[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How aggressively to reject Pipelining errors?




On 07/10/2011 01:43, Carl S. Gutekunst wrote:

In order to deal with the STARTTLS plaintext command injection vulnerability (CERT VU#555316), I added a check in my commands parser to error out on "illegal pipelining": if there is anything in the read I/O buffer when there shouldn't be, I return a 421 response and drop the connection.
Hang on, I'm worrying now - we don't do anything special about checking the I/O buffer here, but I'm not sure how it could be abused.

If the client sends STARTTLS and other commands, then how would it get through the STARTTLS negotiation, since it won't be able to pipeline the negotiation data (not knowing what any challenges will be), so the STARTTLS will fail, and the other pipelined commands will be processed outside the TLS session.

Or, am I missing something?