On Sun, Oct 09, 2016 at 02:53:46PM +0200, Gilles Chehade wrote:
> On Sun, Oct 09, 2016 at 02:23:51PM +1300, James Pole wrote:
> > Hello,
> > I have observed that OpenSMTPD hangs when you try to deliver a message with
> > an empty body (i.e. when the dot appears on the line directly after the
> > headers).
> I can reproduce and it is indeed a bug, however this does not really hang
> OpenSMTPD, it "hangs" the session which sent the empty body until it
> times out or disconnects.
I did some further testing with eric@ as we fixed this, and it turns out
that I did a mistake when testing for timeout / disconnect, the sessions
that are hanged do not go away and retain a descriptor forever.
This could be used by an attacker to exhaust resources so we published a
bugfix release that solves this issue and credited you in release note.
Thanks for reporting ;-)
You received this mail because you are subscribed to email@example.com
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org