On Sun, Oct 09, 2016 at 02:53:46PM +0200, Gilles Chehade wrote:
> On Sun, Oct 09, 2016 at 02:23:51PM +1300, James Pole wrote:
> > Hello,
> >
> Hello,
> > I have observed that OpenSMTPD hangs when you try to deliver a message with 
> > an empty body (i.e. when the dot appears on the line directly after the 
> > headers).
> >
> I can reproduce and it is indeed a bug, however this does not really hang
> OpenSMTPD, it "hangs" the session which sent the empty body until it
> times out or disconnects.


I did some further testing with eric@ as we fixed this, and it turns out
that I did a mistake when testing for timeout / disconnect, the sessions
that are hanged do not go away and retain a descriptor forever.

This could be used by an attacker to exhaust resources so we published a
bugfix release that solves this issue and credited you in release note.

Thanks for reporting ;-)

Gilles Chehade

https://www.poolp.org                                          @poolpOrg

You received this mail because you are subscribed to misc@opensmtpd.org
To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org

Reply via email to