Bug 227899

Summary: mail/opensmtpd: Backport smtp state machine bug fix
Product: Ports & Packages Reporter: Michael Gmelin <grembo>
Component: Individual Port(s)Assignee: Dima Panov <fluffy>
Status: Closed FIXED    
Severity: Affects Only Me Flags: bugzilla: maintainer-feedback? (fluffy)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Backported patch from upstream none

Description Michael Gmelin freebsd_committer freebsd_triage 2018-05-01 14:07:46 UTC 
Created attachment 192968 [details]
Backported patch from upstream

Backport a bug fix from upstream

https://github.com/OpenSMTPD/OpenSMTPD/commit/d5c50b04a521df881dc4eb53a4047b63857309e4#diff-7a3eeab700d4e5030a1be44aef0fee78

You can find a description of the problem here

https://www.mail-archive.com/misc@opensmtpd.org/msg03248.html

The bug addressed can lead to resource exhaustion (basically remote denial of service) and also prevents emails without a body from getting delivered.
Comment 1 commit-hook freebsd_committer freebsd_triage 2018-05-03 23:18:15 UTC 
A commit references this bug:

Author: fluffy
Date: Thu May  3 23:17:25 UTC 2018
New revision: 468996
URL: https://svnweb.freebsd.org/changeset/ports/468996

Log:
  - Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body
      (i.e. when the dot appears on the line directly after the headers).
      This could be used by an attacker to exhaust resources.

  PR:		227899
  Submitted by:	grembo
  Obtained from:	OpenSMTPD git repo (backported)
  MFH:		2018Q2

Changes:
  head/mail/opensmtpd/Makefile
  head/mail/opensmtpd/files/patch-smtpd-rfc2822.c
  head/mail/opensmtpd/files/patch-smtpd-smtp_session.c
  head/mail/opensmtpd-devel/Makefile
  head/mail/opensmtpd-devel/files/patch-smtpd-rfc2822.c
  head/mail/opensmtpd-devel/files/patch-smtpd-smtp_session.c
Comment 2 commit-hook freebsd_committer freebsd_triage 2018-05-07 07:18:21 UTC 
A commit references this bug:

Author: fluffy
Date: Mon May  7 07:17:34 UTC 2018
New revision: 469267
URL: https://svnweb.freebsd.org/changeset/ports/469267

Log:
  MFH: r468996

  - Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body
      (i.e. when the dot appears on the line directly after the headers).
      This could be used by an attacker to exhaust resources.

  PR:		227899
  Submitted by:	grembo
  Obtained from:	OpenSMTPD git repo (backported)

  Approved by:	ports-secteam (riggs)

Changes:
_U  branches/2018Q2/
  branches/2018Q2/mail/opensmtpd/Makefile
  branches/2018Q2/mail/opensmtpd/files/patch-smtpd-rfc2822.c
  branches/2018Q2/mail/opensmtpd/files/patch-smtpd-smtp_session.c
  branches/2018Q2/mail/opensmtpd-devel/Makefile
  branches/2018Q2/mail/opensmtpd-devel/files/patch-smtpd-rfc2822.c
  branches/2018Q2/mail/opensmtpd-devel/files/patch-smtpd-smtp_session.c