[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Zmailer denial-of-service attack
> The following message will cause the Zmailer 2.99.26 (probably
> earlier versions too) router to dump core.
> -----------------------------
...
> This kind of message is easy to create via a mail client like Eudora,
> and if you send a few copies, it will quickly kill off all routers,
> stopping all mail processing. I'd recommend that everyone test that
> their router works properly by put the above message into a file, mode
> 0600, and move it into the $POSTOFFICE/router directory.
>
> The problem is in ~/router/rfc822.c in the prctladdr() function. The
> problem appears to be a double pointer dereference.
> The following patch removes the extra "*".
The patch is incorrect (dreadfull words..) here is the correct way:
(manually edited into your patch)
*** rfc822.c.orig Mon Feb 12 02:24:42 1996
--- rfc822.c Mon Feb 12 02:25:03 1996
***************
*** 1942,1948 ****
} else
x = l;
if (x != NULL) {
! if (*x->string == '\0')
putc('-', fp);
else
fprintf(fp, "%s", x->string);
--- 1942,1948 ----
} else
x = l;
if (x != NULL) {
! if (x->string == NULL || *x->string == '\0')
putc('-', fp);
else
fprintf(fp, "%s", x->string);
-----------------------
However it should not be needed in the first place..
This means that on quad of channel/host/addr/attrs
the host entry was not a string at all, rather some
LISPish list..
> Tom
/Matti Aarnio