Re: smtpd-filters: swap link-auth fields
On Wed, 14 Jun 2023 16:34:39 +0200, Omar Polo wrote: > the `link-auth' event hash the user first and the result of the > operation after; this breaks when a username has a '|' character in > it. Since this is triggered by the `auth login' command, anyone could > send a user with a '|' and, depending on the filter used, make smtpd > exit. (if the filter dies, smtpd does too) > > This was reported on the OpenSMTPD-portable github repository with > Gilles' opensmtpd-filter-rspamd: > > https://github.com/OpenSMTPD/OpenSMTPD/issues/1213 > > Diff below is straightforward and includes the documentation changes. > I believe link-auth was forgotten in revision 1.61 of lka_filter.c > when the mail-from/rcpt-to events got their fields swapped. OK millert@ - todd
Re: smtpd-filters: swap link-auth fields
Just released a new filter-rspamd with your diff, thanks > On 14 Jun 2023, at 19:23, Omar Polo wrote: > > Hello, > > the `link-auth' event hash the user first and the result of the > operation after; this breaks when a username has a '|' character in > it. Since this is triggered by the `auth login' command, anyone could > send a user with a '|' and, depending on the filter used, make smtpd > exit. (if the filter dies, smtpd does too) > > This was reported on the OpenSMTPD-portable github repository with > Gilles' opensmtpd-filter-rspamd: > >https://github.com/OpenSMTPD/OpenSMTPD/issues/1213 > > Diff below is straightforward and includes the documentation changes. > I believe link-auth was forgotten in revision 1.61 of lka_filter.c > when the mail-from/rcpt-to events got their fields swapped. > > For opensmtpd-filter-rspamd I have a corresponding diff that I'll send > to Gilles as it is off-topic for tech@, but here it is too if you want > to play with it: > >https://paste.omarpolo.com/9jtli2w > > To reproduce: (there may be quicker ways, this is just the first i > found) > ># pkg_add rspamd opensmtpd-filter-rspamd ># rcctl enable rspamd ># rcctl start rspamd > > add the rspamd filter to /etc/mail/smtpd.conf > >filter "rspamd" proc-exec "filter-rspamd" >listen on lo0 smtps pki localhost auth filter "rspamd" > > and try to do a login: > >$ nc -c -Tnoverify localhost 465 >helo localhost >auth login >b3xw >MTMyNA== > > > Thanks, > > Omar Polo > > > diff /usr/src > commit - 66c6b79616659a94b04092c9f103e3aa29809704 > path + /usr/src > blob - 0c63657be21352fb1f060505250f7a9ef4fc8d8c > file + usr.sbin/smtpd/lka_filter.c > --- usr.sbin/smtpd/lka_filter.c > +++ usr.sbin/smtpd/lka_filter.c > @@ -24,7 +24,7 @@ > #include "smtpd.h" > #include "log.h" > > -#definePROTOCOL_VERSION"0.6" > +#definePROTOCOL_VERSION"0.7" > > struct filter; > struct filter_session; > @@ -1461,7 +1461,7 @@ lka_report_smtp_link_auth(const char *direction, struc >fs->username = xstrdup(username); >} >report_smtp_broadcast(reqid, direction, tv, "link-auth", "%s|%s\n", > -username, result); > +result, username); > } > > void > blob - 313404c111c77b099b3855f43252c26877874b17 > file + usr.sbin/smtpd/smtpd-filters.7 > --- usr.sbin/smtpd/smtpd-filters.7 > +++ usr.sbin/smtpd/smtpd-filters.7 > @@ -271,12 +271,9 @@ This event is generated upon disconnection of the clie > the cipher suite used by the session and the cipher strength in bits. > .It Ic link-disconnect > This event is generated upon disconnection of the client. > -.It Ic link-auth : Ar username result > +.It Ic link-auth : Ar result username > This event is generated upon an authentication attempt by the client. > .Pp > -.Ar username > -contains the username used for the authentication attempt. > -.Pp > .Ar result > contains the string > .Dq pass , > @@ -284,6 +281,9 @@ depending on the result of the authentication attempt. > or > .Dq error > depending on the result of the authentication attempt. > +.Pp > +.Ar username > +contains the username used for the authentication attempt. > .It Ic tx-reset : Op message-id > This event is generated when a transaction is reset. > .Pp
Re: smtpd-filters: swap link-auth fields
On 2023/06/14 16:34:39 +0200, Omar Polo wrote: > For opensmtpd-filter-rspamd I have a corresponding diff that I'll send > to Gilles as it is off-topic for tech@, but here it is too if you want > to play with it: > > https://paste.omarpolo.com/9jtli2w apologize, this one has a stupid typo. I've opend a PR on github with an updated diff. https://github.com/poolpOrg/filter-rspamd/pull/46 sorry for the noise.
smtpd-filters: swap link-auth fields
Hello, the `link-auth' event hash the user first and the result of the operation after; this breaks when a username has a '|' character in it. Since this is triggered by the `auth login' command, anyone could send a user with a '|' and, depending on the filter used, make smtpd exit. (if the filter dies, smtpd does too) This was reported on the OpenSMTPD-portable github repository with Gilles' opensmtpd-filter-rspamd: https://github.com/OpenSMTPD/OpenSMTPD/issues/1213 Diff below is straightforward and includes the documentation changes. I believe link-auth was forgotten in revision 1.61 of lka_filter.c when the mail-from/rcpt-to events got their fields swapped. For opensmtpd-filter-rspamd I have a corresponding diff that I'll send to Gilles as it is off-topic for tech@, but here it is too if you want to play with it: https://paste.omarpolo.com/9jtli2w To reproduce: (there may be quicker ways, this is just the first i found) # pkg_add rspamd opensmtpd-filter-rspamd # rcctl enable rspamd # rcctl start rspamd add the rspamd filter to /etc/mail/smtpd.conf filter "rspamd" proc-exec "filter-rspamd" listen on lo0 smtps pki localhost auth filter "rspamd" and try to do a login: $ nc -c -Tnoverify localhost 465 helo localhost auth login b3xw MTMyNA== Thanks, Omar Polo diff /usr/src commit - 66c6b79616659a94b04092c9f103e3aa29809704 path + /usr/src blob - 0c63657be21352fb1f060505250f7a9ef4fc8d8c file + usr.sbin/smtpd/lka_filter.c --- usr.sbin/smtpd/lka_filter.c +++ usr.sbin/smtpd/lka_filter.c @@ -24,7 +24,7 @@ #include "smtpd.h" #include "log.h" -#definePROTOCOL_VERSION"0.6" +#definePROTOCOL_VERSION"0.7" struct filter; struct filter_session; @@ -1461,7 +1461,7 @@ lka_report_smtp_link_auth(const char *direction, struc fs->username = xstrdup(username); } report_smtp_broadcast(reqid, direction, tv, "link-auth", "%s|%s\n", - username, result); + result, username); } void blob - 313404c111c77b099b3855f43252c26877874b17 file + usr.sbin/smtpd/smtpd-filters.7 --- usr.sbin/smtpd/smtpd-filters.7 +++ usr.sbin/smtpd/smtpd-filters.7 @@ -271,12 +271,9 @@ This event is generated upon disconnection of the clie the cipher suite used by the session and the cipher strength in bits. .It Ic link-disconnect This event is generated upon disconnection of the client. -.It Ic link-auth : Ar username result +.It Ic link-auth : Ar result username This event is generated upon an authentication attempt by the client. .Pp -.Ar username -contains the username used for the authentication attempt. -.Pp .Ar result contains the string .Dq pass , @@ -284,6 +281,9 @@ depending on the result of the authentication attempt. or .Dq error depending on the result of the authentication attempt. +.Pp +.Ar username +contains the username used for the authentication attempt. .It Ic tx-reset : Op message-id This event is generated when a transaction is reset. .Pp