Hello tech, Gilles,

This was reported on the -portable repository:

https://github.com/OpenSMTPD/OpenSMTPD/issues/1286

The problem is that upper-case pki labels are currently wrong.  Take
this configuration example:

	pki FOO key "/tmp/x.key"	# notice FOO uppercase
	pki FOO cert "/tmp/x.pem"
	action "local_mail" maildir
	match for local action "local_mail"
	listen on localhost port smtp tls pki FOO

the `listen' lines yields "pki name not found: FOO".

The issue stems from the fact that in the top-level `pki' handling
we lowercase the argument, while later we don't.

Instead of doing xlowercase() when looking it up, simply avoid to do it
in the first place.  IMHO labels should be case-sensitive (even if this
is an host name and so I might be convinced to always lowercase-ify it)

thoughs?


diff /usr/src
path + /usr/src
commit - bbd997546352f59b08791e6c93b351bbcc1f0a90
blob - b4cf1f21ddb02dce7a4911285e33eebfcf517067
file + usr.sbin/smtpd/parse.y
--- usr.sbin/smtpd/parse.y
+++ usr.sbin/smtpd/parse.y
@@ -388,7 +388,7 @@ MTA MAX_DEFERRED NUMBER  {
 
 pki:
 PKI STRING {
-	char buf[HOST_NAME_MAX+1];
+	size_t n;
 
 	/* if not catchall, check that it is a valid domain */
 	if (strcmp($2, "*") != 0) {
@@ -398,17 +398,22 @@ PKI STRING {
 			YYERROR;
 		}
 	}
-	xlowercase(buf, $2, sizeof(buf));
-	free($2);
-	pki = dict_get(conf->sc_pki_dict, buf);
+
+	pki = dict_get(conf->sc_pki_dict, $2);
 	if (pki == NULL) {
 		pki = xcalloc(1, sizeof *pki);
-		(void)strlcpy(pki->pki_name, buf, sizeof(pki->pki_name));
+		n = strlcpy(pki->pki_name, $2, sizeof(pki->pki_name));
+		if (n >= sizeof(pki->pki_name)) {
+			yyerror("domain name too long: %s", $2);
+			free($2);
+			YYERROR;
+		}
 		dict_set(conf->sc_pki_dict, pki->pki_name, pki);
 	}
+	free($2);
 } pki_params
 ;
- 
+
 pki_params_opt:
 CERT STRING {
 	pki->pki_cert_file = $2;