Bug#807258: Logged transaction

2015-12-08 Thread Andreas Beckmann 
#0  fmtmsg (to=0x8de4b0 "testuser", num=num@entry=0x4a1e43 "550", enhsc=0x0, 
eno=eno@entry=0, fmt=fmt@entry=0x4a2871 "%s", ap=ap@entry=0x7ffde99f8358, 
eb=0x76be20  "")
at err.c:920
#1  0x00430416 in usrerr (fmt=fmt@entry=0x4a2871 "%s") at err.c:299
#2  0x00476614 in smtp (nullserver=nullserver@entry=0x0, 
d_flags=d_flags@entry=0x765238 , e=e@entry=0x6c8b40 
) at srvrsmtp.c:3065
#3  0x0040a6b6 in main (argc=6, argv=0x7ffde9a00148, envp=) at main.c:2711

caused by debian/patches/format-security.patch which turns
  usrerr("451 4.7.1 Greylisting in action, please come back in 00:30:00")
into
  usrerr("%s", "451 4.7.1 Greylisting in action, please come back in 00:30:00")
and "%s" does not start with a smtp status code ... resulting in "550" from 
"num" 
parameter being used instead.

Help would be welcome for a proper fix. From a hardening POV this patch is 
needed
- we cannot pass an untrusted string (the status string returned by 
milter-greylist)
as a format string to printf.



Andreas

Bug#807258: Logged transaction

2015-12-08 Thread BERTRAND Joël 
250-rayleigh.systella.fr Hello mta.partenaire.viadeo.com 
[136.147.180.10], pleased to meet you

250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH NTLM PLAIN LOGIN
250-STARTTLS
250-DELIVERBY
250 HELP

10:25:15.695375 IP mta.partenaire.viadeo.com.39783 > 
rayleigh.systella.fr.smtp: Flags [P.], seq 33:181, ack 471, win 131, 
options [nop,nop,TS val 704029822 ecr 312631110], length 148: SMTP: MAIL 
FROM: 
BODY=8BITMIME

EP@.-..
.g...>.._4.RM..
)..~.._FMAIL 
FROM: 
BODY=8BITMIME

RCPT TO:
DATA

10:25:15.733941 IP rayleigh.systella.fr.smtp > 
mta.partenaire.viadeo.com.39783: Flags [.], ack 181, win 234, options 
[nop,nop,TS val 312631148 ecr 704029822], length 0

E..4.l@.@.e
...g_4.R.>.G.z.
.._l)..~
10:25:16.471353 IP rayleigh.systella.fr.smtp > 
mta.partenaire.viadeo.com.39783: Flags [P.], seq 471:706, ack 181, win 
234, options [nop,nop,TS val 312631332 ecr 704029822], length 235: SMTP: 
250 2.1.0 
... 
Sender ok

Em@.@.d#...
...g_4.R.>.G...
..`$)..~250 2.1.0 
... 
Sender ok
550 ... 451 4.7.1 Greylisting in 
action, please come back in 00:10:00

503 5.0.0 Need RCPT (recipient)

I don't understand following line :
550 ... 451 4.7.1 Greylisting in 
action, please come back in 00:10:00


Why 550 and 451 on the _same_ line ?

Best regards,

JKB