https://bugs.exim.org/show_bug.cgi?id=1649
Mike Brudenell <mike.brudenell@???> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mike.brudenell@???
--- Comment #6 from Mike Brudenell <mike.brudenell@???> ---
There's a problem with applying base32d to the $2 pattern match. The latter
contains an extract of user-supplied data within $local_part; if this contains
characters outside the base32 character set then base32d fails, causing the
string expansion to fail, eventually leading to an entry being logged in
paniclog.
This can be avoided by making sure the pattern matching expression that
produces $2 only matches against the base32 character set, and also ensures it
consists of at least one character. The hash string ($1) should also be at
least one character, as in the pattern used within the sg substitution later:
^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)\$
It's probably also a good idea to follow the inbound_srs router with one that
matches the SRS0 address with most other conditions relaxed and have it issue a
failure response if, for example, the hash fails to verify or the timestamp is
too old.
Finally, I don't think that the "max_rcpt = 1" is needed on the transport as
nothing within it depends on the recipient address, or uses variables that are
only populated if all the recipients share the same domain. My testing so far
supports this.
These changes, along with Jeremy's earlier response about needing to use "lc:"
to lowercase the return-path, the above becomes...
#routers
outbound:
driver = dnslookup
domains = ! +my_domains
transport = ${if eq {$local_part@$domain} \
{$original_local_part@$original_domain} \
{remote_smtp} {remote_forwarded_smtp}}
inbound_srs:
driver = redirect
senders = :
domains = +my_domains
condition = ${if match {$local_part} \
{^(?i)SRS0=([^=]+)=([A-Z2-7]+)=([^=]*)=(.*)\$} \
{${if and { {<= {${eval:$tod_epoch/86400 - ${base32d:$2} &
0x3ff}} \
{10}} \
{eq {$1} \
{${l_4:${hmac{md5}{SRS_SECRET}{${lc:$4@$3}}}}}}
\
} \
{true}{false} \
}} \
{false} \
}
data = ${sg {$local_part} \
{^(?i)SRS0=[^=]+=[^=]+=([^=]*)=(.*)\$} \
{\$2@\$1}}
inbound_srs_failure:
driver = redirect
senders = :
domains = +my_domains
condition = ${if match {$local_part} \
{^(?i)SRS0=([^=]+)=([^=]+)=([^=]*)=(.*)\$} \
}
allow_fail
data = :fail: Invalid SRS recipient address
# transport
remote_forwarded_smtp:
driver = smtp
return_path = SRS0\
=${l_4:${hmac{md5}{SRS_SECRET}{${lc:$return_path}}}}\
=${base32:${eval:$tod_epoch/86400&0x3ff}}\
=${domain:$return_path}\
=${local_part:$return_path}\
@$original_domain
The above uses ${base32:}, which only just appeared in 4.next, for the
timestamp. You could perfectly well use the decimal number, making sure you
update the pattern match that produces $2 to contain just decimal digits:
[0-9]+
--
You are receiving this mail because:
You are on the CC list for the bug.
