Bug#643826: smtpguard: smtpguard-daemon crashes if any illegal characters are contained in SMTP envelope

Thu, 29 Sep 2011 21:54:19 -0700 

Subject: smtpguard-daemon crashes if any illegal characters are contained in 
SMTP envelope
Package: smtpguard
Version: 1.1.3-1.1
Justification: user security hole
Severity: grave
Tags: upstream security patch

A patch to modify this behavior is attached.

How to reproduce:

1. Add "TD" and/or "FD" entries to smtpguard.conf as attached.

2. Submit sender/recipient with illegal octet(s), any of:
  - Control characters.
  - 8-bit octet not forming legal UTF-8 sequence.

Result is as following (note that "_" is control character or non-UTF-8
sequence):

# /etc/init.d/smtpguard start
# /usr/lib/postfix/smtpguard -S -v
request=smtpd_access_policy
protocol_state=RCPT
protocol_name=ESMTP
helo_name=mail.example.jp
sender=nob...@example.jp
recipient=user_@example.co.jp
client_address=172.16.0.1
client_name=mail.example.jp
instance=123.456.7

output error : string is not in UTF-8
action=defer_if_permit Server configuration error.

# tail /var/log/syslog
Sep 30 12:31:55 debian-amd64 postfix/smtpguard[11814]: error: 
fg_spam_update_db(8): Invalid protocol: read unexpected EOF.
Sep 30 12:31:55 debian-amd64 postfix/smtpguard[11814]: fallback action: 
defer_if_permit Server configuration error.
Sep 30 12:31:55 debian-amd64 postfix/smtpguard[11814]: policy action: 
action=defer_if_permit Server configuration error.
Sep 30 12:31:55 debian-amd64 kernel: [72351.354645] smtpguard-daemo[11809]: 
segfault at 0 ip 00007f3744d8e61a sp 00007f3743c408b8 error 4 in 
libc-2.11.2.so[7f3744d11000+158000]
# 


-- System Information:
Debian Release: 6.0.2
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/1 CPU core)
Locale: LANG=ja_JP.UTF-8, LC_CTYPE=ja_JP.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages smtpguard depends on:
ii  adduser            3.112+nmu2            add and remove users and groups
ii  libc6              2.11.2-10             Embedded GNU C Library: Shared lib
ii  libdb4.8           4.8.30-2              Berkeley v4.8 Database Libraries [
ii  libglib2.0-0       2.24.2-1              The GLib library of C routines
ii  libsmtpguard1      1.1.3-1.1             Shared library of smtpguard
ii  libxml2            2.7.8.dfsg-2+squeeze1 GNOME XML library

smtpguard recommends no packages.

smtpguard suggests no packages.

-- Configuration Files:
/etc/smtpguard/smtpguard.conf changed:
MAILFROM="postmaster"
SENDMAIL="/usr/sbin/sendmail"
EXPIRE=900
A:              : add(5)
A: TD==example.co.jp : add(50)
A: FD==example.co.jp : add(50)
R: P>1000       : reject("441 sending too much mail, try again later")


-- no debconf information

-- 
株式会社 コンバージョン  セキュリティ&OSSソリューション部   池田荘児
〒231-0004 神奈川県横浜市中区元浜町3-21-2 ヘリオス関内ビル7F
e-mail supp...@conversion.co.jp  TEL 045-640-3550
http://www.conversion.co.jp/

Attachment: smtpguard-1.1.3-CV-smtpguard_service.patch
Description: Binary data

Reply via email to