Bug in processing passwords with backslash in mail/imap proxy code

Hello,

looks like there is a bug in nginx 1.8.1 in mail proxy code which used
for authorization:
backslash becomes stripped from password when quoted in imap command:

  • OK IMAP4 ready
    p LOGIN “testdev” “,\REz=#tPc”
    p NO Invalid login or password

p LOGIN “testdev” ,\REz=#tPc
p OK [CAPABILITY…

auth_http gets following:

GET /auth HTTP/1.0
Host: 127.0.0.1
Auth-Method: plain
Auth-User: testdev
Auth-Pass: ,REz=#tPc
Auth-Protocol: imap

and

GET /auth HTTP/1.0
Host: 127.0.0.1
Auth-Method: plain
Auth-User: testdev
Auth-Pass: ,\REz=#tPc
Auth-Protocol: imap

respectivelly
nginx conf is as following:
mail {
server {
listen 127.0.0.1:143;
server_name mail.example.com;
auth_http 127.0.0.1:900/auth;
protocol imap;
proxy on;
}
}

Hello!

On Wed, Apr 06, 2016 at 06:32:25PM +0300, - wrote:

Hello,

looks like there is a bug in nginx 1.8.1 in mail proxy code which used for
authorization:
backslash becomes stripped from password when quoted in imap command:

  • OK IMAP4 ready
    p LOGIN “testdev” “,\REz=#tPc”
    p NO Invalid login or password

This should be “p BAD Syntax error”, but nginx doesn’t care to
check syntax so strictly and allows any character after a
backslash.

Quoting RFC 3501, http://tools.ietf.org/html/rfc3501#section-9:

: quoted = DQUOTE *QUOTED-CHAR DQUOTE
:
: QUOTED-CHAR = /
: “” quoted-specials
:
: quoted-specials = DQUOTE / “”

In summary: fix the client.


Maxim D.
http://nginx.org/

for note, the client is saslauthd from cyrus-sasl package running with
-a rimap

Цитирование Maxim D. [email protected] :

Hello!

On Wed, Apr 06, 2016 at 06:32:25PM +0300, Дениска-редиска wrote:

Hello,

looks like there is a bug in nginx 1.8.1 in mail proxy code which used for
authorization:

backslash becomes stripped from password when quoted in imap command:

  • OK IMAP4 ready
    p LOGIN “testdev” “,\REz=#tPc”
    p NO Invalid login or password

This should be “p BAD Syntax error”, but nginx doesn’t care to
check syntax so strictly and allows any character after a
backslash.

Quoting RFC 3501, http://tools.ietf.org/html/rfc3501#section-9:

: quoted = DQUOTE *QUOTED-CHAR DQUOTE
:
: QUOTED-CHAR = /
: “” quoted-specials
:
: quoted-specials = DQUOTE / “”

In summary: fix the client.


Maxim D.
http://nginx.org/


nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs