Re: [Exim] Possible DOS for Exim

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Mark Morley
日付:  
To: exim-users
CC: Mark Morley
題目: Re: [Exim] Possible DOS for Exim
> > If you inject a message into the system that contains a HUGE number of
> > headers, the filter processing routines seem to go into some sort of
> > endless loop, continuously allocating more and more RAM.
>
> The case I saw before was using $message_headers in the filter file. I
> have fixed this in Exim 4 by restricting the length of $message_headers
> to 64K.


Ah, ok, that's probably it then. But even with 1,500 Apparently-to: headers,
the overall size of all the headers combined was still less than 100K, yet
Exim allocates well over 500 *megs* of RAM. I haven't looked too closely at
that code yet, but obviously it's allocating far more memory than is needed
to simply store the headers even multiple times.

> I'm about to release the next pre-release of Exim 4 (tomorrow). Any
> competent programmer (grin) should be able to retro-fit the changes in
> the expand.c module to Exim 3. They are pretty localized.


What happenes when it reaches the 64K limit? Will it give up and exit like
it does when it uses up all available RAM? Or will a queue runner freeze
the message and carry on with the next one?

Mark