[Dovecot] Apple patches 6-8
Timo Sirainen
tss at iki.fi
Fri Dec 19 09:58:51 EET 2008
On Wed, 2008-12-17 at 09:35 -0600, Mike Abbott wrote:
> Here are a few more patches. Still keeping it easy for now. Again
> the basis for these patches is dovecot-1.1.7.
>
> Patch #6. Solve a cross-compilation endianness issue. Currently,
> Dovecot assumes that the endianness of the build system is the same as
> the endianness of the runtime system. This is not necessarily true.
> We ran into this while compiling for i386 on a ppc machine. The patch
> switches to using gcc's __BIG_ENDIAN__ macro; see the comment in the
> patch to configure.in. It also removes the related and unused
> MAIL_INDEX_COMPAT_FLAGS parameter. This patch may be applicable to
> other build environments with a little tweaking.
http://hg.dovecot.org/dovecot-1.1/rev/fdcb5fc6f2d9
> Patch #7. Replace all occurrences of "hash_create" and "hash_destroy"
> with "hash_table_create" and "hash_table_destroy" respectively. The
> symbols hash_create and hash_destroy conflict with symbols defined in
> <strhash.h> and libc. This showed up when loading dovecot's quota
> plugin (one of our future patches will add a hash table to it; stay
> tuned). The wrong hash_create was called which caused a crash at the
> first hash_insert. Apparently this is only a problem in loaded
> dynamic libraries and not linked-in ones.
If you start renaming API functions, rename all of them for
consistency. :) Probably will stay v1.2-only.
http://hg.dovecot.org/dovecot-1.2/rev/f9166a09423a
> Patch #8. Back off after auth failures to deter abusers. Stalls 5
> seconds per failed attempt.
http://hg.dovecot.org/dovecot-1.2/rev/1b744c38bcac
http://hg.dovecot.org/dovecot-1.2/rev/164569761647
Your code disabled idle timeout entirely while waiting for the auth
failure reply. This doesn't seem such a good idea to me. Rather it
sounds like an easy way to DoS the server. Just connect, send about 100
failing LOGIN commands and then do nothing for the next 7 hours (besides
what's necessary to keep the TCP connection alive). Repeat with some
thousands of clients.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://dovecot.org/pipermail/dovecot/attachments/20081219/8c497a36/attachment.bin
More information about the dovecot
mailing list