from Hacker News

Pipelined State Machine Corruption

by zdw on 6/17/25, 12:33 PM with 5 comments

  • by capitainenemo on 6/20/25, 3:05 PM

    SMTP pipelining was actually the cause of fairly recently discovered vulnerability. https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-... https://www.postfix.org/smtp-smuggling.html

    Probably the main reason it is recommended against.

  • by juped on 6/20/25, 7:20 AM

    Erlang gen_statem permits you to postpone an event, putting it in a queue that's retried after the next state change (before moving to new events). So the MAIL FROM would put you in handle_mail_from state, and while you're in it you postpone any RCPT TOs.

    Of course this might be a dumb example in this case because the process mailbox will do the right thing and be a queue if you just blockingly make the dns request in your handler process. (It also might not be, I don't know enough about the smtp state machine to say.)

  • by fweimer on 6/20/25, 9:00 PM

    I think it's more likely that it's caused by lack of read buffering in early implementations. The function that reads an SMTP command just reads whatever it can get from the kernel. If the connection is half-duplex as expected (following the one command, one response pattern), there will only ever be one SMTP command in the buffer after the read returns. With pipelining, that is no longer true, and the implementer has to figure out how to do proper buffer management.

    (I don't why this is not mentioned in RFC 2920.)

  • by nayuki on 6/20/25, 3:21 PM

    Java's virtual threads really seem like the correct solution to this problem. Each SMTP connection would get its own reader thread, and would spawn a DNS query thread and synchronously wait on it until the response comes back.

  • by pixl97 on 6/20/25, 3:15 PM

    >The vulnerability was introduced many decades ago in Sendmail, by allowing the non-standard <LF> line ending in addition to the standard <CR><LF>. For compatibility with programs that expect Sendmail behavior, the non-standard <LF> line ending was also allowed by other SMTP servers including Postfix and Exim.

    Sendmail, just say no.