system/5046: spamd intermittently reports incorrect IP address for %A message format

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

system/5046: spamd intermittently reports incorrect IP address for %A message format

durket
>Number:         5046
>Category:       system
>Synopsis:       spamd intermittently reports incorrect IP address for %A message format
>Confidential:   yes
>Severity:       non-critical
>Priority:       low
>Responsible:    bugs
>State:          open
>Quarter:        
>Keywords:      
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Mar 09 00:20:01 GMT 2006
>Closed-Date:
>Last-Modified:
>Originator:     Michael Durket
>Release:        1.81
>Organization:
net
>Environment:
        System      : OpenBSD 3.8
        Architecture: OpenBSD.i386
        Machine     : i386
>Description:
        spamd seems to intermittently print an incorrect IP address in messages generated
        to an end-user that's being blacklisted (the messages use the '%A' format specification
        as part of the text). It appears that spamd is obtaining the address from a variable
        on the stack of the main() routine - namely sin. That address (filled in by the accept()
        call, is passed to the initcon() routine. That routine saves the address in the connection
        structure, but then fails to properly set the 'ia' variable to point to the local copy
        instead pointing it at the copy on the stack (which gets overwritten every time a new
        connection is accepted).
>How-To-Repeat:
        N/A
>Fix:
        I believe that the following statement in spamd.c at line 580:

             cp->ia = &((struct sockaddr_in *)sa)->sin_addr;

        should be changed to point cp->ia to the local copy in
        the struct sockaddr_storage field named 'ss';


>Release-Note:
>Audit-Trail:
>Unformatted: