From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id B17051FF13A for ; Wed, 10 Jun 2026 15:15:47 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 854B6E8D6; Wed, 10 Jun 2026 15:15:47 +0200 (CEST) From: Dominik Csapak To: pmg-devel@lists.proxmox.com Subject: [PATCH log-tracker] handle smtp filter message: prevent panicking with non-standard output Date: Wed, 10 Jun 2026 15:15:01 +0200 Message-ID: <20260610131513.2907268-1-d.csapak@proxmox.com> X-Mailer: git-send-email 2.47.3 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.049 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Message-ID-Hash: XAAJ5CALULXCKJ3IIUQMJUYRSRVAHLNZ X-Message-ID-Hash: XAAJ5CALULXCKJ3IIUQMJUYRSRVAHLNZ X-MailFrom: d.csapak@proxmox.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop; banned-address; emergency; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header X-Mailman-Version: 3.3.10 Precedence: list List-Id: Proxmox Mail Gateway development discussion List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Currently a custom checkscript can print it's output into the syslog under the guise of the pmg-smtp-filter unit, so it will picked up by the log tracker. In case there is a line with a delimiter and nothing after it, every thing before is detected as a qid but the remaining message only contains the delimiter. Prevent the panicking here by checking its length beforehand. While the real fix is either to prevent custom check scripts to output to syslog, or to prefix it with something we can filter away here, protecting against malformed output still makes sense. Signed-off-by: Dominik Csapak --- src/main.rs | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/main.rs b/src/main.rs index efdfd30..4787a36 100644 --- a/src/main.rs +++ b/src/main.rs @@ -115,6 +115,11 @@ fn handle_pmg_smtp_filter_message(msg: &[u8], parser: &mut Parser, complete_line Some((q, m)) => (q, m), None => return, }; + if data.len() < 2 { + // after the QID there is no separator and space, so it can't be a proper smtp-filter + // message. It's possibly output from a custom check script or a malformed log line. + return; + } // skip ': ' following the QID let data = &data[2..]; -- 2.47.3