[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Router SIGSEGV
On Mon, Jul 05, 2004 at 11:57:50AM -0300, zmailer wrote:
> We have found a problem with the router.
> You can do a DOS attack by sending a simple
> Creating a To: field in the header like:
> To: "\(AnyText"
> the router dies with a SIGSEV whitout removing
> the message, so it keeps processing it whit the same
Let me guess, you are running this in a Linux system with newish glibc ?
(it blows up to my face as well...)
It stems from libsh/execute.c:1072 PRESUMING, that "FILE f" is
stack allocated instance of FILE object.. which in glibc does not
happen :-( Why does it break only in this ONE instance, I am not so
Aargh... Now I know ... Millions of letters, and never used that
one buggy (and obsolete and now removed) code-path.
I fixed the beast to survive crossbar rewrite in this form.
> Any text, between double quotes starting with a
> backslash parenthesis, but without a mail address
> between less and greater than.
The backslash isn't necessary there to cause the original trouble..
> I'm testing this on a zmailer-2.99.56 version,
> but 2.99.56-patch1pre2 has the same problem.
> We have been looking but didn't find the problem yet.
> So, if somebody can help....
> EHLO x
> MAIL FROM:<firstname.lastname@example.org>
> RCPT TO:<email@example.com>
> From: firstname.lastname@example.org
> To: "\(Troubles"
> Subject: DDOS
/Matti Aarnio <email@example.com>
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to firstname.lastname@example.org
- Re: Router SIGSEGV
- From: "Mariano Absatz" <email@example.com> (Thu, 8 Jul 2004 18:46:28 +0300)