add faq for smtp smuggling, fix bug around handling "\nX\n" for any X, reject bare carriage returns and possibly smtp-smuggling attempts

mox was already strict in its "\r\n.\r\n" handling for end-of-message in an
smtp transaction.

due to a mostly unrelated bug, sequences of "\nX\n", including "\n.\n" were
rejected with a "local processing error".

the sequence "\r\n.\n" dropped the dot, not necessarily a big problem, this is
unlikely to happen in a legimate transaction and the behaviour not
unreasonable.

we take this opportunity to reject all bare \r.  we detect all slightly
incorrect combinations of "\r\n.\r\n" with an error mentioning smtp smuggling,
in part to appease the tools checking for it.

smtp errors are 500 "bad syntax", and mention smtp smuggling.
This commit is contained in:
Mechiel Lukkien
2024-01-01 18:30:31 +01:00
parent 4b8b53e776
commit 1f9b640d9a
10 changed files with 269 additions and 40 deletions

View File

@ -233,6 +233,18 @@ func (w Webmail) MessageSubmit(ctx context.Context, m SubmitMessage) {
// todo: consider making this an HTTP POST, so we can upload as regular form, which is probably more efficient for encoding for the client and we can stream the data in.
// Prevent any accidental control characters, or attempts at getting bare \r or \n
// into messages.
for _, l := range [][]string{m.To, m.Cc, m.Bcc, {m.From, m.Subject, m.ReplyTo, m.UserAgent}} {
for _, s := range l {
for _, c := range s {
if c < 0x20 {
xcheckuserf(ctx, errors.New("control characters not allowed"), "checking header values")
}
}
}
}
reqInfo := ctx.Value(requestInfoCtxKey).(requestInfo)
log := pkglog.WithContext(ctx).With(slog.String("account", reqInfo.AccountName))
acc, err := store.OpenAccount(log, reqInfo.AccountName)