Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: [milter-greylist] berkeley db (poprelayd)

2005-12-19 by Hajimu UMEMOTO

Hi,

>>>>> On Fri, 16 Dec 2005 16:08:38 -0500
>>>>> Lawren Quigley-Jones <lawrenqj@...> said:

lawrenqj> +	key.data = (char *)ipAddr;      /* key.data is the string we want to search for */
lawrenqj> +	key.size = strlen(ipAddr);      /* in this case size is the number of character in the string */
lawrenqj> +
lawrenqj> +	if ( key.size > 20 )
lawrenqj> +	{
lawrenqj> +		syslog(LOG_DEBUG, "The IP requested for was %d character long...  Possible stack attack!!!", key.size);
lawrenqj> +		key.size = 20;
lawrenqj> +	}

It seems you allow not only an IPv4 address but also an IPv6 as an
argument to popIPCheck().  So, key.size larger than 20 is still valid
length for an IP address.
I don't know if poprelayd supports an IPv6.  If poprelayd doesn't
support an IPv6, you should prevent popIPCheck() from getting an IPv6
address like DRAC support did.

Sincerely,

--
Hajimu UMEMOTO @ Internet Mutual Aid Society Yokohama, Japan
ume@...  ume@{,jp.}FreeBSD.org
http://www.imasy.org/~ume/

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.