https://bz.apache.org/SpamAssassin/show_bug.cgi?id=7725
Bug ID: 7725
Summary: [review] Perl taint bug with URIDNSBL netmask
calculations
Product: Spamassassin
Version: 3.4.2
Hardware: All
OS: All
Status: NEW
Severity: major
Priority: P2
Component: Plugins
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: Undefined
While trying to activate taint for all tests, I encountered a baffling perl
bug, dnsbl_subtests.t stopped working with 5.14.0.
With some values debugging this was seen
taint on:
n1 2130706690 delim / n2 4294967295 rdatanum 2130706690
n1 & n2: 0010106290
taint off:
n1 2130706690 delim / n2 4294967295 rdatanum 2130706690
n1 & n2: 2130706690
Soon after I found out that
"2130706690" & "4294967295" = 0010106290
2130706690 & 4294967295 = 2130706690
When tainted, $n1 $n2 are considered strings and not ints..
I tried Perl 5.22 which did not have this bug.
Simple fix is forcing int($n1) and all works fine again. Please vote to commit
for 3.4.3.
--- lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm (revision 1861709)
+++ lib/Mail/SpamAssassin/Plugin/URIDNSBL.pm (working copy)
@@ -1110,8 +1110,8 @@
!defined $n2 ? ($rdatanum & $n1) && # mask only
(($rdatanum & 0xff000000) == 0x7f000000) # 127/8
: $delim eq '-' ? $rdatanum >= $n1 && $rdatanum <= $n2 # range
- : $delim eq '/' ? ($rdatanum & $n2) == ($n1 & $n2) # value/mask
- : 0;
+ : $delim eq '/' ? ($rdatanum & $n2) == (int($n1) & $n2) # value/mask
+ : 0; # notice int($n1) instead of $n1 to fix perl ~5.14 taint bug
dbg("uridnsbl: %s . %s -> %s, %s, %08x %s %s",
$ent->{domain}, $ent->{zone}, $rdatastr, $rulename, $rdatanum,
--
You are receiving this mail because:
You are the assignee for the bug.
