go-chasquid-smtp

Mirrors/go-chasquid-smtp

Fork 0

mirror of https://blitiri.com.ar/repos/chasquid synced 2025-12-23 15:37:01 +00:00

Commit Graph

Author	SHA1	Message	Date
Alberto Bertogli	99df5e7b57	smtpsrv: Limit incoming line length and improve large message handling Currently, there is no limit to incoming line length, so an evil client could cause a memory exhaustion DoS by issuing very long lines. This patch fixes the bug by limiting the size of the lines. To do that, we replace the textproto.Conn with a pair of buffered reader and writer, which simplify the code and allow for better and cleaner control. Thanks to Max Mazurov (fox.cpp@disroot.org) for finding and reporting this issue.	2019-12-01 19:07:58 +00:00
Alberto Bertogli	e7309a2c7b	smtpsrv: Send enhanced status codes SMTP supports enhanced status codes, which help with internationalization and accessibility in cases where protocol errors make their way to the users. This patch makes chasquid include these extended status codes in the corresponding replies, as well as advertising support in the EHLO reply. Main references: - RFC 3463 (https://tools.ietf.org/html/rfc3463) - RFC 2034 (https://tools.ietf.org/html/rfc2034) - SMTP Enhanced Status Codes Registry (https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml)	2019-01-10 15:44:25 +00:00
Alberto Bertogli	61d2961ee9	test: Add a new integration test with minor dialogs This patch adds a new integration test, which executes various small dialogs, to cover corner cases that are not well covered (according to our coverage report). For example, "EHLO" without domain, or invalid DATA. While we could do them via Go tests, this way is more realistic, and the tests are easier to write.	2018-03-02 19:37:37 +00:00

Author

SHA1

Message

Date

Alberto Bertogli

99df5e7b57

smtpsrv: Limit incoming line length and improve large message handling

Currently, there is no limit to incoming line length, so an evil client
could cause a memory exhaustion DoS by issuing very long lines.

This patch fixes the bug by limiting the size of the lines.

To do that, we replace the textproto.Conn with a pair of buffered reader
and writer, which simplify the code and allow for better and cleaner
control.

Thanks to Max Mazurov (fox.cpp@disroot.org) for finding and reporting
this issue.

2019-12-01 19:07:58 +00:00

Alberto Bertogli

e7309a2c7b

smtpsrv: Send enhanced status codes

SMTP supports enhanced status codes, which help with
internationalization and accessibility in cases where protocol errors
make their way to the users.

This patch makes chasquid include these extended status codes in the
corresponding replies, as well as advertising support in the EHLO reply.

Main references:
- RFC 3463 (https://tools.ietf.org/html/rfc3463)
- RFC 2034 (https://tools.ietf.org/html/rfc2034)
- SMTP Enhanced Status Codes Registry
  (https://www.iana.org/assignments/smtp-enhanced-status-codes/smtp-enhanced-status-codes.xhtml)

2019-01-10 15:44:25 +00:00

Alberto Bertogli

61d2961ee9

test: Add a new integration test with minor dialogs

This patch adds a new integration test, which executes various small
dialogs, to cover corner cases that are not well covered (according to
our coverage report).

For example, "EHLO" without domain, or invalid DATA.

While we could do them via Go tests, this way is more realistic, and the
tests are easier to write.

2018-03-02 19:37:37 +00:00

3 Commits