From eb212116dc7433717e441f83848df300a55c96f7 Mon Sep 17 00:00:00 2001
From: Zachary Wasserman <zachwass2000@gmail.com>
Date: Thu, 30 May 2019 12:02:17 -0700
Subject: [PATCH] Merge pull request from GHSA-6g7f-8qm4-f7h8

When LOGIN authentication was used, Fleet would send SMTP credentials
even if the connection the SMTP server was not secured via TLS.

Copying the pattern used in the standard library PlainAuth
implementation, we now only send credentials when the connection is
secure or the server is localhost.
---
 server/mail/mail.go | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/server/mail/mail.go b/server/mail/mail.go
index 574993ad42..4832d1afcf 100644
--- a/server/mail/mail.go
+++ b/server/mail/mail.go
@@ -74,13 +74,26 @@ func (m mailService) SendEmail(e kolide.Email) error {
 type loginauth struct {
 	username string
 	password string
+	host     string
 }
 
-func LoginAuth(username, password string) smtp.Auth {
-	return &loginauth{username: username, password: password}
+func LoginAuth(username, password, host string) smtp.Auth {
+	return &loginauth{username: username, password: password, host: host}
 }
 
-func (l *loginauth) Start(serverInfo *smtp.ServerInfo) (proto string, toServer []byte, err error) {
+func isLocalhost(name string) bool {
+	return name == "localhost" || name == "127.0.0.1" || name == "::1"
+}
+
+func (l *loginauth) Start(server *smtp.ServerInfo) (proto string, toServer []byte, err error) {
+	if !server.TLS && !isLocalhost(server.Name) {
+		return "", nil, errors.New("unencrypted connection")
+	}
+
+	if server.Name != l.host {
+		return "", nil, errors.New("wrong host name")
+	}
+
 	return "LOGIN", nil, nil
 }
 
@@ -111,7 +124,7 @@ func smtpAuth(e kolide.Email) (smtp.Auth, error) {
 	case kolide.AuthMethodPlain:
 		auth = smtp.PlainAuth("", e.Config.SMTPUserName, e.Config.SMTPPassword, e.Config.SMTPServer)
 	case kolide.AuthMethodLogin:
-		auth = LoginAuth(e.Config.SMTPUserName, e.Config.SMTPPassword)
+		auth = LoginAuth(e.Config.SMTPUserName, e.Config.SMTPPassword, e.Config.SMTPServer)
 	default:
 		return nil, fmt.Errorf("unknown SMTP auth type '%d'", e.Config.SMTPAuthenticationMethod)
 	}