[Kolab-devel] [issue2692] iTIP invitations with long recurrance with exceptions can lead to denial of service
Bernhard Reiter
kolab-issues at intevation.de
Mon May 5 19:19:54 CEST 2008
New submission from Bernhard Reiter <bernhard at intevation.de>:
Kontact: 1.2.9 (enterprise 20080502.803398)
send yourself and invitation with
RRULE:FREQ=DAILY;COUNT=50000
EXDATE;VALUE=DATE:20080506
..
(to get about 42000 exceptions)
The resulting email is about 1.1MByte in Size, but will make my
Kontact parse the email after the click for more than 8 minutes.
This this time Kontact hoggs the memory and is unavailable.
I did not observe increase of memory.
Thus I consider it a mild denial of service attack on Kontact.
Accepting the appointment also takes quite long,
there is neglectable increase in memory.
(Ludwig, a test on Outlook would be interesting.)
I have used the testscript just committed to
http://kolab.org/cgi-bin/viewcvs-kolab.cgi/utils/testing/test-send-emails-excessive-invitations.py
----------
assignedto: till
messages: 14706
nosy: bernhard, fsamson, ludwig, till, vkrause
priority: urgent
status: unread
title: iTIP invitations with long recurrance with exceptions can lead to denial of service
topic: enterprise35, kde client
___________________________________________________
Kolab issue tracker <kolab-issues at intevation.de>
<https://www.intevation.de/roundup/kolab/issue2692>
___________________________________________________
More information about the devel
mailing list