @@ if (!smtp_enforce_sync || sender_host_address == NULL || sender_host_notsocket || tls_in.active >= 0) return TRUE; +if (smtp_inptr < smtp_inend) + return FALSE; + fd = fileno(smtp_in); FD_ZERO(&fds); FD_SET(fd, &fds); @@ -532,12 +535,15 @@ for(;;) if (!pipelining_advertised && !check_sync()) { + unsigned n = smtp_inend - smtp_inptr; + if (n > 32) n = 32; + incomplete_transaction_log(US"sync failure"); log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol synchronization error " "(next input sent too soon: pipelining was not advertised): " "rejected \"%s\" %s next input=\"%s\"", smtp_cmd_buffer, host_and_ident(TRUE), - string_printing(smtp_inptr)); + string_printing(string_copyn(smtp_inptr, n))); (void) synprot_error(L_smtp_protocol_error, 554, NULL, US"SMTP synchronization error"); goto repeat_until_rset; @@ -2863,10 +2869,13 @@ this synchronisation check is disabled. */ if (!check_sync()) { + unsigned n = smtp_inend - smtp_inptr; + if (n > 32) n = 32; + log_write(0, LOG_MAIN|LOG_REJECT, "SMTP protocol " "synchronization error (input sent without waiting for greeting): " "rejected connection from %s input=\"%s\"", host_and_ident(TRUE), - string_printing(smtp_inptr)); + string_printing(string_copyn(smtp_inptr, n))); smtp_printf("554 SMTP synchronization error\r\n"); return FALSE; } diff --git a/test/log/0901 b/test/log/0901 index cd8c52e75..0297a8915 100644 --- a/test/log/0901 +++ b/test/log/0901 @@ -10,6 +10,6 @@ 1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data 1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data 1999-03-02 09:44:33 10HmbD-0005vi-00 <= someone8@some.domain H=(tester) [127.0.0.1] P=esmtp K S=sss for CALLER@test.ex -1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "bdat 1" H=(tester) [127.0.0.1] next input="bdat 87 last\r\n" +1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "BDAT 1" H=(tester) [127.0.0.1] next input="BDAT 87 last\r\n" 1999-03-02 09:44:33 SMTP call from (tester) [127.0.0.1] dropped: too many syntax or protocol errors (last command was "From: Sam@random.com") 1999-03-02 09:44:33 SMTP connection from (tester) [127.0.0.1] lost while reading message data (header) diff --git a/test/rejectlog/0901 b/test/rejectlog/0901 index a7f8f0692..f75d9d270 100644 --- a/test/rejectlog/0901 +++ b/test/rejectlog/0901 @@ -1,6 +1,6 @@ ******** SERVER ******** -1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "bdat 1" H=(tester) [127.0.0.1] next input="bdat 87 last\r\n" +1999-03-02 09:44:33 SMTP protocol synchronization error (next input sent too soon: pipelining was not advertised): rejected "BDAT 1" H=(tester) [127.0.0.1] next input="BDAT 87 last\r\n" Envelope-from: Envelope-to: 1999-03-02 09:44:33 SMTP call from (tester) [127.0.0.1] dropped: too many syntax or protocol errors (last command was "From: Sam@random.com") diff --git a/test/scripts/0000-Basic/0901 b/test/scripts/0000-Basic/0901 index 9908d5ecd..5e88c5ae9 100644 --- a/test/scripts/0000-Basic/0901 +++ b/test/scripts/0000-Basic/0901 @@ -243,12 +243,12 @@ ehlo tester ??? 250-8BITMIME ??? 250-CHUNKING ??? 250 HELP -mail from:someone9@some.domain +MAIL FROM:someone9@some.domain ??? 250 -rcpt to:CALLER@test.ex +RCPT TO:CALLER@test.ex ??? 250 -bdat 1\r\nTbdat 87 last -To: Susan@random.com +BDAT 1\r\nTBDAT 87 last +o: Susan@random.com From: Sam@random.com Subject: This is a bodyless test message diff --git a/test/scripts/2000-GnuTLS/2031 b/test/scripts/2000-GnuTLS/2031 index 65b529093..76186b5e4 100644 --- a/test/scripts/2000-GnuTLS/2031 +++ b/test/scripts/2000-GnuTLS/2031 @@ -6,14 +6,14 @@ exim -DSERVER=server -bd -oX PORT_D exim CALLER@test.ex Test message. **** -millisleep 500 +millisleep 700 # # # Extended: server uses SNI to choose certificate exim abcd@test.ex Test message. **** -millisleep 500 +millisleep 700 # # killdaemon diff --git a/test/scripts/5730-OCSP-GnuTLS-events/5730 b/test/scripts/5730-OCSP-GnuTLS-events/5730 index d22a1aa1f..11c3a867f 100644 --- a/test/scripts/5730-OCSP-GnuTLS-events/5730 +++ b/test/scripts/5730-OCSP-GnuTLS-events/5730 @@ -21,7 +21,7 @@ exim -bd -oX PORT_D -DSERVER=server \ exim norequire@test.ex test message. **** -millisleep 500 +millisleep 700 # # # @@ -30,7 +30,7 @@ millisleep 500 exim nostaple@test.ex test message. **** -millisleep 500 +millisleep 700 # # # diff --git a/test/stdout/0901 b/test/stdout/0901 index 99eb81231..a982ac8b6 100644 --- a/test/stdout/0901 +++ b/test/stdout/0901 @@ -324,14 +324,14 @@ Connecting to 127.0.0.1 port 1225 ... connected <<< 250-CHUNKING ??? 250 HELP <<< 250 HELP ->>> mail from:someone9@some.domain +>>> MAIL FROM:someone9@some.domain ??? 250 <<< 250 OK ->>> rcpt to:CALLER@test.ex +>>> RCPT TO:CALLER@test.ex ??? 250 <<< 250 Accepted ->>> bdat 1\r\nTbdat 87 last ->>> To: Susan@random.com +>>> BDAT 1\r\nTBDAT 87 last +>>> o: Susan@random.com >>> From: Sam@random.com >>> Subject: This is a bodyless test message >>> -- 2.30.2