Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
[Bug 2957] DoS In Proxy Protocol v2 handling
exim-dev at exim
Jan 6, 2023, 12:45 PM
Post #1 of 5 (291 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=2957

Jeremy Harris <jgh146exb@wizmail.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
See Also| |https://bugs.exim.org/show_
| |bug.cgi?id=2656

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2957] DoS In Proxy Protocol v2 handling [ In reply to ]
exim-dev at exim
Jan 6, 2023, 12:45 PM
Post #2 of 5 (291 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=2957

--- Comment #1 from Jeremy Harris <jgh146exb@wizmail.org> ---
While the version listed on this bug is 4.96+, a timeout was added for 4.95
which should addressed the situation given. Please verify that you are
actually running 4.96.

Ref: db889856a56c

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2957] DoS In Proxy Protocol v2 handling [ In reply to ]
exim-dev at exim
Jan 7, 2023, 4:59 AM
Post #3 of 5 (290 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=2957

--- Comment #2 from Kevin Massey <kevin.massey1189@gmail.com> ---
Exim version 4.96-91-9ba47886c is the specific version I am running.

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2957] DoS In Proxy Protocol v2 handling [ In reply to ]
exim-dev at exim
Jan 7, 2023, 5:18 AM
Post #4 of 5 (290 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=2957

--- Comment #3 from Kevin Massey <kevin.massey1189@gmail.com> ---
I haven't had much time to review the timeout from that commit, but at first
glance, it seems that the timeout is only referenced in the internal loop,
while the outer loop does not:

----------------------------------------------------------------------------------
do
{
do
{
retmore = read(fd, (uschar*)&hdr + ret, size-ret);
} while (retmore == -1 && errno == EINTR && !had_command_timeout);
if (retmore == -1)
goto proxyfail;
ret += retmore;
DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret,
size);
} while (ret < size);

}

----------------------------------------------------------------------------------

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
[Bug 2957] DoS In Proxy Protocol v2 handling [ In reply to ]
exim-dev at exim
Jan 8, 2023, 4:56 PM
Post #5 of 5 (290 views)
Permalink
https://bugs.exim.org/show_bug.cgi?id=2957

--- Comment #4 from Kevin Massey <kevin.massey1189@gmail.com> ---
After some additional testing, it seems that referencing the
had_command_timeout variable in the outer loop will fix this issue.

----------------------------------------------------------------------------------
do
{
do
{
retmore = read(fd, (uschar*)&hdr + ret, size-ret);
} while (retmore == -1 && errno == EINTR && !had_command_timeout);
if (retmore == -1)
goto proxyfail;
ret += retmore;
DEBUG(D_receive) debug_printf("PROXYv2: have %d/%d required octets\n", ret,
size);
} while ((ret < size) && !had_command_timeout);

}

----------------------------------------------------------------------------------

--
You are receiving this mail because:
You are on the CC list for the bug.
--
## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal