ukukhululwa kokulungisa ngokuqedwa kokubalulekile (), lokho ekucushweni okuzenzakalelayo kungaholela ekusebenziseni ikhodi yesilawuli kude yisihlaseli esinamalungelo empande. Inkinga ivela kuphela lapho ukwesekwa kwe-TLS kunikwe amandla futhi kusetshenziswa kabi ngokudlulisela isitifiketi seklayenti esiklanywe ngokukhethekile noma inani eliguquliwe ku-SNI. Ukuba sengozini by Qualys.
Inkinga kusibambi sokubalekela izinhlamvu ezikhethekile entanjeni ( kusuka kuyunithi yezinhlamvu.c) futhi kubangelwa uhlamvu lwe-'\' ekugcineni kweyunithi yezinhlamvu ezitolikwa ngaphambi kohlamvu olungenalutho ('\0') nokuphunyuka kulo. Lapho ubaleka, ukulandelana kwe-'\' kanye nekhodi yokuphela komugqa eyinull elandelayo kuthathwa njengohlamvu olulodwa futhi isikhombisi sishintshelwa kudatha engaphandle komugqa, ethathwa njengokuqhubeka komugqa.
Ikhodi yokubiza i-string_interpret_escape() yabela isilondolozi sokudonsa ngokususelwe kusayizi wangempela, futhi isikhombisi esiveziwe sigcina sisendaweni engaphandle kwemingcele yebhafa. Ngokufanelekile, lapho uzama ukucubungula iyunithi yezinhlamvu yokufaka, isimo siphakama lapho kufundwa idatha endaweni engaphandle kwemingcele yebhafa eyabelwe, futhi umzamo wokubhala iyunithi yezinhlamvu ezingaphunyuki ungaholela ekubhaleni ngale kwemingcele yebhafa.
Ekucushweni okuzenzakalelayo, ubungozi bungasetshenziswa ngokuthumela idatha eklanywe ngokukhethekile ku-SNI lapho kusungulwa uxhumano oluvikelekile kuseva. Inkinga ingase futhi isetshenziswe ngokushintsha amanani e-peerdn ekucushweni okulungiselelwe ukuqinisekiswa kwesitifiketi seklayenti noma lapho kungenisa izitifiketi. Ukuhlasela nge-SNI kanye ne-peerdn kungenzeka kusukela ekukhululweni , lapho umsebenzi we-string_unprinting() usetshenziswe khona ukuze kususwe ukuphrinta okuqukethwe kwe-peerdn ne-SNI.
I-prototype yokuxhaphaza isilungiselelwe ukuhlaselwa nge-SNI, esebenza ku-i386 kanye nezakhiwo ze-amd64 ezinhlelweni ze-Linux nge-Glibc. Ukuxhaphaza kusebenzisa imbondela yedatha endaweni yenqwaba, okuholela ekubhaleni phezu kwememori lapho kugcinwa khona igama lefayela lokungena. Igama lefayela lithathelwa indawo "/../../../../../../../../etc/passwd". Okulandelayo, okuguquguqukayo okunekheli lomthumeli kubhalwa ngaphezulu, okulondolozwe okokuqala kulogi, okukuvumela ukuthi wengeze umsebenzisi omusha ohlelweni.
Izibuyekezo zephakheji ezinokulungiswa kokuba sengozini ezikhishwe ngokusatshalaliswa , , , ΠΈ . Inkinga ye-RHEL ne-CentOS , njengoba i-Exim ingafakiwe kunqolobane yabo yephakheji evamile (in buyekeza , kodwa okwamanje endaweni yokugcina umphakathi). Kwikhodi ye-Exim inkinga ilungiswa ngomugqa owodwa , evimbela umphumela wokuphunyuka we-backslash uma usekupheleni komugqa.
Njengendlela yokwenza ukuvimba ukuba sengozini, ungakhubaza ukusekelwa kwe-TLS noma wengeze
Isigaba se-ACL βacl_smtp_mailβ:
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_sni}}}}
deny condition = ${if eq{\\}{${substr{-1}{1}{$tls_in_peerdn}}}}
Source: opennet.ru