Reject STARTTLS when already active or with excessive parameters

author: Runxi Yu <me@runxiyu.org> 2025-01-12 13:49:27 +0800
committer: Runxi Yu <me@runxiyu.org> 2025-01-12 13:49:27 +0800
commit: a520d623224197e417b278853c8d6ff112461dfa (patch)
tree: 86c011dda68b578709116446483d622ce3082aaa
parent: Add incoming STARTTLS support (diff)
download: maild-a520d623224197e417b278853c8d6ff112461dfa.tar.gz
maild-a520d623224197e417b278853c8d6ff112461dfa.tar.zst
maild-a520d623224197e417b278853c8d6ff112461dfa.zip
1 files changed, 10 insertions, 0 deletions
diff --git a/mta_recv.go b/mta_recv.go
index 3f7f473..0ca81d9 100644
--- a/mta_recv.go
+++ b/mta_recv.go
@@ -56,6 +56,16 @@ func handle_incoming_server_connection(buf_conn *bufio.ReadWriter, net_conn *net
 	switch_cmd:
 		switch cmd {
 		case "STARTTLS":
+			if param != "" {
+				_, _ = buf_conn.WriteString("501 5.5.4 Syntax error (no parameters allowed)\r\n")
+				_ = buf_conn.Flush()
+				break
+			}
+			if tls_conn != nil {
+				_, _ = buf_conn.WriteString("554 5.5.1 Error: TLS already active\r\n")
+				_ = buf_conn.Flush()
+				break
+			}
 			_, _ = buf_conn.WriteString("220 2.0.0 Ready to start TLS\r\n")
 			_ = buf_conn.Flush()
 			tls_conn = tls.Server(*net_conn, tls_config)
author	Runxi Yu <me@runxiyu.org>	2025-01-12 13:49:27 +0800
committer	Runxi Yu <me@runxiyu.org>	2025-01-12 13:49:27 +0800
commit	a520d623224197e417b278853c8d6ff112461dfa (patch)
tree	86c011dda68b578709116446483d622ce3082aaa
parent	Add incoming STARTTLS support (diff)
download	maild-a520d623224197e417b278853c8d6ff112461dfa.tar.gz maild-a520d623224197e417b278853c8d6ff112461dfa.tar.zst maild-a520d623224197e417b278853c8d6ff112461dfa.zip