- Prevent OpenSMTPD session hangs and retain a descriptor forever on empty body

(i.e. when the dot appears on the line directly after the headers). This could be used by an attacker to exhaust resources. PR: 227899 Submitted by: grembo Obtained from: OpenSMTPD git repo (backported) MFH: 2018Q2
2018-05-03 23:17:24 +00:00
parent 8e0c383b2c
commit 4e17d75935
6 changed files with 62 additions and 2 deletions
--- a/mail/opensmtpd-devel/Makefile
+++ b/mail/opensmtpd-devel/Makefile
@@ -4,7 +4,7 @@
 PORTNAME=	opensmtpd
 PORTVERSION=	201606220754
 DISTVERSIONSUFFIX=	p1
-PORTREVISION=	4
+PORTREVISION=	5
 PORTEPOCH=	1
 CATEGORIES=	mail
 MASTER_SITES=	http://www.opensmtpd.org/archives/ \
--- a/mail/opensmtpd-devel/files/patch-smtpd-rfc2822.c
+++ b/mail/opensmtpd-devel/files/patch-smtpd-rfc2822.c
@@ -0,0 +1,19 @@
+--- smtpd/rfc2822.c.orig	2018-05-01 13:33:10.000000000 +0000
+++ smtpd/rfc2822.c	2018-05-01 13:34:47.931554000 +0000
+@@ -53,4 +53,7 @@
+ 	struct rfc2822_hdr_miss_cb	*hdr_miss_cb;
+ 	
+ 	if (!rp->in_hdr)
+		goto end;
+ 
+ 	TAILQ_FOREACH(hdr_cb, &rp->hdr_cb, next)
+ 	    if (strcasecmp(hdr_cb->name, rp->header.name) == 0) {
+@@ -151,6 +152,8 @@
+ 		return;
+ 
+ 	header_callback(rp);
+
+	missing_headers_callback(rp);
+ }
+ 
+ void
--- a/mail/opensmtpd-devel/files/patch-smtpd-smtp_session.c
+++ b/mail/opensmtpd-devel/files/patch-smtpd-smtp_session.c
@@ -0,0 +1,11 @@
+--- smtpd/smtp_session.c.orig	2018-05-01 13:35:00.375262000 +0000
+++ smtpd/smtp_session.c	2018-05-01 13:37:22.637096000 +0000
+@@ -1345,6 +1345,8 @@
+ 			s->dataeom = 1;
+ 			if (iobuf_queued(&s->obuf) == 0)
+ 				smtp_data_io_done(s);
+			else
+				io_reload(&s->oev);
+ 			return;
+ 		}
+ 
--- a/mail/opensmtpd/Makefile
+++ b/mail/opensmtpd/Makefile
@@ -4,7 +4,7 @@
 PORTNAME=	opensmtpd
 PORTVERSION=	5.9.2p1
 PORTEPOCH=	1
-PORTREVISION=	5
+PORTREVISION=	6
 CATEGORIES=	mail
 MASTER_SITES=	http://www.opensmtpd.org/archives/ \
 		http://distfiles.pirateparty.in/ashish/
--- a/mail/opensmtpd/files/patch-smtpd-rfc2822.c
+++ b/mail/opensmtpd/files/patch-smtpd-rfc2822.c
@@ -0,0 +1,19 @@
+--- smtpd/rfc2822.c.orig	2018-05-01 13:33:10.000000000 +0000
+++ smtpd/rfc2822.c	2018-05-01 13:34:47.931554000 +0000
+@@ -53,4 +53,7 @@
+ 	struct rfc2822_hdr_miss_cb	*hdr_miss_cb;
+ 	
+ 	if (!rp->in_hdr)
+		goto end;
+ 
+ 	TAILQ_FOREACH(hdr_cb, &rp->hdr_cb, next)
+ 	    if (strcasecmp(hdr_cb->name, rp->header.name) == 0) {
+@@ -151,6 +152,8 @@
+ 		return;
+ 
+ 	header_callback(rp);
+
+	missing_headers_callback(rp);
+ }
+ 
+ void
--- a/mail/opensmtpd/files/patch-smtpd-smtp_session.c
+++ b/mail/opensmtpd/files/patch-smtpd-smtp_session.c
@@ -0,0 +1,11 @@
+--- smtpd/smtp_session.c.orig	2018-05-01 13:35:00.375262000 +0000
+++ smtpd/smtp_session.c	2018-05-01 13:37:22.637096000 +0000
+@@ -1345,6 +1345,8 @@
+ 			s->dataeom = 1;
+ 			if (iobuf_queued(&s->obuf) == 0)
+ 				smtp_data_io_done(s);
+			else
+				io_reload(&s->oev);
+ 			return;
+ 		}
+