Bug 227899 - mail/opensmtpd: Backport smtp state machine bug fix
Summary: mail/opensmtpd: Backport smtp state machine bug fix
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Dima Panov
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2018-05-01 14:07 UTC by Michael Gmelin
Modified: 2018-05-07 07:18 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (fluffy)

Attachments
Backported patch from upstream (2.35 KB, patch)
2018-05-01 14:07 UTC, Michael Gmelin 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Gmelin freebsd_committer freebsd_triage 2018-05-01 14:07:46 UTC 
Created attachment 192968 [details]
Backported patch from upstream

Backport a bug fix from upstream

https://github.com/OpenSMTPD/OpenSMTPD/commit/d5c50b04a521df881dc4eb53a4047b63857309e4#diff-7a3eeab700d4e5030a1be44aef0fee78

You can find a description of the problem here

https://www.mail-archive.com/misc@opensmtpd.org/msg03248.html

The bug addressed can lead to resource exhaustion (basically remote denial of service) and also prevents emails without a body from getting delivered.
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-05-03 23:18:15 UTC 
A commit references this bug:

Author: fluffy
Date: Thu May  3 23:17:25 UTC 2018
New revision: 468996
URL: https://svnweb.freebsd.org/changeset/ports/468996

Log:
  - Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body
      (i.e. when the dot appears on the line directly after the headers).
      This could be used by an attacker to exhaust resources.

  PR:		227899
  Submitted by:	grembo
  Obtained from:	OpenSMTPD git repo (backported)
  MFH:		2018Q2

Changes:
  head/mail/opensmtpd/Makefile
  head/mail/opensmtpd/files/patch-smtpd-rfc2822.c
  head/mail/opensmtpd/files/patch-smtpd-smtp_session.c
  head/mail/opensmtpd-devel/Makefile
  head/mail/opensmtpd-devel/files/patch-smtpd-rfc2822.c
  head/mail/opensmtpd-devel/files/patch-smtpd-smtp_session.c
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-05-07 07:18:21 UTC 
A commit references this bug:

Author: fluffy
Date: Mon May  7 07:17:34 UTC 2018
New revision: 469267
URL: https://svnweb.freebsd.org/changeset/ports/469267

Log:
  MFH: r468996

  - Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body
      (i.e. when the dot appears on the line directly after the headers).
      This could be used by an attacker to exhaust resources.

  PR:		227899
  Submitted by:	grembo
  Obtained from:	OpenSMTPD git repo (backported)

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/mail/opensmtpd/Makefile
  branches/2018Q2/mail/opensmtpd/files/patch-smtpd-rfc2822.c
  branches/2018Q2/mail/opensmtpd/files/patch-smtpd-smtp_session.c
  branches/2018Q2/mail/opensmtpd-devel/Makefile
  branches/2018Q2/mail/opensmtpd-devel/files/patch-smtpd-rfc2822.c
  branches/2018Q2/mail/opensmtpd-devel/files/patch-smtpd-smtp_session.c