Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP4:Update
nginx.27554
nginx-mitigate_alpaca_connection_attack_email.p...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File nginx-mitigate_alpaca_connection_attack_email.patch of Package nginx.27554
# HG changeset patch # User Maxim Dounin <mdounin@mdounin.ru> # Date 1621383211 -10800 # Node ID ec107183079903013faee7e67e8721262fd95552 # Parent b38728495e1aa06b685dc42c909fb02d3cddecfa Mail: max_errors directive. Similarly to smtpd_hard_error_limit in Postfix and smtp_max_unknown_commands in Exim, specifies the number of errors after which the connection is closed. diff -r b38728495e1a -r ec1071830799 src/mail/ngx_mail.h --- a/src/mail/ngx_mail.h Wed May 19 03:13:28 2021 +0300 +++ b/src/mail/ngx_mail.h Wed May 19 03:13:31 2021 +0300 @@ -115,6 +115,8 @@ ngx_msec_t timeout; ngx_msec_t resolver_timeout; + ngx_uint_t max_errors; + ngx_str_t server_name; u_char *file_name; @@ -231,6 +233,7 @@ ngx_uint_t command; ngx_array_t args; + ngx_uint_t errors; ngx_uint_t login_attempt; /* used to parse POP3/IMAP/SMTP command */ diff -r b38728495e1a -r ec1071830799 src/mail/ngx_mail_core_module.c --- a/src/mail/ngx_mail_core_module.c Wed May 19 03:13:28 2021 +0300 +++ b/src/mail/ngx_mail_core_module.c Wed May 19 03:13:31 2021 +0300 @@ -85,6 +85,13 @@ offsetof(ngx_mail_core_srv_conf_t, resolver_timeout), NULL }, + { ngx_string("max_errors"), + NGX_MAIL_MAIN_CONF|NGX_MAIL_SRV_CONF|NGX_CONF_TAKE1, + ngx_conf_set_num_slot, + NGX_MAIL_SRV_CONF_OFFSET, + offsetof(ngx_mail_core_srv_conf_t, max_errors), + NULL }, + ngx_null_command }; @@ -163,6 +170,8 @@ cscf->timeout = NGX_CONF_UNSET_MSEC; cscf->resolver_timeout = NGX_CONF_UNSET_MSEC; + cscf->max_errors = NGX_CONF_UNSET_UINT; + cscf->resolver = NGX_CONF_UNSET_PTR; cscf->file_name = cf->conf_file->file.name.data; @@ -182,6 +191,7 @@ ngx_conf_merge_msec_value(conf->resolver_timeout, prev->resolver_timeout, 30000); + ngx_conf_merge_uint_value(conf->max_errors, prev->max_errors, 5); ngx_conf_merge_str_value(conf->server_name, prev->server_name, ""); diff -r b38728495e1a -r ec1071830799 src/mail/ngx_mail_handler.c --- a/src/mail/ngx_mail_handler.c Wed May 19 03:13:28 2021 +0300 +++ b/src/mail/ngx_mail_handler.c Wed May 19 03:13:31 2021 +0300 @@ -874,7 +874,20 @@ return NGX_MAIL_PARSE_INVALID_COMMAND; } - if (rc == NGX_IMAP_NEXT || rc == NGX_MAIL_PARSE_INVALID_COMMAND) { + if (rc == NGX_MAIL_PARSE_INVALID_COMMAND) { + + s->errors++; + + if (s->errors >= cscf->max_errors) { + ngx_log_error(NGX_LOG_INFO, c->log, 0, + "client sent too many invalid commands"); + s->quit = 1; + } + + return rc; + } + + if (rc == NGX_IMAP_NEXT) { return rc; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor