Re: smtpd: LINE_MAX might not be enough for a response

Wed, 24 Nov 2021 16:39:20 -0800 

On Nov 24 14:47:48, [email protected] wrote:
> 
> Jan Stary <[email protected]> writes:
> > smtpd just failed to parse a SMTP response (below),
> > saying 'line too long'.
> >
> > Looking at the source, this seems to be parse_smtp_response() in util.c,
> > which errors out right away with
> >
> >     if (len >= LINE_MAX)
> >             return "line too long";
> >
> > Apparently,
> >
> >     /usr/include/sys/syslimits.h:#define  LINE_MAX 2048
> >
> > is not enough, as shown by this line from
> > (you guessed it) outlook.office365.com:
> 
> > There is also
> >
> >     smtp_session.c:#define  SMTP_LINE_MAX  65535
> 
> > Index: util.c
> > ===================================================================
> > RCS file: /cvs/src/usr.sbin/smtpd/util.c,v
> > retrieving revision 1.154
> > diff -u -p -r1.154 util.c
> > --- util.c  14 Jun 2021 17:58:16 -0000      1.154
> > +++ util.c  24 Nov 2021 17:59:14 -0000
> > @@ -685,9 +685,6 @@ session_socket_error(int fd)
> >  const char *
> >  parse_smtp_response(char *line, size_t len, char **msg, int *cont)
> >  {
> > -   if (len >= LINE_MAX)
> > -           return "line too long";
> > -
> >     if (len > 3) {
> >             if (msg)
> >                     *msg = line + 4;
> 
> We really shouldn't simply remove this check.

Absolutely, that was just to see what the long line was.
Thanks for digging in.

        Jan


> In this case parse_smtp_response gets called in two places: 
> 
> * 
> https://github.com/openbsd/src/blob/ceeebefe3564938ff6ba87e7f465f6c35aeb8b03/usr.sbin/smtpd/bounce.c#L726
> * 
> https://github.com/openbsd/src/blob/ceeebefe3564938ff6ba87e7f465f6c35aeb8b03/usr.sbin/smtpd/mta_session.c#L1252
> 
> I think the correct thing to do in this case is examine how 'char *line'
> is allocated, which should help to determine if SMTP_LINE_MAX would in
> fact be a suitable replacement for LINE_MAX.
> 
> Digging a little further, it appears that in usr.sbin/smtpd/bounce.c:711
> we see that LINE_MAX is used for comparison before later calling
> parse_smtp_response with char *line and size_t len:
> 
>       case IO_DATAIN:
>           nextline:
>               line = io_getline(s->io, &len);
>               if (line == NULL && io_datalen(s->io) >= LINE_MAX) {
>                       bounce_status(s, "Input too long");
>                       bounce_free(s);
>                       return;
>               }
> 
> At this point it seems to me that changing LINE_MAX to SMTP_LINE_MAX
> would require a bit more digging, and I didn't look into any RFCs for
> whether this is a standard value that outlook is ignoring.
> 
>

Reply via email to