From 7b564712ff3a235ce9ef42ffa4036023057f295e Mon Sep 17 00:00:00 2001 From: Jeremy Harris Date: Sat, 3 Aug 2019 22:22:58 +0100 Subject: [PATCH] Callouts: filter smtp response for bad chars before using in our smtp response. Bug 2409 --- doc/doc-txt/ChangeLog | 3 +++ src/src/verify.c | 20 ++++++++++++++++++++ test/log/0227 | 3 +++ test/rejectlog/0227 | 3 +++ test/scripts/0000-Basic/0227 | 34 +++++++++++++++++++++++++++++++++- test/stderr/0227 | 34 ++++++++++++++++++++++++++++++++++ test/stdout/0227 | 31 +++++++++++++++++++++++++++++++ 7 files changed, 127 insertions(+), 1 deletion(-) diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index 9af9a9759..7fca99b62 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -161,6 +161,9 @@ JH/34 Fix crash after TLS shutdown. When the TCP/SMTP channel was left open, an attempt to use a TLS library read routine dereffed a nul pointer, causing a segfault. +JH/35 Bug 2409: filter out-of-spec chars from callout response before using + them in our smtp response. + Exim version 4.92 ----------------- diff --git a/src/src/verify.c b/src/src/verify.c index 4422b4ad1..60579668b 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -1001,6 +1001,26 @@ no_conn: string_sprintf("response to \"%s\" was: %s", big_buffer, string_printing(sx.buffer)); + /* RFC 5321 section 4.2: the text portion of the response may have only + HT, SP, Printable US-ASCII. Deal with awkward chars by cutting the + received message off before passing it onward. Newlines are ok; they + just become a multiline response (but wrapped in the error code we + produce). */ + + for (uschar * s = sx.buffer; + *s && s < sx.buffer + sizeof(sx.buffer); + s++) + { + uschar c = *s; + if (c != '\t' && c != '\n' && (c < ' ' || c > '~')) + { + if (s - sx.buffer < sizeof(sx.buffer) - 12) + memcpy(s, "(truncated)", 12); + else + *s = '\0'; + break; + } + } addr->user_message = options & vopt_is_recipient ? string_sprintf("Callout verification failed:\n%s", sx.buffer) : string_sprintf("Called: %s\nSent: %s\nResponse: %s", diff --git a/test/log/0227 b/test/log/0227 index eeabf702c..4ca892aa0 100644 --- a/test/log/0227 +++ b/test/log/0227 @@ -6,8 +6,11 @@ 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550-Multiline error for <>\n550 Here's the second line 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Bad-char error for <> topbitchar:\200\377\377 +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550-Recipient not liked on two lines\n550 Here's the second +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked, with bad char:\200\377\377 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete recipient verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line 1999-03-02 09:44:33 10HmaY-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line diff --git a/test/rejectlog/0227 b/test/rejectlog/0227 index da5adfc84..f24b9c151 100644 --- a/test/rejectlog/0227 +++ b/test/rejectlog/0227 @@ -6,8 +6,11 @@ 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550-Multiline error for <>\n550 Here's the second line 1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Bad-char error for <> topbitchar:\200\377\377 +1999-03-02 09:44:33 H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550-Recipient not liked on two lines\n550 Here's the second +1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked, with bad char:\200\377\377 1999-03-02 09:44:33 H=[V4NET.0.0.3] U=root F= temporarily rejected RCPT : Could not complete recipient verify callout 1999-03-02 09:44:33 10HmaX-0005vi-00 H=[V4NET.0.0.4] U=root F= rejected after DATA: there is no valid sender in any header line Envelope-from: diff --git a/test/scripts/0000-Basic/0227 b/test/scripts/0000-Basic/0227 index e53c1da7f..ac7bcb05c 100644 --- a/test/scripts/0000-Basic/0227 +++ b/test/scripts/0000-Basic/0227 @@ -83,7 +83,7 @@ MAIL FROM QUIT 250 OK **** -# sender, err on mailfrom +# sender, multiline err on mailfrom sudo exim -v -bs -oMa V4NET.0.0.1 MAIL FROM: RCPT TO: @@ -94,6 +94,21 @@ server PORT_S EHLO 250 OK MAIL FROM +550 Bad-char error for <> topbitchar:\x80\xFF\xFF +QUIT +250 OK +**** +# sender, err on mailfrom, with bad char +sudo exim -v -bs -oMa V4NET.0.0.1 +MAIL FROM: +RCPT TO: +QUIT +**** +server PORT_S +220 Server ready +EHLO +250 OK +MAIL FROM 250 OK RCPT TO 550 Recipient not liked @@ -124,6 +139,23 @@ MAIL FROM: RCPT TO: QUIT **** +server PORT_S +220 Server ready +EHLO +250 OK +MAIL FROM +250 OK +RCPT TO +550 Recipient not liked, with bad char:\x80\xFF\xFF +QUIT +250 OK +**** +# recipient, refused, badchar in resp +sudo exim -v -bs -oMa V4NET.0.0.3 +MAIL FROM: +RCPT TO: +QUIT +**** # recipient, no conneect sudo exim -v -bs -oMa V4NET.0.0.3 MAIL FROM: diff --git a/test/stderr/0227 b/test/stderr/0227 index 768c81098..36e6ee75d 100644 --- a/test/stderr/0227 +++ b/test/stderr/0227 @@ -92,6 +92,23 @@ LOG: smtp_connection MAIN SMTP connection from root closed by QUIT LOG: smtp_connection MAIN SMTP connection from root +Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected + SMTP<< 220 Server ready + SMTP>> EHLO myhost.test.ex + SMTP<< 250 OK + SMTP>> MAIL FROM:<> + SMTP<< 550 Bad-char error for <> topbitchar:€ÿÿ + SMTP>> QUIT + SMTP<< 250 OK + SMTP(close)>> +LOG: MAIN REJECT + H=[V4NET.0.0.1] U=root sender verify fail for : 127.0.0.1 [127.0.0.1] : response to "MAIL FROM:<>" was: 550 Bad-char error for <> topbitchar:\200\377\377 +LOG: MAIN REJECT + H=[V4NET.0.0.1] U=root F= rejected RCPT : Sender verify failed +LOG: smtp_connection MAIN + SMTP connection from root closed by QUIT +LOG: smtp_connection MAIN + SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected SMTP<< 220 Server ready SMTP>> EHLO myhost.test.ex @@ -127,6 +144,23 @@ LOG: smtp_connection MAIN SMTP connection from root closed by QUIT LOG: smtp_connection MAIN SMTP connection from root +Connecting to 127.0.0.1 [127.0.0.1]:1224 ... connected + SMTP<< 220 Server ready + SMTP>> EHLO myhost.test.ex + SMTP<< 250 OK + SMTP>> MAIL FROM:<> + SMTP<< 250 OK + SMTP>> RCPT TO: + SMTP<< 550 Recipient not liked, with bad char:€ÿÿ + SMTP>> QUIT + SMTP<< 250 OK + SMTP(close)>> +LOG: MAIN REJECT + H=[V4NET.0.0.3] U=root F= rejected RCPT : 127.0.0.1 [127.0.0.1] : SMTP error from remote mail server after RCPT TO:: 550 Recipient not liked, with bad char:\200\377\377 +LOG: smtp_connection MAIN + SMTP connection from root closed by QUIT +LOG: smtp_connection MAIN + SMTP connection from root Connecting to 127.0.0.1 [127.0.0.1]:1224 ... failed: Connection refused Connecting to ip4.ip4.ip4.ip4 [ip4.ip4.ip4.ip4]:1224 ... failed: Connection refused LOG: MAIN REJECT diff --git a/test/stdout/0227 b/test/stdout/0227 index 9ee7e9f54..ff5f1359b 100644 --- a/test/stdout/0227 +++ b/test/stdout/0227 @@ -38,6 +38,10 @@ 221 myhost.test.ex closing connection 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 250 OK +550 Sender verify failed +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 OK 550-Callout verification failed: 550 550 Recipient not liked 221 myhost.test.ex closing connection @@ -49,6 +53,11 @@ 221 myhost.test.ex closing connection 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 250 OK +550-Callout verification failed: +550 550 Recipient not liked, with bad char:(truncated) +221 myhost.test.ex closing connection +220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 +250 OK 451 Could not complete recipient verify callout 221 myhost.test.ex closing connection 220 myhost.test.ex ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 @@ -192,6 +201,16 @@ Connection request from [127.0.0.1] EHLO myhost.test.ex 250 OK MAIL FROM:<> +550 Bad-char error for <> topbitchar:€ÿÿ +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250 OK +MAIL FROM:<> 250 OK RCPT TO: 550 Recipient not liked @@ -218,6 +237,18 @@ EHLO myhost.test.ex 250 OK MAIL FROM:<> 250 OK +RCPT TO: +550 Recipient not liked, with bad char:€ÿÿ +QUIT +250 OK +End of script +Listening on port 1224 ... +Connection request from [127.0.0.1] +220 Server ready +EHLO myhost.test.ex +250 OK +MAIL FROM:<> +250 OK RCPT TO: 550 Not liked QUIT -- 2.30.2