Fwd: Mailscanner child freezes

[Glenn Steen]

2008/11/22 Glenn Steen <glenn.steen at gmail.com>:
> 2008/11/21 Scott Silva <ssilva at sgvwater.com>:
>> on 11-21-2008 7:10 AM Glenn Steen spake the following:
>>> Guys,
>>>
>>> I know my quoting style will drive you nuts, but ... please look at this.
>>> It's a heads up for 4.72.5, keep a lookout for children busy-looping
>>> while "cleaning messages".
>>> Hopefully Jules, or one of you, will have a solution ... really quick.
>>>
>>> Cheers
>>> -- Glenn
>>>
>> Glenn,
>> If you have a sample of this available, I can run it through my sendmail box
>> and see if it is only postfix related or deeper.
>>
> The trouble is in Message.pm, so it probably affects all. You can
> easily create a testcase yourself:
> zip any file into an archive called "archive.zip" (or whatever you
Any file that would require cleaning, that is ... Like an executable
(don't need be an exe, just something named .exe).

> like:-), then zip "archive.zip" into a new zip file named
> "archive.zip"... then send it through .... Keep an eye on top and
> you'll see one MS child "get stuck" in "cleaning messages" eating
> close to 100% CPU.
> This bug only affect 4.72.5 (and later, from what it seems ... from
> reading the code), so all who run 4.71 are unaffected.
>
> Since this is easily and readily exploitable, I hesitated "going
> public" with this... I'm looking at finding a solution (it should be
> something simple, either safeguarding when constructing the hashes, or
> "loop-detecting" when travesing the "hash list"), but as always...
> Jules genius (and superior understanding of all nuances of the code)
> would likely find a simple solution to this in no time at all:-).
>
> I'd appreciate if you did do a test Scott.
>
> Cheers
> --
> -- Glenn
> email: glenn < dot > steen < at > gmail < dot > com
> work: glenn < dot > steen < at > ap1 < dot > se
>



-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se