[Fwd: Bug in the standalone QPopper.]

[Carles Xavier Munyoz Bald�]

Hi,
L forward the message I sent you last week reporting a bug about the
QPopper and the Standalone mode.
I haven't received any answer yet. Are you studing the problem ?

Greetings.
---
Carles Xavier Munyoz Bald� / [EMAIL PROTECTED]
Servicios IP - Experto en Sistemas IP
Wanadoo Espa�a - http://www.wanadoo.es/
Tel: +34 96 5040046 - Fax: +34 96 5040047
---

---

Hi,
I'm using the POP server QPopper 3.1.2 in standalone mode in my
UltraSparc computer with Solaris 2.6.

I have seen that sometimes (once time every day, approximately) the
listening popper process dies. Using the truss command (a system call
tracer) over the listening popper process I have discovered the reason
for which this process dies:
accept(3, 0xEFFFFC60, 0xEFFFFC24)               = 5
fork()                                          = 26330
close(5)                                        = 0
accept(3, 0xEFFFFC60, 0xEFFFFC24)               = 5
fork()                                          = 26331
close(5)                                        = 0
accept(3, 0xEFFFFC60, 0xEFFFFC24)               = 5
fork()                                          = 26332
close(5)                                        = 0
accept(3, 0xEFFFFC60, 0xEFFFFC24)               Err#130 ECONNABORTED
write(2, " p o p p e r :   S e r v".., 71)      Err#9 EBADF
fstat(4, 0xEFFFF5F0)                            = 0
time()                                          = 976629260
getpid()                                        = 1222 [1]
putmsg(4, 0xEFFFECA8, 0xEFFFEC9C, 0)            = 0
open("/etc/.syslog_door", O_RDONLY)             = 5
door_info(5, 0xEFFFEBE0)                        = 0
getpid()                                        = 1222 [1]
door_call(5, 0xEFFFEBC8)                        = 0
close(5)                                        = 0
sigaction(SIGABRT, 0x00000000, 0xEFFFFB10)      = 0
llseek(0, 0, SEEK_CUR)                          = 0
llseek(3, 0, SEEK_CUR)                          Err#29 ESPIPE
llseek(2, 0, SEEK_CUR)                          = 0
sigaction(SIGABRT, 0xEFFFF9E0, 0xEFFFFA60)      = 0
sigfillset(0xEF629808)                          = 0
sigprocmask(SIG_UNBLOCK, 0xEFFFFA90, 0x00000000) = 0
getpid()                                        = 1222 [1]
kill(1222, SIGABRT)                             = 0
    Received signal #6, SIGABRT [default]
      siginfo: SIGABRT pid=1222 uid=0
        *** process killed ***


Looking at the source code I have seen that Qpopper considers the
ECONNABORTED error returned by the system call accept as a fatal error
and when it receives it, finish its execution.

This may be used as a DNS attack, for this reason I have made this patch
to the main.c file:
504c504
<             if ( errno == EINTR )
---
>             if ( errno == EINTR || errno==ECONNABORTED || errno==EPROTO )


In the attached image of this email you can see the section 5.11 of the
book Unix Network Programming (W. Richard Stevens, ISBN: 0-13-490012-X),
in which Stevens explains when the errors ECONNABORTED and EPROTO are
generated by the system call accept, and why they are considered
nonfatal errors.

I hope this helps you and wait for news about this possible bug.
Greetings.
---
Carles Xavier Munyoz Bald� / [EMAIL PROTECTED]
Servicios IP - Experto en Sistemas IP
Wanadoo Espa�a - http://www.wanadoo.es/
Tel: +34 96 5040046 - Fax: +34 96 5040047
---

---