vertx-mail-client icon indicating copy to clipboard operation
vertx-mail-client copied to clipboard

Published 20 hours ago verified publisher icon vert-x3

FIX#219: bare <LF> received after DATA

Open cs8898 opened this issue 1 year ago • 3 comments

Motivation:

fixes #219 SMTP Smuggling problems

Additional References:

https://cr.yp.to/docs/smtplf.html https://www.postfix.org/smtp-smuggling.html

Solution:

Replace \n in Headers by \r\n before sending.

Msg Dumps for Reference:

https://gist.github.com/cs8898/b740ee29206d5b9f7bee7c352d676086

Test:

  • [x] Tested with my Quarkus Project (Postfix 3.5.23)

cs8898 avatar Feb 23 '24 14:02 cs8898

can you add a test for this

vietj avatar Feb 24 '24 09:02 vietj

Yah, i plan to modify the replacement to be more in the style of message body sending. (Split on \n and add to the SB)

Should i also drop the assert, because theoreticaly the encoder won't add any \r.

For testing i would add a long recipient list, long subject and a long message text as single line.

Should i edit the test-helper class, so the bare LF check can be triggered by a flag?

cs8898 avatar Feb 24 '24 10:02 cs8898

BareLF Detection

The implementation is based on the Postfix logic. When a \n is read the preceded character must be a \r otherwise it will fail with bare <LF>.

Postfix 3.8.5

https://github.com/vdukhovni/postfix/blob/9d037ea08042ef5aac7510600ccb1a9541411b4c/postfix/src/global/smtp_stream.c#L431-L442

Postfix 3.5.23

https://github.com/vdukhovni/postfix/blob/f75140fe8504f1fa69e98facbf8258b67af7ebff/postfix/src/global/smtp_stream.c#L414-L427

cs8898 avatar Feb 28 '24 09:02 cs8898

closed in favor of #221

cs8898 avatar May 31 '24 05:05 cs8898