On 13/12/17 18:10, Andreas Metzler wrote:
> On 2017-12-13 admin@??? wrote:
>> https://bugs.exim.org/show_bug.cgi?id=2201
>
>> --- Comment #12 from Jeremy Harris <jgh146exb@???> ---
>> d21bf20 fixes the reproducer I created for the report with the re-open of the
>> bug. It turned out to actually be a different issue, in flushing input between
>> detecting an overlong header line and accepting further SMTP commands. The
>> flush
>> is required in its own right, but has the side-effect of dropping us out of
>> BDAT-handling mode.
>
> Hello,
>
> could you please spell out what the actual effects of the issue fixed by
> this patch are? Another security vulnarability, data loss, none of the
> above?
An unlimited recursion of the connection-handling process could be
induced, causing it to crash from stack exhaustion. The daemon was not
affected, this being a child of it. Disk space could be used up by
corefiles, if core dumps for suid processes were enabled (not a common
configuration).
--
Cheers,
Jeremy