[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

don't leak addr parsing errors into SMTP conversation #3185

Merged
merged 2 commits into from
May 4, 2023
Merged

don't leak addr parsing errors into SMTP conversation #3185

merged 2 commits into from
May 4, 2023

Conversation

msimerson
Copy link
Member
@msimerson msimerson commented May 3, 2023
edited
Loading

Differences:

  • don't return unsanitized network input (its a vulnerability vector)
  • don't log unsanitized network input as it enables log injection vulnerabilities

Checklist:

@msimerson msimerson changed the title slight modification of #3177 don't leak parsing errors into SMTP conversation #3176 May 3, 2023
@msimerson msimerson changed the title don't leak parsing errors into SMTP conversation #3176 don't leak addr parsing errors into SMTP conversation May 3, 2023
@msimerson msimerson requested a review from analogic May 3, 2023 23:46
analogic
analogic approved these changes May 4, 2023
View reviewed changes
Copy link
Collaborator
@analogic analogic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good point, LGTM

@msimerson msimerson merged commit f858f96 into master May 4, 2023
@msimerson msimerson deleted the 3177-parse-err-leak branch May 4, 2023 06:43
@msimerson msimerson mentioned this pull request Jun 13, 2023
Merged
msimerson added a commit that referenced this pull request Jun 16, 2023
@msimerson
Release v3.0.2 (#3200)
5c30916 
#### Fixed

- feat(q_forward): add LMTP routing handling #3199
- chore(q_forward): tighten up queue.wants handling #3199
- doc(q_forward): improve markdown formatting #3199
- helo.checks: several fixes, #3191
- q/smtp_forward: correct path to next_hop #3186
- don't leak addr parsing errors into SMTP conversation #3185
- connection: handle dns.reverse invalid throws on node v20 #3184
- rename redis command setex to setEx #3181

#### Changed

- test(helo.checks): add regression tests for #3191 #3195
- connection: handle dns.reverse invalid throws on node v20
- build(deps): bump ipaddr.js from 2.0.1 to 2.1.0 #3194
- chore: bump a few dependency versions #3184
- dns_list_base: avoid test failure when public DNS used #3184
- doc(outbound.ini) update link #3159
- doc(clamd.md) fixed spelling error #3155
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@analogic analogic analogic approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Parsing error leaking to SMTP communication
2 participants
@msimerson @analogic