On 06.05.2014 19:06, Jochen Bern wrote:
On 06.05.2014 14:14, Timo Sirainen wrote:
There was bug where a broken handshake could have caused 100% CPU usage. Maybe the same problem could happen in a slightly different way and also not cause CPU usage. http://hg.dovecot.org/dovecot-2.2/rev/c0236d1c4a04 fixes this.
Although even then .. I'm not sure why the process wouldn't die sooner.
Thanks for the pointers. We're having a change management and an official-repos-if-at-all-possible policy going on, so I'll likely start with adding just this patch
To follow up: I added the mentioned patch (and the one from CVE-2014-3430) and the imap-login processes now go away after ~3 minutes.
Unfortunately, the client('s network) in question changed its behavior *before* the update, and I never succeeded in reproducing the problem. The tcpdumps of the client mis-connections *now* *look* similar to the ones I took during the original problem, though, so I'm Rather Certain (tm) that the original problem's fixed. :-}
Thanks again, J. Bern
*NEU* - NEC IT-Infrastruktur-Produkte im <http://www.linworks-shop.de/>: Server--Storage--Virtualisierung--Management SW--Passion for Performance Jochen Bern, Systemingenieur --- LINworks GmbH <http://www.LINworks.de/> Postfach 100121, 64201 Darmstadt | Robert-Koch-Str. 9, 64331 Weiterstadt PGP (1024D/4096g) FP = D18B 41B1 16C0 11BA 7F8C DCF7 E1D5 FAF4 444E 1C27 Tel. +49 6151 9067-231, Zentr. -0, Fax -299 - Amtsg. Darmstadt HRB 85202 Unternehmenssitz Weiterstadt, Geschäftsführer Metin Dogan, Oliver Michel