cpet/freebsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

MFH: r468996

Browse Source 
- Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body
    (i.e. when the dot appears on the line directly after the headers).
    This could be used by an attacker to exhaust resources.

PR:		227899
Submitted by:	grembo
Obtained from:	OpenSMTPD git repo (backported)

Approved by:	ports-secteam (riggs)
This commit is contained in:
Dima Panov 2018-05-07 07:17:33 +00:00
parent 0d1cbabe2f
commit 195973e587
Notes: svn2git 2021-03-31 03:12:20 +00:00 
svn path=/branches/2018Q2/; revision=469267
6 changed files with 62 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mail/opensmtpd-devel/Makefile
View File

@ -4,7 +4,7 @@
PORTNAME= opensmtpd
PORTVERSION= 201606220754
DISTVERSIONSUFFIX= p1
PORTREVISION= 4
PORTREVISION= 5
PORTEPOCH= 1
CATEGORIES= mail
MASTER_SITES= http://www.opensmtpd.org/archives/ \

19
mail/opensmtpd-devel/files/patch-smtpd-rfc2822.c Normal file
View File

@ -0,0 +1,19 @@
--- smtpd/rfc2822.c.orig 2018-05-01 13:33:10.000000000 +0000
+++ smtpd/rfc2822.c 2018-05-01 13:34:47.931554000 +0000
@@ -53,4 +53,7 @@
struct rfc2822_hdr_miss_cb *hdr_miss_cb;
+
+ if (!rp->in_hdr)
+ goto end;
TAILQ_FOREACH(hdr_cb, &rp->hdr_cb, next)
if (strcasecmp(hdr_cb->name, rp->header.name) == 0) {
@@ -151,6 +152,8 @@
return;
header_callback(rp);
+
+ missing_headers_callback(rp);
}
void

11
mail/opensmtpd-devel/files/patch-smtpd-smtp_session.c Normal file
View File

@ -0,0 +1,11 @@
--- smtpd/smtp_session.c.orig 2018-05-01 13:35:00.375262000 +0000
+++ smtpd/smtp_session.c 2018-05-01 13:37:22.637096000 +0000
@@ -1345,6 +1345,8 @@
s->dataeom = 1;
if (iobuf_queued(&s->obuf) == 0)
smtp_data_io_done(s);
+ else
+ io_reload(&s->oev);
return;
}

2
mail/opensmtpd/Makefile
View File

@ -4,7 +4,7 @@
PORTNAME= opensmtpd
PORTVERSION= 5.9.2p1
PORTEPOCH= 1
PORTREVISION= 5
PORTREVISION= 6
CATEGORIES= mail
MASTER_SITES= http://www.opensmtpd.org/archives/ \
http://distfiles.pirateparty.in/ashish/

19
mail/opensmtpd/files/patch-smtpd-rfc2822.c Normal file
View File

@ -0,0 +1,19 @@
--- smtpd/rfc2822.c.orig 2018-05-01 13:33:10.000000000 +0000
+++ smtpd/rfc2822.c 2018-05-01 13:34:47.931554000 +0000
@@ -53,4 +53,7 @@
struct rfc2822_hdr_miss_cb *hdr_miss_cb;
+
+ if (!rp->in_hdr)
+ goto end;
TAILQ_FOREACH(hdr_cb, &rp->hdr_cb, next)
if (strcasecmp(hdr_cb->name, rp->header.name) == 0) {
@@ -151,6 +152,8 @@
return;
header_callback(rp);
+
+ missing_headers_callback(rp);
}
void

11
mail/opensmtpd/files/patch-smtpd-smtp_session.c Normal file
View File

@ -0,0 +1,11 @@
--- smtpd/smtp_session.c.orig 2018-05-01 13:35:00.375262000 +0000
+++ smtpd/smtp_session.c 2018-05-01 13:37:22.637096000 +0000
@@ -1345,6 +1345,8 @@
s->dataeom = 1;
if (iobuf_queued(&s->obuf) == 0)
smtp_data_io_done(s);
+ else
+ io_reload(&s->oev);
return;
}