[Bug 4978] New: "Minute '60' out of range" syslog errors.

Mon, 10 Jul 2006 10:29:09 -0700 

http://issues.apache.org/SpamAssassin/show_bug.cgi?id=4978

           Summary: "Minute '60' out of range" syslog errors.
           Product: Spamassassin
           Version: 3.1.3
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P3
         Component: Libraries
        AssignedTo: [email protected]
        ReportedBy: [EMAIL PROTECTED]


This also goes for "Second" and "Hour" fields. 

At our site, we have a syslog scanner that looks for "unusual" messages (ie, it 
filters out the usual ones and whatever is left is unusual). This past weekend, 
I got a large number of syslog messages like this:

Jul 10 08:06:43 pop spamd[48862]: Minute '60' out of range 0..59 at /usr/local/
lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 429 
Jul 10 08:13:34 pop spamd[52946]: Minute '60' out of range 0..59 at /usr/local/
lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 429 
Jul 10 08:22:51 pop spamd[56296]: Second '60' out of range 0..59 at /usr/local/
lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 429 
Jul 10 08:29:23 pop spamd[56296]: Second '60' out of range 0..59 at /usr/local/
lib/perl5/site_perl/5.8.5/Mail/SpamAssassin/Util.pm line 429 

I figured this would be pretty easy to fix, and it was. I went into Util.pm and 
found that there was bounds checking on the $yyyy value in parse_rfc822_date(), 
but not $mm, $hh, $ss values. Spammers appear to be exploiting this flaw to get 
messages through spamassassin. So I just added the bounds checking. Starting at 
line 427, I added this code (minus the html preformatting tags, if you can see 
them):

<pre>
  if ($ss > 59) { 
    dbg("util: second after supported range, forcing second to 59: $date");  
    $ss = 59;
  } 
  elsif ($ss < 0) {
    dbg("util: second before supported range, forcing second to 00: $date");
    $ss = "00";
  }
  if ($mm > 59) { 
    dbg("util: minute after supported range, forcing minute to 59: $date");
    $mm = 59;
  }
  elsif ($mm < 0) {   
    dbg("util: minute before supported range, forcing minute to 00: $date");
    $mm = "00";
  }
  if ($hh > 23) { 
    dbg("util: hour after supported range, forcing hour to 23: $date"); 
    $hh = 23;
  }
  elsif ($hh < 0) {
    dbg("util: hour before supported range, forcing hour to 00: $date"); 
    $hh = "00";
  }
</pre>

This appears to have fixed the problem.



------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Reply via email to