Re: [PATCH] Re: OpenSMTPD 7.5.0 RC1

[Tassilo Philipp]

Perfect, thanks! You are right, this didn't copy anything. I just 
noticed it now, b/c I need that param for the DSN work I'm currently 
working on.


And sorry for not spotting this earlier, when I tested that final 
version of the ORCPT patch, a while ago.


:)


On Wed, Mar 20, 2024 at 07:08:40PM +0100, Omar Polo wrote:

On 2024/03/20 17:36:01 +0100, Tassilo Philipp  
wrote:

Hi,

while working on the DSN patches mentioned in another thread, I came 
across an oversight in the final ORCPT patch that will be part of 7.5.0.


Find the patch attached - IMHO, this patch should make it into 7.5.0, as 
it's fixing an error writing to a wrong buffer, which could be abused 
(from a cursory review it looks safe as that wrong destination buffer 
big enough, but I haven't checked it thoroughly).


Thanks for spotting!  This has been committed and will be included in 
7.5 (both OpenBSD and -portable.)


I don't think this can be abused since the dsn_orcpt buffer is zeroed, 
so we're just going to truncate `opt', that we won't look at it again. 
In any case, this had to be fixed.

Re: [PATCH] Re: OpenSMTPD 7.5.0 RC1

[Omar Polo]

On 2024/03/20 17:36:01 +0100, Tassilo Philipp  
wrote:
> Hi,
> 
> while working on the DSN patches mentioned in another thread, I came 
> across an oversight in the final ORCPT patch that will be part of 7.5.0.
> 
> Find the patch attached - IMHO, this patch should make it into 7.5.0, as 
> it's fixing an error writing to a wrong buffer, which could be abused 
> (from a cursory review it looks safe as that wrong destination buffer 
> big enough, but I haven't checked it thoroughly).

Thanks for spotting!  This has been committed and will be included in
7.5 (both OpenBSD and -portable.)

I don't think this can be abused since the dsn_orcpt buffer is zeroed,
so we're just going to truncate `opt', that we won't look at it again.
In any case, this had to be fixed.

[PATCH] Re: OpenSMTPD 7.5.0 RC1

[Tassilo Philipp]

Hi,

while working on the DSN patches mentioned in another thread, I came 
across an oversight in the final ORCPT patch that will be part of 7.5.0.


Find the patch attached - IMHO, this patch should make it into 7.5.0, as 
it's fixing an error writing to a wrong buffer, which could be abused 
(from a cursory review it looks safe as that wrong destination buffer 
big enough, but I haven't checked it thoroughly).



On Fri, Mar 08, 2024 at 11:14:54AM +0100, Omar Polo wrote:
Today we're happy to announce the first release candidate for 
OpenSMTPD 7.5.0 that includes the latest developments on OpenBSD, 
briefly summarized below.  The 7.5.0 stable release will follow the 
OpenBSD release schedule and so will be available in around a month. 
It is our hope that the community will help testing this first 
release candidate and report any issue found.


Tarballs are available on the official mirror or on GitHub:

   https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.tar.gz
   https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/7.5.0rc1

Verify the tarball with signify(1) and the usual public key:

   https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.sum.sig
   https://opensmtpd.org/archives/opensmtpd-20181026.pub


Changelog:

- run LMTP deliveires as the recipient user (again).
- do not execute commands from root's .forward file, nor allow expanding. 
- when an alternate delivery user is provided for a dispatcher, skip
 other users forward files. 
- reject invalid headers that start with blanks.

- relax ORCPT syntax validation.
- use smtpd' table parser in makemap(8) too.
- fix and improve the table(5) file format documentation.
- fixed handling of escaping inside quotes in From, To and Cc headers. 
- fix table lookups of IPv6 address.

- allow to use a key-pair table on various match constraints where only
 list tables were previously allowed. 
- allow inline tables and filter to span over multiple lines.
- enable DSN (Delivery Status Notification) for the implicit socket too. 
- add the `no-dsn' option to `listen on socket' too.


OpenSMTPD-portable specific changes:

- re-add ASR_IPV4_BEFORE_IPV6 compile-time knob to prefer connecting
 to IPv6 instead of IPv4. 
- update asr(3) and imsg with OpenBSD.

- configure: readd -R usage on NetBSD mistakenly dropped in previous
 release.



Thanks,

Omar Polo

--- ./usr.sbin/smtpd/smtp_session.c.orig2024-03-20 17:27:12.280717000 
+0100
+++ ./usr.sbin/smtpd/smtp_session.c 2024-03-20 17:27:18.240157000 +0100
@@ -2496,7 +2496,7 @@
 
if ((p = strchr(opt, ';')) == NULL ||
!valid_xtext(p + 1) ||
-   strlcpy(opt, tx->evp.dsn_orcpt, len) >= len) {
+   strlcpy(tx->evp.dsn_orcpt, opt, len) >= len) {
smtp_reply(tx->session,
"553 ORCPT address syntax error");
return;

Re: OpenSMTPD 7.5.0 RC1

[Richard Narron]

   The new OpenSMTPD 7.5.0rc1 works well with LibreSSL on Slackware64
Linux.

   My compile script uses CFLAGS and LDFLAGS like this:

   CFLAGS="...  -I/usr/include/libressl" \
   LDFLAGS="-L/usr/lib64/libressl -lcrypto -lssl \
-Wl,-rpath=/usr/lib64/libressl" \
   ./configure \
 ...

   It solves the git problem 1188,
"configure: error: Your LibreSSL headers do not match your library".

   And it works even when I don't have LibreSSL installed and just have
OpenSSL 1 installed.

   This version works on 32-bit Slackware:

   CFLAGS="...  -I/usr/include/libressl" \
   LDFLAGS="-L/usr/lib/libressl -lcrypto -lssl \
-Wl,-rpath=/usr/lib/libressl" \
   ./configure \
 ...


Richard Narron

Re: OpenSMTPD 7.5.0 RC1

[Omar Polo]

On 2024/03/09 09:04:29 -0800, Andi Vajda  wrote:
> Yes, that fixes it:
> 
> $ sudo ./local/sbin/smtpd -d -f /usr/pkg/etc/smtpd/smtpd.conf
> info: OpenSMTPD 7.5.0-portable starting
> dnsbl: config|smtpd-version|7.5.0-portable
> dnsbl: config|smtp-session-timeout|300
> dnsbl: config|subsystem|smtp-in
> dnsbl: config|admd|olafpi.ovaltofu.org
> dnsbl: config|ready
> 
> Thank you very much for the fixes !
> 
> Andi..

I've committed the diff, will be part of 7.5 :)


Thanks!

Omar Polo

Re: OpenSMTPD 7.5.0 RC1

[Andi Vajda]

 Hi Omar,

On Sat, 9 Mar 2024, Omar Polo wrote:


Now, back to the problem, the issue is that on NetBSD seteuid() breaks
setuid() and that inbetween 7.3 and 7.4 I lost the check for the
setreuid() function.  So, in openbsd-compat/resuid.c we end up calling
seteuid() and then setuid(), which fails due to the previous seteuid()
call.  It's a bit confusing! :)

However, I believe this diff fixes smtpd on NetBSD, please let me know.

diff /home/op/w/opensmtpd
commit - 34723692d48c5bd4d54150e60fb3a1dcd7663e2b
path + /home/op/w/opensmtpd
blob - 948c865875938d34d9540267a15ee3de6464b1bc
file + configure.ac
--- configure.ac
+++ configure.ac
@@ -147,6 +147,7 @@ AC_CHECK_FUNCS([ \
getspnam \
malloc_conceal \
pledge \
+   setreuid \
setsid \
sigaction \
strnvis \


Yes, that fixes it:

$ sudo ./local/sbin/smtpd -d -f /usr/pkg/etc/smtpd/smtpd.conf
info: OpenSMTPD 7.5.0-portable starting
dnsbl: config|smtpd-version|7.5.0-portable
dnsbl: config|smtp-session-timeout|300
dnsbl: config|subsystem|smtp-in
dnsbl: config|admd|olafpi.ovaltofu.org
dnsbl: config|ready

Thank you very much for the fixes !

Andi..

Re: OpenSMTPD 7.5.0 RC1

[Omar Polo]

On 2024/03/08 16:11:45 -0800, Andi Vajda  wrote:
> 
> On Fri, 8 Mar 2024, Andi Vajda wrote:
> 
> > With this configuration, the build succeeds on netbsd 10.0_rc5, but I get 
> > the 
> > same setuid failure as with 7.4.0p1 (but not with 7.3.0p2):
> >

Thanks to Gilles I had the chance to debug this on a NetBSD vm and
probably found the issue :)

> Looking at obvious differences in the 7.3.0p2, 7.4.0p1 and 7.5.0rc1 smtpd 
> executables. From ldd's standpoint, the only additional thing in 7.4.0 and 
> 7.5.0 is a reference to libtutil.so.7:
> [...]

This is interesting, but probably a red-herring.

> I also notice that the 7.3.0 smtpd executable is 3.5x smaller than the 7.4.0 
> and the 7.5.0 ones. Stripping all three then yields smaller executables for 
> 7.4.0 and 7.5.0:
> 
> -rwxr-xr-x  1 vajda  users  687160 Mar  8 16:08 
> opensmtpd-7.3.0p2/local/sbin/smtpd
> -rwxr-xr-x  1 vajda  users  548128 Mar  8 16:08 
> opensmtpd-7.4.0p1/local/sbin/smtpd
> -rwxr-xr-x  1 vajda  users  551816 Mar  8 16:09 
> opensmtpd-7.5.0rc1/local/sbin/smtpd

This is interesting and it makes me happy to see that the work of
cleaning and polishing the compat layer has a noticeable effect in the
binary size!

Now, back to the problem, the issue is that on NetBSD seteuid() breaks
setuid() and that inbetween 7.3 and 7.4 I lost the check for the
setreuid() function.  So, in openbsd-compat/resuid.c we end up calling
seteuid() and then setuid(), which fails due to the previous seteuid()
call.  It's a bit confusing! :)

However, I believe this diff fixes smtpd on NetBSD, please let me know.

diff /home/op/w/opensmtpd
commit - 34723692d48c5bd4d54150e60fb3a1dcd7663e2b
path + /home/op/w/opensmtpd
blob - 948c865875938d34d9540267a15ee3de6464b1bc
file + configure.ac
--- configure.ac
+++ configure.ac
@@ -147,6 +147,7 @@ AC_CHECK_FUNCS([ \
getspnam \
malloc_conceal \
pledge \
+   setreuid \
setsid \
sigaction \
strnvis \


Thanks!

Omar Polo

Re: OpenSMTPD 7.5.0 RC1

[Andi Vajda]

On Fri, 8 Mar 2024, Andi Vajda wrote:

With this configuration, the build succeeds on netbsd 10.0_rc5, but I get the 
same setuid failure as with 7.4.0p1 (but not with 7.3.0p2):




Looking at obvious differences in the 7.3.0p2, 7.4.0p1 and 7.5.0rc1 smtpd 
executables. From ldd's standpoint, the only additional thing in 7.4.0 and 
7.5.0 is a reference to libtutil.so.7:


$ ldd opensmtpd-7.3.0p2/local/sbin/smtpd
opensmtpd-7.3.0p2/local/sbin/smtpd:
-lz.1 => /usr/pkg/lib/libz.so.1
-lc.12 => /usr/lib/libc.so.12
-lcrypt.1 => /usr/lib/libcrypt.so.1
-levent-2.1.7 => /usr/pkg/lib/libevent-2.1.so.7
-lpthread.1 => /usr/lib/libpthread.so.1
-lssl.55 => /home/vajda/libressl-3.8.2/local/lib/libssl.so.55
-lcrypto.52 => /home/vajda/libressl-3.8.2/local/lib/libcrypto.so.52

$ ldd opensmtpd-7.4.0p1/local/sbin/smtpd
opensmtpd-7.4.0p1/local/sbin/smtpd:
-lz.1 => /usr/pkg/lib/libz.so.1
-lc.12 => /usr/lib/libc.so.12
-lssl.55 => /home/vajda/libressl-3.8.2/local/lib/libssl.so.55
-lcrypto.52 => /home/vajda/libressl-3.8.2/local/lib/libcrypto.so.52
-lpthread.1 => /usr/lib/libpthread.so.1
-lutil.7 => /usr/lib/libutil.so.7
-lcrypt.1 => /usr/lib/libcrypt.so.1
-levent-2.1.7 => /usr/pkg/lib/libevent-2.1.so.7

$ ldd opensmtpd-7.5.0rc1/local/sbin/smtpd
opensmtpd-7.5.0rc1/local/sbin/smtpd:
-lz.1 => /usr/pkg/lib/libz.so.1
-lc.12 => /usr/lib/libc.so.12
-lssl.55 => /home/vajda/libressl-3.8.2/local/lib/libssl.so.55
-lcrypto.52 => /home/vajda/libressl-3.8.2/local/lib/libcrypto.so.52
-lpthread.1 => /usr/lib/libpthread.so.1
-lutil.7 => /usr/lib/libutil.so.7
-lcrypt.1 => /usr/lib/libcrypt.so.1
-levent-2.1.7 => /usr/pkg/lib/libevent-2.1.so.7

I also notice that the 7.3.0 smtpd executable is 3.5x smaller than the 7.4.0 
and the 7.5.0 ones. Stripping all three then yields smaller executables for 
7.4.0 and 7.5.0:


-rwxr-xr-x  1 vajda  users  687160 Mar  8 16:08 
opensmtpd-7.3.0p2/local/sbin/smtpd
-rwxr-xr-x  1 vajda  users  548128 Mar  8 16:08 
opensmtpd-7.4.0p1/local/sbin/smtpd
-rwxr-xr-x  1 vajda  users  551816 Mar  8 16:09 
opensmtpd-7.5.0rc1/local/sbin/smtpd

Andi..

Re: OpenSMTPD 7.5.0 RC1

[Andi Vajda]

On Fri, 8 Mar 2024, Andi Vajda wrote:


I verified that configure works again with this statement:


Sorry for the noise, the configure statement is:

$ ./configure --prefix=`pwd`/local \
--with-libssl=/home/vajda/libressl-3.8.2/local --with-libevent=/usr/pkg \
--with-path-CAfile=/usr/pkg/share/mozilla-rootcerts/cacert.pem \
--with-path-queue=/var/spool/smtpd --with-path-empty=/var/empty \
--with-path-mbox=`pwd`/local/var/mbox --with-path-socket=/var/run \ 
--with-path-pidfile=/var/run


and it works fine with opensmptd-7.5.0rc1.

With this configuration, the build succeeds on netbsd 10.0_rc5, but I get 
the same setuid failure as with 7.4.0p1 (but not with 7.3.0p2):


$ sudo ./local/sbin/smtpd -d -f /usr/pkg/etc/smtpd/smtpd.conf
info: OpenSMTPD 7.5.0-portable starting
crypto: setuid 1012: Operation not permitted
lookup: setuid 1012: Operation not permitted
scheduler: setuid 1012: Operation not permitted
dispatcher: setuid 1012: Operation not permitted
warn: lost processor: dnsbl exited abnormally
queue: setuid 1013: Operation not permitted
smtpd: setuid 1013: Operation not permitted
control: setuid 1012: Operation not permitted
Exiting

Andi..

Re: OpenSMTPD 7.5.0 RC1

[Andi Vajda]

 Hi Omar,

On Fri, 8 Mar 2024, Omar Polo wrote:


Tarballs are available on the official mirror or on GitHub:

   https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.tar.gz
   https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/7.5.0rc1

Verify the tarball with signify(1) and the usual public key:

   https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.sum.sig
   https://opensmtpd.org/archives/opensmtpd-20181026.pub


I verified that configure works again with this statement:

./configure LDFLAGS='-lssl' --prefix=`pwd`/local 
--with-libssl=/home/vajda/libressl-3.8.2/local --with-libevent=/usr/pkg 
--with-path-CAfile=/usr/pkg/share/mozilla-rootcerts/cacert.pem 
--with-path-queue=/var/spool/smtpd --with-path-empty=/var/empty 
--with-path-mbox=`pwd`/local/var/mbox --with-path-socket=/var/run 
--with-path-pidfile=/var/run


Thank you for the fix !

But opensmptd-7.5.0rc1 doesn't build on netbsd, it fails with this:
 (this is netbsd aarch64 10.0_rc5)

ld: ../../usr.sbin/smtpd/smtpd.o: in function `parent_auth_pwd':
/home/vajda/opensmtpd-7.5.0rc1/mk/smtpd/../../usr.sbin/smtpd/smtpd.c:2293: 
undefined reference to `crypt'
/home/vajda/opensmtpd-7.5.0rc1/mk/smtpd/../../usr.sbin/smtpd/smtpd.c:2293:(.text+0x231c): 
relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 
`crypt'

ld: ../../openbsd-compat/crypt_checkpass.o: in function `crypt_checkpass':
/home/vajda/opensmtpd-7.5.0rc1/mk/smtpd/../../openbsd-compat/crypt_checkpass.c:23: 
undefined reference to `crypt'
/home/vajda/opensmtpd-7.5.0rc1/mk/smtpd/../../openbsd-compat/crypt_checkpass.c:23:(.text+0x28): 
relocation truncated to fit: R_AARCH64_CALL26 against undefined symbol 
`crypt'

*** Error code 1

Andi..

Re: OpenSMTPD 7.5.0 RC1

[gilles]

I somehow uploaded the correct sum.sig but an older version of the tarball,
let's pretend I did this to ensure someone made a verify test ;-)

Anyways... the tarball has been reuploaded:

$ signify -C -e -p opensmtpd-20181026.pub -x opensmtpd-7.5.0rc1.sum.sig
Signature Verified
opensmtpd-7.5.0rc1.tar.gz: OK
$ 



March 8, 2024 10:17 PM, "Richard Narron"  wrote:

> On Fri, 8 Mar 2024, Omar Polo wrote:
> 
> ...
> 
>> Tarballs are available on the official mirror or on GitHub:
>> 
>> https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.tar.gz
>> https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/7.5.0rc1
>> 
>> Verify the tarball with signify(1) and the usual public key:
>> 
>> https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.sum.sig
>> https://opensmtpd.org/archives/opensmtpd-20181026.pub
> 
> I get an error trying to validate the sha256 checksum:
> 
> $ sha256sum -c opensmtpd-7.5.0rc1.sum
> opensmtpd-7.5.0rc1.tar.gz: FAILED
> sha256sum: WARNING: 1 computed checksum did NOT match
> 
> Regards,
> Richard Narron

Re: OpenSMTPD 7.5.0 RC1

[Richard Narron]

On Fri, 8 Mar 2024, Omar Polo wrote:

...
> Tarballs are available on the official mirror or on GitHub:
>
> https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.tar.gz
> https://github.com/OpenSMTPD/OpenSMTPD/releases/tag/7.5.0rc1
>
> Verify the tarball with signify(1) and the usual public key:
>
> https://opensmtpd.org/archives/opensmtpd-7.5.0rc1.sum.sig
> https://opensmtpd.org/archives/opensmtpd-20181026.pub

  I get an error trying to validate the sha256 checksum:

$ sha256sum -c opensmtpd-7.5.0rc1.sum
opensmtpd-7.5.0rc1.tar.gz: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match

Regards,
Richard Narron