Mercurial > hg > nginx
annotate src/mail/ngx_mail_ssl_module.h @ 7839:3974f4e56a4e
Mail: fixed s->arg_start clearing on invalid IMAP commands.
Previously, s->arg_start was left intact after invalid IMAP commands,
and this might result in an argument incorrectly added to the following
command. Similarly, s->backslash was left intact as well, leading
to unneeded backslash removal.
For example (LFs from the client are explicitly shown as "<LF>"):
S: * OK IMAP4 ready
C: a01 login "\<LF>
S: a01 BAD invalid command
C: a0000000000\2 authenticate <LF>
S: a00000000002 aBAD invalid command
The backslash followed by LF generates invalid command with s->arg_start
and s->backslash set, the following command incorrectly treats anything
from the old s->arg_start to the space after the command as an argument,
and removes the backslash from the tag. If there is no space, s->arg_end
will be NULL.
Both things seem to be harmless though. In particular:
- This can be used to provide an incorrect argument to a command without
arguments. The only command which seems to look at the single argument
is AUTHENTICATE, and it checks the argument length before trying to
access it.
- Backslash removal uses the "end" pointer, and stops due to "src < end"
condition instead of scanning all the process memory if s->arg_end is
NULL (and arg[0].len is huge).
- There should be no backslashes in unquoted strings.
An obvious fix is to clear s->arg_start and s->backslash on invalid commands,
similarly to how it is done in POP3 parsing (added in 810:e3aa8f305d21) and
SMTP parsing.
This, however, makes it clear that s->arg_start handling in the "done"
label is wrong: s->arg_start cannot be legitimately set there, as it
is expected to be cleared in all possible cases when the "done" label is
reached. The relevant code is dead and will be removed by the following
change.
author | Maxim Dounin <mdounin@mdounin.ru> |
---|---|
date | Wed, 19 May 2021 03:13:20 +0300 |
parents | 3bff3f397c05 |
children | 0aaa09927703 |
rev | line source |
---|---|
539 | 1 |
2 /* | |
3 * Copyright (C) Igor Sysoev | |
4412 | 4 * Copyright (C) Nginx, Inc. |
539 | 5 */ |
6 | |
7 | |
1136 | 8 #ifndef _NGX_MAIL_SSL_H_INCLUDED_ |
9 #define _NGX_MAIL_SSL_H_INCLUDED_ | |
539 | 10 |
11 | |
12 #include <ngx_config.h> | |
13 #include <ngx_core.h> | |
1136 | 14 #include <ngx_mail.h> |
539 | 15 |
16 | |
1136 | 17 #define NGX_MAIL_STARTTLS_OFF 0 |
18 #define NGX_MAIL_STARTTLS_ON 1 | |
19 #define NGX_MAIL_STARTTLS_ONLY 2 | |
583 | 20 |
21 | |
539 | 22 typedef struct { |
976 | 23 ngx_flag_t enable; |
2224 | 24 ngx_flag_t prefer_server_ciphers; |
976 | 25 |
26 ngx_ssl_t ssl; | |
547 | 27 |
2224 | 28 ngx_uint_t starttls; |
7269
7f955d3b9a0d
SSL: detect "listen ... ssl" without certificates (ticket #178).
Maxim Dounin <mdounin@mdounin.ru>
parents:
6550
diff
changeset
|
29 ngx_uint_t listen; |
976 | 30 ngx_uint_t protocols; |
547 | 31 |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
32 ngx_uint_t verify; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
33 ngx_uint_t verify_depth; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
34 |
976 | 35 ssize_t builtin_session_cache; |
547 | 36 |
976 | 37 time_t session_timeout; |
573 | 38 |
6550
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5989
diff
changeset
|
39 ngx_array_t *certificates; |
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5989
diff
changeset
|
40 ngx_array_t *certificate_keys; |
51e1f047d15d
SSL: support for multiple certificates (ticket #814).
Maxim Dounin <mdounin@mdounin.ru>
parents:
5989
diff
changeset
|
41 |
2044 | 42 ngx_str_t dhparam; |
3960 | 43 ngx_str_t ecdh_curve; |
5989
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
44 ngx_str_t client_certificate; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
45 ngx_str_t trusted_certificate; |
ec01b1d1fff1
Mail: client SSL certificates support.
Maxim Dounin <mdounin@mdounin.ru>
parents:
5744
diff
changeset
|
46 ngx_str_t crl; |
539 | 47 |
976 | 48 ngx_str_t ciphers; |
539 | 49 |
5744
42114bf12da0
SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents:
5503
diff
changeset
|
50 ngx_array_t *passwords; |
7729
3bff3f397c05
SSL: ssl_conf_command directive.
Maxim Dounin <mdounin@mdounin.ru>
parents:
7269
diff
changeset
|
51 ngx_array_t *conf_commands; |
5744
42114bf12da0
SSL: the "ssl_password_file" directive.
Valentin Bartenev <vbart@nginx.com>
parents:
5503
diff
changeset
|
52 |
976 | 53 ngx_shm_zone_t *shm_zone; |
2224 | 54 |
5503
d049b0ea00a3
SSL: ssl_session_tickets directive.
Dirkjan Bussink <d.bussink@gmail.com>
parents:
5425
diff
changeset
|
55 ngx_flag_t session_tickets; |
5425
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
4412
diff
changeset
|
56 ngx_array_t *session_ticket_keys; |
1356a3b96924
SSL: added ability to set keys used for Session Tickets (RFC5077).
Piotr Sikora <piotr@cloudflare.com>
parents:
4412
diff
changeset
|
57 |
2224 | 58 u_char *file; |
59 ngx_uint_t line; | |
1136 | 60 } ngx_mail_ssl_conf_t; |
539 | 61 |
62 | |
1136 | 63 extern ngx_module_t ngx_mail_ssl_module; |
539 | 64 |
65 | |
1136 | 66 #endif /* _NGX_MAIL_SSL_H_INCLUDED_ */ |