From dbff2f04553ca9bda575ca395d623176a678ffa6 Mon Sep 17 00:00:00 2001
From: Alberto Bertogli <albertito@blitiri.com.ar>
Date: Sat, 2 Dec 2023 14:50:17 +0000
Subject: [PATCH] Reject empty listening addresses

Using an empty listening address will result in chasquid listening on a
random port, which is a dangerous misconfiguration.

That is most likely done to prevent it from listening at all.

To prevent this misconfiguration, explicitly reject empty listening
addresses early and with a warning, so there is no ambiguity.

Users can still prevent chasquid from listening by just commenting out
the entry in the config (and not passing any systemd file descriptors).

See https://github.com/albertito/chasquid/issues/45 for more details and
discussion, including alternatives considered.

Thanks to xavierg who reported this via IRC.
---
 chasquid.go                                              | 9 +++++++--
 .../c-10-empty_listening_addr/.expected-error            | 1 +
 .../c-10-empty_listening_addr/chasquid.conf              | 6 ++++++
 .../c-10-empty_listening_addr/domains/testserver/users   | 0
 test/t-20-bad_configs/run.sh                             | 2 +-
 5 files changed, 15 insertions(+), 3 deletions(-)
 create mode 100644 test/t-20-bad_configs/c-10-empty_listening_addr/.expected-error
 create mode 100644 test/t-20-bad_configs/c-10-empty_listening_addr/chasquid.conf
 create mode 100644 test/t-20-bad_configs/c-10-empty_listening_addr/domains/testserver/users

diff --git a/chasquid.go b/chasquid.go
index 6e4f1ec..bd850bb 100644
--- a/chasquid.go
+++ b/chasquid.go
@@ -169,8 +169,13 @@ func main() {
 func loadAddresses(srv *smtpsrv.Server, addrs []string, ls []net.Listener, mode smtpsrv.SocketMode) int {
 	naddr := 0
 	for _, addr := range addrs {
-		// The "systemd" address indicates we get listeners via systemd.
-		if addr == "systemd" {
+		if addr == "" {
+			// An empty address is invalid, to prevent accidental
+			// misconfiguration.
+			log.Errorf("Invalid empty listening address for %v", mode)
+			log.Fatalf("If you want to disable %v, remove it from the config", mode)
+		} else if addr == "systemd" {
+			// The "systemd" address indicates we get listeners via systemd.
 			srv.AddListeners(ls, mode)
 			naddr += len(ls)
 		} else {
diff --git a/test/t-20-bad_configs/c-10-empty_listening_addr/.expected-error b/test/t-20-bad_configs/c-10-empty_listening_addr/.expected-error
new file mode 100644
index 0000000..f460846
--- /dev/null
+++ b/test/t-20-bad_configs/c-10-empty_listening_addr/.expected-error
@@ -0,0 +1 @@
+Invalid empty listening address for submission
diff --git a/test/t-20-bad_configs/c-10-empty_listening_addr/chasquid.conf b/test/t-20-bad_configs/c-10-empty_listening_addr/chasquid.conf
new file mode 100644
index 0000000..ff6c0de
--- /dev/null
+++ b/test/t-20-bad_configs/c-10-empty_listening_addr/chasquid.conf
@@ -0,0 +1,6 @@
+mail_delivery_agent_bin: "test-mda"
+mail_delivery_agent_args: "%to%"
+data_dir: "../.data"
+mail_log_path: "../.logs/mail_log"
+
+submission_address: ""
diff --git a/test/t-20-bad_configs/c-10-empty_listening_addr/domains/testserver/users b/test/t-20-bad_configs/c-10-empty_listening_addr/domains/testserver/users
new file mode 100644
index 0000000..e69de29
diff --git a/test/t-20-bad_configs/run.sh b/test/t-20-bad_configs/run.sh
index 89255e1..9ba2130 100755
--- a/test/t-20-bad_configs/run.sh
+++ b/test/t-20-bad_configs/run.sh
@@ -18,7 +18,7 @@ mkdir -p c-04-no_cert_dirs/certs/
 
 # Generate certs for the tests that need them.
 for i in c-05-no_addrs c-06-bad_maillog c-07-bad_domain_info \
-	c-08-bad_sts_cache c-09-bad_queue_dir ;
+	c-08-bad_sts_cache c-09-bad_queue_dir c-10-empty_listening_addr ;
 do
 	CONFDIR=$i/ generate_certs_for testserver
 done