backporting security fix of issue 9129 (smtpd module vulnerable to DoS attacks in case of connection bashing)
diff --git a/Lib/smtpd.py b/Lib/smtpd.py
index c3bd6a5..94bd8e6 100755
--- a/Lib/smtpd.py
+++ b/Lib/smtpd.py
@@ -121,7 +121,15 @@
self.__rcpttos = []
self.__data = ''
self.__fqdn = socket.getfqdn()
- self.__peer = conn.getpeername()
+ try:
+ self.__peer = conn.getpeername()
+ except socket.error as err:
+ # a race condition may occur if the other end is closing
+ # before we can get the peername
+ self.close()
+ if err.args[0] != errno.ENOTCONN:
+ raise
+ return
print >> DEBUGSTREAM, 'Peer:', repr(self.__peer)
self.push('220 %s %s' % (self.__fqdn, __version__))
self.set_terminator('\r\n')
@@ -291,7 +299,20 @@
localaddr, remoteaddr)
def handle_accept(self):
- conn, addr = self.accept()
+ try:
+ conn, addr = self.accept()
+ except TypeError:
+ # sometimes accept() might return None
+ return
+ except socket.error as err:
+ # ECONNABORTED might be thrown
+ if err.args[0] != errno.ECONNABORTED:
+ raise
+ return
+ else:
+ # sometimes addr == None instead of (ip, port)
+ if addr == None:
+ return
print >> DEBUGSTREAM, 'Incoming connection from %s' % repr(addr)
channel = SMTPChannel(self, conn, addr)
diff --git a/Misc/NEWS b/Misc/NEWS
index 550091c..449348e 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -19,6 +19,8 @@
Library
-------
+- Issue #9129: smtpd.py is vulnerable to DoS attacks deriving from missing
+ error handling when accepting a new connection.
What's New in Python 2.6.6?
===========================
@@ -206,7 +208,7 @@
- Issue #8620: when a Cmd is fed input that reaches EOF without a final
newline, it no longer truncates the last character of the last command line.
-- Issue #7066: archive_util.make_archive now restores the cwd if an error is
+- Issue #7066: archive_util.make_archive now restores the cwd if an error is
raised. Initial patch by Ezio Melotti.
- Issue #5006: Better handling of unicode byte-order marks (BOM) in the io