From: Giampaolo Rodolà <g.rodola@gmail.com>
Date: Tue, 7 Dec 2010 18:54:43 +0000 (+0000)
Subject: backporting security fix of issue 9129 (smtpd module vulnerable to DoS attacks in... 
X-Git-Tag: v2.6.7~24
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8497f0a85d97e1d9660bbb450ba9f2dc8b03f87d;p=python

backporting security fix of issue 9129 (smtpd module vulnerable to DoS attacks in case of connection bashing)
---

diff --git a/Lib/smtpd.py b/Lib/smtpd.py
index c3bd6a5add..94bd8e6867 100755
--- a/Lib/smtpd.py
+++ b/Lib/smtpd.py
@@ -121,7 +121,15 @@ class SMTPChannel(asynchat.async_chat):
         self.__rcpttos = []
         self.__data = ''
         self.__fqdn = socket.getfqdn()
-        self.__peer = conn.getpeername()
+        try:
+            self.__peer = conn.getpeername()
+        except socket.error as err:
+            # a race condition  may occur if the other end is closing
+            # before we can get the peername
+            self.close()
+            if err.args[0] != errno.ENOTCONN:
+                raise
+            return
         print >> DEBUGSTREAM, 'Peer:', repr(self.__peer)
         self.push('220 %s %s' % (self.__fqdn, __version__))
         self.set_terminator('\r\n')
@@ -291,7 +299,20 @@ class SMTPServer(asyncore.dispatcher):
                 localaddr, remoteaddr)
 
     def handle_accept(self):
-        conn, addr = self.accept()
+        try:
+            conn, addr = self.accept()
+        except TypeError:
+            # sometimes accept() might return None
+            return
+        except socket.error as err:
+            # ECONNABORTED might be thrown
+            if err.args[0] != errno.ECONNABORTED:
+                raise
+            return
+        else:
+            # sometimes addr == None instead of (ip, port)
+            if addr == None:
+                return
         print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
         channel = SMTPChannel(self, conn, addr)
 
diff --git a/Misc/NEWS b/Misc/NEWS
index 550091cc75..449348ef6f 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,6 +19,8 @@ Core and Builtins
 Library
 -------
 
+- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
+  error handling when accepting a new connection.
 
 What's New in Python 2.6.6?
 ===========================
@@ -206,7 +208,7 @@ Library
 - Issue #8620: when a Cmd is fed input that reaches EOF without a final
   newline, it no longer truncates the last character of the last command line.
 
-- Issue #7066: archive_util.make_archive now restores the cwd if an error is 
+- Issue #7066: archive_util.make_archive now restores the cwd if an error is
   raised. Initial patch by Ezio Melotti.
 
 - Issue #5006: Better handling of unicode byte-order marks (BOM) in the io