From: "Omar Polo" Subject: smtpd vs upper-case pki labels To: tech@openbsd.org Cc: "Gilles Chehade" Date: Sun, 15 Jun 2025 10:21:27 +0200 Hello tech, Gilles, This was reported on the -portable repository: https://github.com/OpenSMTPD/OpenSMTPD/issues/1286 The problem is that upper-case pki labels are currently wrong. Take this configuration example: pki FOO key "/tmp/x.key" # notice FOO uppercase pki FOO cert "/tmp/x.pem" action "local_mail" maildir match for local action "local_mail" listen on localhost port smtp tls pki FOO the `listen' lines yields "pki name not found: FOO". The issue stems from the fact that in the top-level `pki' handling we lowercase the argument, while later we don't. Instead of doing xlowercase() when looking it up, simply avoid to do it in the first place. IMHO labels should be case-sensitive (even if this is an host name and so I might be convinced to always lowercase-ify it) thoughs? diff /usr/src path + /usr/src commit - bbd997546352f59b08791e6c93b351bbcc1f0a90 blob - b4cf1f21ddb02dce7a4911285e33eebfcf517067 file + usr.sbin/smtpd/parse.y --- usr.sbin/smtpd/parse.y +++ usr.sbin/smtpd/parse.y @@ -388,7 +388,7 @@ MTA MAX_DEFERRED NUMBER { pki: PKI STRING { - char buf[HOST_NAME_MAX+1]; + size_t n; /* if not catchall, check that it is a valid domain */ if (strcmp($2, "*") != 0) { @@ -398,17 +398,22 @@ PKI STRING { YYERROR; } } - xlowercase(buf, $2, sizeof(buf)); - free($2); - pki = dict_get(conf->sc_pki_dict, buf); + + pki = dict_get(conf->sc_pki_dict, $2); if (pki == NULL) { pki = xcalloc(1, sizeof *pki); - (void)strlcpy(pki->pki_name, buf, sizeof(pki->pki_name)); + n = strlcpy(pki->pki_name, $2, sizeof(pki->pki_name)); + if (n >= sizeof(pki->pki_name)) { + yyerror("domain name too long: %s", $2); + free($2); + YYERROR; + } dict_set(conf->sc_pki_dict, pki->pki_name, pki); } + free($2); } pki_params ; - + pki_params_opt: CERT STRING { pki->pki_cert_file = $2;