On 2019-06-13 10:17, [email protected] wrote:
For more then 2 years people complain about semi-broken support when
amavisd-new use MySQL database as a storage via DBD::mysql driver.
See e.g. this ticket:
https://github.com/perl5-dbi/DBD-mysql/issues/78
In past I tried to fix this problem in DBD::mysql, but due to
compatibility with legacy DBD::mysql applications, fix had to be
reverted.
To me, it seems better to fix the problem in Amavisd.
I think the problem is the usage of untaint() in SQL statements, like
this:
$conn_h->execute($ins_msg,
$partition_tag, $msginfo->mail_id, $msginfo->secret_id,
$msginfo->log_id, int($msginfo->rx_time), $time_iso,
untaint($sid), c('policy_bank_path'),
untaint($msginfo->client_addr),
0+untaint($msginfo->msg_size),
untaint(substr(idn_to_utf8(c('myhostname')),0,255)));
As far as I can see untaint() forces a string value, which fucks up the
DBD::mysql driver.
In this example, $sid becomes a string, but the database-schema and
driver expects a BIGINT?
But I'm really no expert in Perl, so I'm not 100% sure.
--
Tom
