[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Router SIGSEGV
El 6 Jul 2004 a las 8:10, Matti Aarnio escribió:
> On Mon, Jul 05, 2004 at 11:57:50AM -0300, zmailer wrote:
> > Hi,
> > We have found a problem with the router.
> > You can do a DOS attack by sending a simple
> > mail.
> > Creating a To: field in the header like:
> > To: "\(AnyText"
> > the router dies with a SIGSEV whitout removing
> > the message, so it keeps processing it whit the same
> > result....
> Let me guess, you are running this in a Linux system with newish glibc ?
> (it blows up to my face as well...)
Mmmhhh... well the server in which this happened originally, yes, it's a
Fedora Core 1 with glibc 2.3.2...
However, all the testing and debugging was done in an older RedHat Linux
7.2 with glibc 2.2.4...
> It stems from libsh/execute.c:1072 PRESUMING, that "FILE f" is
> stack allocated instance of FILE object.. which in glibc does not
> happen :-( Why does it break only in this ONE instance, I am not so
> Aargh... Now I know ... Millions of letters, and never used that
> one buggy (and obsolete and now removed) code-path.
> I fixed the beast to survive crossbar rewrite in this form.
Mmmhh... I just updated from CVS... and I see quite a few changes these
days... and I'm using older versions in several production servers that
I'm a little scared to completely upgrade...
That is, I intentionally stopped updating since you started fiddling with
the smtpserver architecture, since I'm using zmscanner and specialized
I have a few servers 'freezed' at CVS 2003-11-29 and quite a lot at 2004-
Was this fixed only by modifying libsh/execute.c? or was it
libsh/execute.c AND libsh/listutils.c? or maybe more files?
I intend to obtain a patch to the relevant files from the CVS commit at
2004/07/06 05:19:42 and try to apply to my older (but not years old)
Do you think that would do?
I.R.S.: We've got what it takes to take what you've got!
To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to firstname.lastname@example.org