Hello,
the `link-auth' event hash the user first and the result of the
operation after; this breaks when a username has a '|' character in
it. Since this is triggered by the `auth login' command, anyone could
send a user with a '|' and, depending on the filter used, make smtpd
exit. (if the filter dies, smtpd does too)
This was reported on the OpenSMTPD-portable github repository with
Gilles' opensmtpd-filter-rspamd:
https://github.com/OpenSMTPD/OpenSMTPD/issues/1213
Diff below is straightforward and includes the documentation changes.
I believe link-auth was forgotten in revision 1.61 of lka_filter.c
when the mail-from/rcpt-to events got their fields swapped.
For opensmtpd-filter-rspamd I have a corresponding diff that I'll send
to Gilles as it is off-topic for tech@, but here it is too if you want
to play with it:
https://paste.omarpolo.com/9jtli2w
To reproduce: (there may be quicker ways, this is just the first i
found)
# pkg_add rspamd opensmtpd-filter-rspamd
# rcctl enable rspamd
# rcctl start rspamd
add the rspamd filter to /etc/mail/smtpd.conf
filter "rspamd" proc-exec "filter-rspamd"
listen on lo0 smtps pki localhost auth filter "rspamd"
and try to do a login:
$ nc -c -Tnoverify localhost 465
helo localhost
auth login
b3xw
MTMyNA==
Thanks,
Omar Polo
diff /usr/src
commit - 66c6b79616659a94b04092c9f103e3aa29809704
path + /usr/src
blob - 0c63657be21352fb1f060505250f7a9ef4fc8d8c
file + usr.sbin/smtpd/lka_filter.c
--- usr.sbin/smtpd/lka_filter.c
+++ usr.sbin/smtpd/lka_filter.c
@@ -24,7 +24,7 @@
#include "smtpd.h"
#include "log.h"
-#define PROTOCOL_VERSION "0.6"
+#define PROTOCOL_VERSION "0.7"
struct filter;
struct filter_session;
@@ -1461,7 +1461,7 @@ lka_report_smtp_link_auth(const char *direction, struc
fs->username = xstrdup(username);
}
report_smtp_broadcast(reqid, direction, tv, "link-auth", "%s|%s\n",
- username, result);
+ result, username);
}
void
blob - 313404c111c77b099b3855f43252c26877874b17
file + usr.sbin/smtpd/smtpd-filters.7
--- usr.sbin/smtpd/smtpd-filters.7
+++ usr.sbin/smtpd/smtpd-filters.7
@@ -271,12 +271,9 @@ This event is generated upon disconnection of the clie
the cipher suite used by the session and the cipher strength in bits.
.It Ic link-disconnect
This event is generated upon disconnection of the client.
-.It Ic link-auth : Ar username result
+.It Ic link-auth : Ar result username
This event is generated upon an authentication attempt by the client.
.Pp
-.Ar username
-contains the username used for the authentication attempt.
-.Pp
.Ar result
contains the string
.Dq pass ,
@@ -284,6 +281,9 @@ depending on the result of the authentication attempt.
or
.Dq error
depending on the result of the authentication attempt.
+.Pp
+.Ar username
+contains the username used for the authentication attempt.
.It Ic tx-reset : Op message-id
This event is generated when a transaction is reset.
.Pp
