Hmm, doesn't this also depend on improper handling of pipelining? You can't pipeline past DATA, https://datatracker.ietf.org/doc/html/rfc2920#section-3.1
I guess if the sender is sending line by line, maybe the server would only have up to the DATA in the tcp buffer and process the DATA before reading more. Otherwise, having extra data available after the DATA command would be indicative of a misbehaving client. Even before I implemented pipelining, we enforced that clients weren't misbehaving that way to ensure we were connected to an smtp client and not just a dumb pipe. Maybe a different reading is possible, that the requirements are that the client should wait on data response, not that the server should enforce that. Alternatively, using this as the only defense here would be insufficient since it may depend on timing and how the clients sending happened to fit into outbound buffers or what the server happens to read. Brandon On Wed, Dec 20, 2023 at 1:22 PM Geert Hendrickx via mailop < mailop@mailop.org> wrote: > On Wed, Dec 20, 2023 at 14:49:20 +0000, Gellner, Oliver via mailop wrote: > > Postfix is potentially vulnerable as for compatibility with broken > > clients it accepts <LF>.<LF> as an end-of-data command. Well, at least > > it did, Wietse has introduced a flag which fixes this kind of message > > smuggling: > > > > > Protocol enforcement: with "smtpd_forbid_bare_newline = > > > yes" (the default for Postfix 3.9), reply with "Error: bare > > > <LF> received" and disconnect when an SMTP client sends a > > > line ending in <LF>, violating the RFC 5321 requirement > > > that lines must end in <CR><LF>. Files: mantools/postlink, > > > proto/postconf.proto, global/mail_params.h, global/smtp_stream.c, > > > global/smtp_stream.h, smtpd/smtpd.c. > > > > It will be available in the next releases for the 3.5 to 3.9 versions, > > although the new flag will be disabled on all versions except 3.9 by > > default. > > > For more info on Postfix fixes and timeline, see: > > https://www.mail-archive.com/postfix-users@postfix.org/msg100901.html > > > Geert > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop >
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
