Bug#502358: postfix-policyd: blacklist_helo.c adds incorrect values to db if BLACKLIST_NETBLOCK is set

Wed, 15 Oct 2008 14:09:19 -0700 

Package: postfix-policyd
Version: 1.80-2.1etch1
Severity: normal


The following code from blacklist_helo.c is incorrect:

    /* blacklist netblock/24 */
    if(BLACKLIST_NETBLOCK == 1)
    {
      /* build up query */
      snprintf(mysqlquery_array[fd], 512,
        "INSERT DELAYED INTO blacklist (_blacklist,_description,_expire) VALUES 
('%s.%%','# blacklisted helo: (%s)',%d)",
       host_array[fd][2], triplet_array[fd][5], expire);
    } else { /* blacklist host ip */
      /* build up query */
      snprintf(mysqlquery_array[fd], 512,
        "INSERT DELAYED INTO blacklist (_blacklist,_description,_expire) VALUES 
('%s','# blacklisted helo: (%s)',%d)",
        host_array[fd][2], triplet_array[fd][5], expire);
    }

As is clear, the two INSERTS use the same value from host_array, when
the first is supposed to be using the netblock.

Ie, the first will create an insert like:
    INSERT DELAYED INTO blacklist (_blacklist, _description,_expire) VALUE 
('10.0.0.0%' ...

Which is wrong.  It should be VALUE('10.0.0.%' ...  in order to work properly.

The fix is to change the first occurence of host_array[fd][2] to 
host_array[fd][3] and
clear the extra percent (the host_array processor has already created it).

        "INSERT DELAYED INTO blacklist (_blacklist,_description,_expire) VALUES 
('%s','# blacklisted helo: (%s)',%d)",
       host_array[fd][3], triplet_array[fd][5], expire);

host_array[fd][3] will be set to something like '127.0.0.%' so it is
already perfectly formed for this query.



-- System Information:
Debian Release: 4.0
  APT prefers stable
  APT policy: (900, 'stable'), (400, 'testing'), (300, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.4.26
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)

Versions of packages postfix-policyd depends on:
ii  dbconfig-common        1.8.29+etch1      common framework for packaging dat
ii  debconf [debconf-2.0]  1.5.11            Debian configuration management sy
ii  libc6                  2.3.6.ds1-13etch2 GNU C Library: Shared libraries
ii  libmysqlclient15off    5.0.32-7etch1     mysql database client library
ii  mysql-client           5.0.32-7etch1     mysql database client (meta packag
ii  mysql-client-5.0 [mysq 5.0.32-7etch1     mysql database client binaries
ii  zlib1g                 1:1.2.3-13        compression library - runtime

Versions of packages postfix-policyd recommends:
ii  mysql-server               5.0.32-7etch1 mysql database server (meta packag
ii  mysql-server-5.0 [mysql-se 5.0.32-7etch1 mysql database server binaries

-- debconf information excluded



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to