[exim-dev] [Bug 1649] rework SRS to avoid using dead librari…

Góra strony
Delete this message
Reply to this message
Autor: admin
Data:  
Dla: exim-dev
Stare tematy: [exim-dev] [Bug 1649] New: rework SRS to avoid using dead libraries
Temat: [exim-dev] [Bug 1649] rework SRS to avoid using dead libraries
https://bugs.exim.org/show_bug.cgi?id=1649

Mike Brudenell <mike.brudenell@???> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |mike.brudenell@???


--- Comment #6 from Mike Brudenell <mike.brudenell@???> ---
There's a problem with applying base32d to the $2 pattern match. The latter
contains an extract of user-supplied data within $local_part; if this contains
characters outside the base32 character set then base32d fails, causing the
string expansion to fail, eventually leading to an entry being logged in
paniclog.

This can be avoided by making sure the pattern matching expression that
produces $2 only matches against the base32 character set, and also ensures it
consists of at least one character. The hash string ($1) should also be at
least one character, as in the pattern used within the sg substitution later:

    ^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)\$


It's probably also a good idea to follow the inbound_srs router with one that
matches the SRS0 address with most other conditions relaxed and have it issue a
failure response if, for example, the hash fails to verify or the timestamp is
too old.

Finally, I don't think that the "max_rcpt = 1" is needed on the transport as
nothing within it depends on the recipient address, or uses variables that are
only populated if all the recipients share the same domain. My testing so far
supports this.

These changes, along with Jeremy's earlier response about needing to use "lc:"
to lowercase the return-path, the above becomes...

#routers
outbound:
  driver =    dnslookup
  domains =   ! +my_domains
  transport = ${if eq {$local_part@$domain} \
                      {$original_local_part@$original_domain} \
                   {remote_smtp} {remote_forwarded_smtp}}


inbound_srs:
  driver =    redirect
  senders =   :
  domains =   +my_domains
  condition = ${if match {$local_part} \
                         {^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)\$} \
                {${if and { {<= {${eval:$tod_epoch/86400 - ${base32d:$2} &
0x3ff}} \
                                {10}} \
                            {eq {$1} \
                                {${l_4:${hmac{md5}{SRS_SECRET}{${lc:$4@$3}}}}}}
\
                          } \
                         {true}{false} \
                 }} \
                 {false} \
                }
  data =    ${sg {$local_part} \
                 {^(?i)SRS0=[^=]+=[^=]+=([^=]*)=(.*)\$} \
                 {\$2@\$1}}



inbound_srs_failure:
  driver =    redirect
  senders =   :
  domains =   +my_domains
  condition = ${if match {$local_part} \
                         {^(?i)SRS0=([^=]+)=([^=]+)=([^=]*)=(.*)\$} \
                }
  allow_fail
  data =    :fail: Invalid SRS recipient address



# transport
remote_forwarded_smtp:
  driver =              smtp
  return_path =         SRS0\
                        =${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}\
                        =${base32:${eval:$tod_epoch/86400&0x3ff}}\
                        =${domain:$return_path}\
                        =${local_part:$return_path}\
                        @$original_domain


The above uses ${base32:}, which only just appeared in 4.next, for the
timestamp. You could perfectly well use the decimal number, making sure you
update the pattern match that produces $2 to contain just decimal digits:
[0-9]+

--
You are receiving this mail because:
You are on the CC list for the bug.