[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Router SIGSEGV

To: Matti Aarnio <mea@nic.funet.fi>
Subject: Re: Router SIGSEGV
From: "Mariano Absatz" <zmailer@lists.com.ar>
Date: Thu, 08 Jul 2004 12:45:56 -0300
CC: ZMailer Mailing List <zmailer@nic.funet.fi>
In-reply-to: <20040706081040.J13603@nic.funet.fi>
Organization: Pert Consultores
Original-Recipient: rfc822;zmailer-log@nic.funet.fi
References: <5DC7EB0268F3E549BA5ACFB1DDF1236D3B9EFD@mafalda.pert.com.ar>; from zmailer@lists.com.ar on Mon, Jul 05, 2004 at 11:57:50AM -0300
Sender: zmailer-owner@nic.funet.fi

El 6 Jul 2004 a las 8:10, Matti Aarnio escribió:

> On Mon, Jul 05, 2004 at 11:57:50AM -0300, zmailer wrote:
> > Hi,
> > 
> > We have found a problem with the router.
> > You can do a DOS attack by sending a simple 
> > mail.
> > 
> > Creating a To: field in the header like:
> > To: "\(AnyText"
> > 
> > the router dies with a SIGSEV whitout removing
> > the message, so it keeps processing it whit the same
> > result....
> 
> Let me guess, you are running this in a Linux system with newish glibc ?
> (it blows up to my face as well...)
Mmmhhh... well the server in which this happened originally, yes, it's a 
Fedora Core 1 with glibc 2.3.2...

However, all the testing and debugging was done in an older RedHat Linux 
7.2 with glibc 2.2.4...

> 
> It stems from  libsh/execute.c:1072  PRESUMING, that "FILE f" is
> stack allocated instance of FILE object..  which in glibc  does not
> happen :-(  Why does it break only in this ONE instance, I am not so
> sure..
> 
> Aargh...  Now I know ...  Millions of letters, and never used that
> one buggy (and obsolete and now removed) code-path.
> 
> I fixed the beast to survive crossbar rewrite in this form.
Mmmhh... I just updated from CVS... and I see quite a few changes these 
days... and I'm using older versions in several production servers that 
I'm a little scared to completely upgrade...

That is, I intentionally stopped updating since you started fiddling with 
the smtpserver architecture, since I'm using zmscanner and specialized 
'router-like' processes.

I have a few servers 'freezed' at CVS 2003-11-29 and quite a lot at 2004-
03-11.

Was this fixed only by modifying libsh/execute.c? or was it 
libsh/execute.c AND libsh/listutils.c? or maybe more files?

I intend to obtain a patch to the relevant files from the CVS commit at 
2004/07/06 05:19:42 and try to apply to my older (but not years old) 
versions...

Do you think that would do?

TIA

--
Mariano Absatz
El Baby
----------------------------------------------------------
I.R.S.: We've got what it takes to take what you've got!

-
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi

Follow-Ups:
- Re: Router SIGSEGV
  - From: Matti Aarnio <mea@nic.funet.fi> (Thu, 8 Jul 2004 20:47:44 +0300)

References:
- Router SIGSEGV
  - From: zmailer <zmailer@lists.com.ar>
- Re: Router SIGSEGV
  - From: Matti Aarnio <mea@nic.funet.fi>

Prev by Date: Re: scheduler.perflog
Next by Date: Re: Router SIGSEGV
Prev by thread: Re: Router SIGSEGV
Next by thread: Re: Router SIGSEGV
Index(es):
- Date
- Thread