mirror of
https://github.com/vdukhovni/postfix
synced 2025-09-03 23:55:18 +00:00
postfix-3.7.2
This commit is contained in:
Wietse Venema
committed by
Viktor Dukhovni
Viktor Dukhovni
parent
6d12e2baa0
commit
d776c5c039
@@ -26327,3 +26327,30 @@ Apologies for any names omitted.
|
||||
chroot jail. Problem reported by Jesper Dybdal. Files:
|
||||
cleanup/cleanup.h, cleanup/cleanup_init.c,
|
||||
cleanup/cleanup_milter.c, cleanup/cleanup_state.c.
|
||||
|
||||
20220421
|
||||
|
||||
Bugfix (introduced: Postfix 3.7): reverted an overly complex
|
||||
change in the postscreen SMTP engine from 20211023, and
|
||||
replaced it with a much simpler change. The bad change was
|
||||
segfaulting on some systems after receiving malformed input
|
||||
(for example, TLS "hello"). File: postscreen/postscreen_smtpd.c.
|
||||
|
||||
Under conditions described below, the postscreen program
|
||||
attempted to read through an uninitialized 'const' pointer.
|
||||
The pointer value depended on the compiler type and compiler
|
||||
options, but crucially, it did not depend on network inputs.
|
||||
|
||||
The conditions were that SMTPUTF8 support was enabled (the
|
||||
default), and that postscreen received non-UTF8 input, for
|
||||
example, a TLS or RDP handshake request. Depending on
|
||||
compiler details, the result of the read operation could
|
||||
be uninteresting, a combined memory leak and file handle
|
||||
leak, or a segmentation violation (signal 11).
|
||||
|
||||
The segmentation violation result was reported by Michael
|
||||
Grimm who used a FreeBSD 13.1 early version. The result was
|
||||
"uninteresting" with FreeBSD 13.0. Both FreeBSD systems use
|
||||
Clang instead of GCC. The result was also "uninteresting"
|
||||
on Linux-based systems that use GCC, or on a few older
|
||||
systems that use GCC.
|
||||
|
||||
@@ -20,8 +20,8 @@
|
||||
* Patches change both the patchlevel and the release date. Snapshots have no
|
||||
* patchlevel; they change the release date only.
|
||||
*/
|
||||
#define MAIL_RELEASE_DATE "20220418"
|
||||
#define MAIL_VERSION_NUMBER "3.7.1"
|
||||
#define MAIL_RELEASE_DATE "20220427"
|
||||
#define MAIL_VERSION_NUMBER "3.7.2"
|
||||
|
||||
#ifdef SNAPSHOT
|
||||
#define MAIL_VERSION_DATE "-" MAIL_RELEASE_DATE
|
||||
|
||||
@@ -794,7 +794,6 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
char *command;
|
||||
const PSC_SMTPD_COMMAND *cmdp;
|
||||
int write_stat;
|
||||
int skip_command_processing;
|
||||
|
||||
if (msg_verbose > 1)
|
||||
msg_info("%s: sq=%d cq=%d event %d on smtp socket %d from [%s]:%s flags=%s",
|
||||
@@ -930,25 +929,18 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
}
|
||||
|
||||
/*
|
||||
* As in smtpd(8), reject malformed UTF-8 when "smtputf8_enable =
|
||||
* yes". This also avoids noisy "non-UTF-8 key" warnings from
|
||||
* dict_utf8 infrastructure.
|
||||
*
|
||||
* Caution: do not skip all code in the remainder of this loop.
|
||||
* Avoid complaints from Postfix maps about malformed content.
|
||||
*/
|
||||
if ((skip_command_processing = (var_smtputf8_enable
|
||||
&& !valid_utf8_string(STR(state->cmd_buffer),
|
||||
LEN(state->cmd_buffer))))) {
|
||||
write_stat = PSC_SEND_REPLY(state,
|
||||
"500 5.5.2 Error: bad UTF-8 syntax");
|
||||
} else {
|
||||
#define PSC_BAD_UTF8(str, len) \
|
||||
(var_smtputf8_enable && !valid_utf8_string((str), (len)))
|
||||
|
||||
/*
|
||||
* Terminate the command buffer, and apply the last-resort
|
||||
* command editing workaround.
|
||||
* Terminate the command buffer, and apply the last-resort command
|
||||
* editing workaround.
|
||||
*/
|
||||
VSTRING_TERMINATE(state->cmd_buffer);
|
||||
if (psc_cmd_filter != 0) {
|
||||
if (psc_cmd_filter != 0 && !PSC_BAD_UTF8(STR(state->cmd_buffer),
|
||||
LEN(state->cmd_buffer))) {
|
||||
const char *cp;
|
||||
|
||||
for (cp = STR(state->cmd_buffer); *cp && IS_SPACE_TAB(*cp); cp++)
|
||||
@@ -964,7 +956,6 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
STR(state->cmd_buffer));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Reset the command buffer write pointer and state machine in
|
||||
@@ -975,14 +966,12 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
state->read_state = PSC_SMTPD_CMD_ST_ANY;
|
||||
VSTRING_RESET(state->cmd_buffer);
|
||||
|
||||
if (skip_command_processing == 0) {
|
||||
|
||||
/*
|
||||
* Process the command line.
|
||||
*
|
||||
* Caution: some command handlers terminate the session and destroy
|
||||
* the session state structure. When this happens we must leave
|
||||
* the SMTP engine to avoid a dangling pointer problem.
|
||||
* Caution: some command handlers terminate the session and destroy the
|
||||
* session state structure. When this happens we must leave the SMTP
|
||||
* engine to avoid a dangling pointer problem.
|
||||
*/
|
||||
cmd_buffer_ptr = STR(state->cmd_buffer);
|
||||
if (msg_verbose)
|
||||
@@ -1018,6 +1007,7 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
if ((state->flags & PSC_STATE_MASK_NSMTP_TODO_SKIP)
|
||||
== PSC_STATE_FLAG_NSMTP_TODO && cmdp->name == 0
|
||||
&& (is_header(command)
|
||||
|| PSC_BAD_UTF8(command, strlen(command))
|
||||
/* Ignore forbid_cmds lookup errors. Non-critical feature. */
|
||||
|| (*var_psc_forbid_cmds
|
||||
&& string_list_match(psc_forbid_cmds, command)))) {
|
||||
@@ -1096,9 +1086,9 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
}
|
||||
|
||||
/*
|
||||
* The following tests don't pass until the client gets all the
|
||||
* way to the RCPT TO command. However, the client can still fail
|
||||
* these tests with some later command.
|
||||
* The following tests don't pass until the client gets all the way
|
||||
* to the RCPT TO command. However, the client can still fail these
|
||||
* tests with some later command.
|
||||
*/
|
||||
if (cmdp->action == psc_rcpt_cmd) {
|
||||
if ((state->flags & PSC_STATE_MASK_BARLF_TODO_PASS_FAIL)
|
||||
@@ -1106,24 +1096,21 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
PSC_PASS_SESSION_STATE(state, "bare newline test",
|
||||
PSC_STATE_FLAG_BARLF_PASS);
|
||||
/* XXX Reset to PSC_TIME_STAMP_DISABLED on failure. */
|
||||
expire_time[PSC_TINDX_BARLF] = event_time()
|
||||
+ var_psc_barlf_ttl;
|
||||
expire_time[PSC_TINDX_BARLF] = event_time() + var_psc_barlf_ttl;
|
||||
}
|
||||
if ((state->flags & PSC_STATE_MASK_NSMTP_TODO_PASS_FAIL)
|
||||
== PSC_STATE_FLAG_NSMTP_TODO) {
|
||||
PSC_PASS_SESSION_STATE(state, "non-smtp test",
|
||||
PSC_STATE_FLAG_NSMTP_PASS);
|
||||
/* XXX Reset to PSC_TIME_STAMP_DISABLED on failure. */
|
||||
expire_time[PSC_TINDX_NSMTP] = event_time()
|
||||
+ var_psc_nsmtp_ttl;
|
||||
expire_time[PSC_TINDX_NSMTP] = event_time() + var_psc_nsmtp_ttl;
|
||||
}
|
||||
if ((state->flags & PSC_STATE_MASK_PIPEL_TODO_PASS_FAIL)
|
||||
== PSC_STATE_FLAG_PIPEL_TODO) {
|
||||
PSC_PASS_SESSION_STATE(state, "pipelining test",
|
||||
PSC_STATE_FLAG_PIPEL_PASS);
|
||||
/* XXX Reset to PSC_TIME_STAMP_DISABLED on failure. */
|
||||
expire_time[PSC_TINDX_PIPEL] = event_time()
|
||||
+ var_psc_pipel_ttl;
|
||||
expire_time[PSC_TINDX_PIPEL] = event_time() + var_psc_pipel_ttl;
|
||||
}
|
||||
}
|
||||
/* Command COUNT limit test. */
|
||||
@@ -1149,7 +1136,6 @@ static void psc_smtpd_read_event(int event, void *context)
|
||||
if (cmdp->flags & PSC_SMTPD_CMD_FLAG_DESTROY)
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
* Terminate the session after a write error.
|
||||
|
||||
Reference in New Issue
Block a user