[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Zmailer denial-of-service attack

To: zmailer@nic.funet.fi
Subject: Zmailer denial-of-service attack
From: Tom Samplonius <tom@sdf.com>
Date: Mon, 12 Feb 1996 02:43:59 -0800 (PST)
Sender: Tom Samplonius <tom@sdf.com>


  The following message will cause the Zmailer 2.99.26 (probably 
earlier versions too) router to dump core.

-----------------------------
external
rcvdfrom cnossus.sdf.com ([204.191.196.36])
with SMTP
channel error
to <tom@sdf.com>
env-end
From: somebody <>
To: tom@sdf.com

Test

-----------------------------

  This kind of message is easy to create via a mail client like Eudora, 
and if you send a few copies, it will quickly kill off all routers, 
stopping all mail processing.  I'd recommend that everyone test that 
their router works properly by put the above message into a file, mode 
0600, and move it into the $POSTOFFICE/router directory.

  The problem is in ~/router/rfc822.c in the prctladdr() function.  The 
problem appears to be a double pointer dereference.  
The following patch removes the extra "*".


*** rfc822.c.orig	Mon Feb 12 02:24:42 1996
--- rfc822.c	Mon Feb 12 02:25:03 1996
***************
*** 1942,1948 ****
  			} else
  				x = l;
  			if (x != NULL) {
! 				if (*x->string == '\0')
  					putc('-', fp);
  				else
  					fprintf(fp, "%s", x->string);
--- 1942,1948 ----
  			} else
  				x = l;
  			if (x != NULL) {
! 				if (x->string == '\0')
  					putc('-', fp);
  				else
  					fprintf(fp, "%s", x->string);


Tom

Follow-Ups:
- Re: Zmailer denial-of-service attack
  - From: Matti Aarnio <mea@utu.fi> (Mon, 12 Feb 1996 22:37:56 +0200)

Prev by Date: Re: Netscape 2.0 and zmailer
Next by Date: Re: Zmailer denial-of-service attack
Prev by thread: zmailer-2.99.26 ready for pickup..
Next by thread: Re: Zmailer denial-of-service attack
Index(es):
- Date
- Thread