On Wed, 2008-12-17 at 09:35 -0600, Mike Abbott wrote: > Here are a few more patches. Still keeping it easy for now. Again > the basis for these patches is dovecot-1.1.7. > > Patch #6. Solve a cross-compilation endianness issue. Currently, > Dovecot assumes that the endianness of the build system is the same as > the endianness of the runtime system. This is not necessarily true. > We ran into this while compiling for i386 on a ppc machine. The patch > switches to using gcc's __BIG_ENDIAN__ macro; see the comment in the > patch to configure.in. It also removes the related and unused > MAIL_INDEX_COMPAT_FLAGS parameter. This patch may be applicable to > other build environments with a little tweaking.
http://hg.dovecot.org/dovecot-1.1/rev/fdcb5fc6f2d9 > Patch #7. Replace all occurrences of "hash_create" and "hash_destroy" > with "hash_table_create" and "hash_table_destroy" respectively. The > symbols hash_create and hash_destroy conflict with symbols defined in > <strhash.h> and libc. This showed up when loading dovecot's quota > plugin (one of our future patches will add a hash table to it; stay > tuned). The wrong hash_create was called which caused a crash at the > first hash_insert. Apparently this is only a problem in loaded > dynamic libraries and not linked-in ones. If you start renaming API functions, rename all of them for consistency. :) Probably will stay v1.2-only. http://hg.dovecot.org/dovecot-1.2/rev/f9166a09423a > Patch #8. Back off after auth failures to deter abusers. Stalls 5 > seconds per failed attempt. http://hg.dovecot.org/dovecot-1.2/rev/1b744c38bcac http://hg.dovecot.org/dovecot-1.2/rev/164569761647 Your code disabled idle timeout entirely while waiting for the auth failure reply. This doesn't seem such a good idea to me. Rather it sounds like an easy way to DoS the server. Just connect, send about 100 failing LOGIN commands and then do nothing for the next 7 hours (besides what's necessary to keep the TCP connection alive). Repeat with some thousands of clients.
signature.asc
Description: This is a digitally signed message part