Headline
CVE-2020-35680: smtpd's filter state machine can prematurely release resources · openbsd/src@6c32204
smtpd/lka_filter.c in OpenSMTPD before 6.8.0p1, in certain configurations, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted pattern of client activity, because the filter state machine does not properly maintain the I/O channel between the SMTP engine and the filters layer.
Permalink
Browse files
smtpd’s filter state machine can prematurely release resources
leading to a crash. From gilles@
- Loading branch information
millert committed
Dec 23, 2020
1 parent a02f695 commit 6c3220444ed06b5796dedfd53a0f4becd903c0d1
Showing 1 changed file with 1 addition and 6 deletions.
@@ -1,4 +1,4 @@
/* $OpenBSD: lka_filter.c,v 1.64 2020/12/20 13:27:46 martijn Exp $ */
/* $OpenBSD: lka_filter.c,v 1.65 2020/12/23 20:17:49 millert Exp $ */
/*
* Copyright © 2018 Gilles Chehade [email protected]
@@ -600,11 +600,6 @@ filter_session_io(struct io *io, int evt, void *arg)
filter_data(fs->id, line);
goto nextline;
case IO_DISCONNECTED:
io_free(fs->io);
fs->io = NULL;
break;
}
}
0 comments on commit 6c32204
Please sign in to comment.