You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I came up with a better solution that removes dirty code wherever it may be in the address.
This is the fix:
file: /usr/sbin/MSMilter
251 # my $rcptto = $args[0];
252 ##### ALEX ###
253 my $rcptto = substr $args[0] , 1, -1;
254 $rcptto =~ s/<.*?>//g;
255 $rcptto = "<$rcptto>";
256 ### END ALEX ###
Basically
253 I remove the head and trailing markers, < >
254 then I remove anything inside the address that may be inside addictional < >
255 then add the head/trailing markers again and go on with standard MS code
This should fix the vulnerability in a definitive way
I made a small revision so that we don't assume the first and last chars are always < and >, respectively. They should be, but postfix does allow you to pass in an address without them.
Describe the bug
A message with malformed recipient address breaks postfix queue
This is an example of milterout queue file relevant row:
O<<200b>[email protected]>
As you can see code <200b> is in front of the real address so the address breaks the queue and never leaves milterout folder
To Reproduce
craft some sort of control code or char inside the recipient address
Expected behavior
Offendig char should be stripped off before sending to MTA
Server (please complete the following information):
Additional context
For now I've fixed this behaviour adding a cleanup at line 250 of /usr/sbin/MSMilter as follows
250 $args[0] =~ /<(<.>)?(.)>$/;
251 # my $rcptto = $args[0];
252 my $rcptto = "<$2>";
this just fixes code in the beginnig of the address but likely a smarter solution mat be to only allow a specific set of chars inside the address
The text was updated successfully, but these errors were encountered: