Bug#1070190: sendmail-bin: CVE-2023-51765 SMTP smuggling with NUL followup
On 04/05/2024 13.02, Andreas Beckmann wrote:
I have patched sendmail in order to enable O RejectNUL=True directive,
but I do not achieved the fact to enable it by default.
Andreas could you get a glimpse at how to render RejectNUL a default ?
Second attempt. Completely untested. This should work for both fresh
installations and upgrades (as long as *.cf gets regenerated).
Could you try that? And especially that the opt-out instructions are
working?
Short explanation of the changes:
- Patch upstream proto.m4 to unconditionally emit 'O RejectNUL' with a
default of 'false'. As long as confREJECT_NUL is not defined (also the
default), this will be commented, so safe if built without
_FFR_REJECT_NUL_BYTE
- In debian.m4 define confREJECT_NUL to 'true' if sendmail was built
with _FFR_REJECT_NUL_BYTE, so it is enabled by default on Debian
- If sendmail.mc undefines confREJECT_NUL (or defines it to 'false'),
RejectNUL will be disabled again.
If that works on sid, it should be trivially backportable to
(old)*stable. There should be NEWS about that change.
Andreas
From 9b999fe61941c380a8c6dd49a3e50f8097b99b51 Mon Sep 17 00:00:00 2001
From: Andreas Beckmann <anbe@debian.org>
Date: Sat, 4 May 2024 14:07:48 +0200
Subject: [PATCH] enable 'O RejectNUL=true' by default
disable by appending
undefine(`confREJECT_NUL')dnl
to the corresponding .mc file
---
debian/cf/ostype/debian.m4.in | 3 +++
debian/patches/reject_nul.patch | 15 +++++++++++++++
debian/patches/series | 1 +
3 files changed, 19 insertions(+)
create mode 100644 debian/patches/reject_nul.patch
diff --git a/debian/cf/ostype/debian.m4.in b/debian/cf/ostype/debian.m4.in
index 5d1ae70..aa6f21f 100644
--- a/debian/cf/ostype/debian.m4.in
+++ b/debian/cf/ostype/debian.m4.in
@@ -65,6 +65,9 @@ dnl # this should help NIS startup time
dnl #
define(`confDEF_USER_ID', `mail:mail')dnl
dnl #
+ifelse(eval(index(sm_ffr, `-D_FFR_REJECT_NUL_BYTE') >= 0), `1',dnl
+`define(`confREJECT_NUL',`true')dnl')dnl
+dnl #
dnl #---------------------------------------------------------------------
dnl # mailer paths and options
dnl #---------------------------------------------------------------------
diff --git a/debian/patches/reject_nul.patch b/debian/patches/reject_nul.patch
new file mode 100644
index 0000000..56e822d
--- /dev/null
+++ b/debian/patches/reject_nul.patch
@@ -0,0 +1,15 @@
+Author: Andreas Beckmann <anbe@debian.org>
+Description: add configurable 'O RejectNUL' to *.cf
+
+--- a/cf/m4/proto.m4
++++ b/cf/m4/proto.m4
+@@ -720,6 +720,9 @@ _OPTION(MaxNOOPCommands, `confMAX_NOOP_C
+ # Name to use for EHLO (defaults to $j)
+ _OPTION(HeloName, `confHELO_NAME')
+
++# Reject NUL bytes in message body, requires _FFR_REJECT_NUL_BYTE
++_OPTION(RejectNUL, `confREJECT_NUL', `false')
++
+ ifdef(`_NEED_SMTPOPMODES_', `dnl
+ # SMTP operation modes
+ C{SMTPOpModes} s d D')
diff --git a/debian/patches/series b/debian/patches/series
index 01aeb3a..3a97b08 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -21,3 +21,4 @@ hyphenation.patch
fhs.patch
typos.patch
log-stop-at-debug-level.patch
+reject_nul.patch
--
2.20.1
Reply to: