Bug in processing passwords with backslash in mail/imap proxy code

Sadaf_N · April 6, 2016, 5:32pm

Hello,

looks like there is a bug in nginx 1.8.1 in mail proxy code which used
for authorization:
backslash becomes stripped from password when quoted in imap command:

OK IMAP4 ready
p LOGIN “testdev” “,\REz=#tPc”
p NO Invalid login or password

p LOGIN “testdev” ,\REz=#tPc
p OK [CAPABILITY…

auth_http gets following:

GET /auth HTTP/1.0
Host: 127.0.0.1
Auth-Method: plain
Auth-User: testdev
Auth-Pass: ,REz=#tPc
Auth-Protocol: imap

and

GET /auth HTTP/1.0
Host: 127.0.0.1
Auth-Method: plain
Auth-User: testdev
Auth-Pass: ,\REz=#tPc
Auth-Protocol: imap

respectivelly
nginx conf is as following:
mail {
server {
listen 127.0.0.1:143;
server_name mail.example.com;
auth_http 127.0.0.1:900/auth;
protocol imap;
proxy on;
}
}

S_S_SSSSS_S_S-SS_S · April 6, 2016, 5:59pm

Hello!

On Wed, Apr 06, 2016 at 06:32:25PM +0300, - wrote:

Hello,

looks like there is a bug in nginx 1.8.1 in mail proxy code which used for
authorization:
backslash becomes stripped from password when quoted in imap command:

OK IMAP4 ready
p LOGIN “testdev” “,\REz=#tPc”
p NO Invalid login or password

This should be “p BAD Syntax error”, but nginx doesn’t care to
check syntax so strictly and allows any character after a
backslash.

Quoting RFC 3501, RFC 3501 - INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1

: quoted = DQUOTE *QUOTED-CHAR DQUOTE
:
: QUOTED-CHAR = /
: "" quoted-specials
:
: quoted-specials = DQUOTE / ""

In summary: fix the client.

–
Maxim D.
http://nginx.org/

S_S_SSSSS_S_S-SS_S · April 6, 2016, 7:09pm

for note, the client is saslauthd from cyrus-sasl package running with
-a rimap

Цитирование Maxim D. [email protected] :