Bug Tracker item #2823000, was opened at 2009-07-17 12:01
Message generated for change (Comment added) made by csmr
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2823000&group_id=250683
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: v3.9.0
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Carlo Rodrigues (csmr)
Assigned to: Stevan Bajic (sbajic)
Summary: dspam generates a SIGSEGV when users do not have a '@'
Initial Comment:
When processing or classyfing mail for users that do not have a @, dspam
crashes and generates a SIGSEGV.
$ dspam --process --user x...@domain --stdout --deliver=summary < email.eml
X-DSPAM-Result: x...@domain; result="Innocent"; class="Innocent";
probability=0.0023; confidence=1.00; signature=8,4a605763133761002958514
$ dspam --process --user xpto --stdout --deliver=summary < email.eml
Segmentation fault
I made a patch that I've been using for 9 months now and it's been working ok
since then.
----------------------------------------------------------------------
>Comment By: Carlo Rodrigues (csmr)
Date: 2009-07-28 16:50
Message:
I would make everything case-insensitive, including groups and group
content.
Maybe there was a good reason for Jonathan Zdziarski to make it
case-sensitive by default, but I think there could be lots of people with
emails that do not match their groups because of that.
----------------------------------------------------------------------
Comment By: Stevan Bajic (sbajic)
Date: 2009-07-28 16:39
Message:
Hallo Carlo,
okay. Username might be influenced by "Broken Case" but the content of the
group definition is not influenced by this. Should we leave that case stuff
out of the group definition and let the user decide how to build up his
group file? Internet email addresses are anyway not case sensitive and if
someone is adding "groupname:shared,managed:*...@mysupercooldomain.tld" then
it's his fault. What do you think?
Kind Regards from Switzerland
Stevan Bajic
----------------------------------------------------------------------
Comment By: Carlo Rodrigues (csmr)
Date: 2009-07-28 16:30
Message:
Hello, Stevan.
On the first patch I made I did just that. strcasecmp so that there would
be no problems matching emails with capital letters. But then I found
"Broken case" directive, which already did the tolower(), so I changed
strcasecmp to strcmp.
In my opinion case insensitivity should be the default. I can't think of
any good reason for treating email adresses as case-sensitive, so yes, it
makes sense to use strcasecmp, in case one is not using the 'Broken case'
directive.
Carlo
----------------------------------------------------------------------
Comment By: Stevan Bajic (sbajic)
Date: 2009-07-28 14:50
Message:
Hallo Carlo,
I can't reproduce this on my end. No matter what I do. Anyway.... I can
read the code and see why the error could happen.
The original code checks for those conditions:
001 !strcmp (user, username)
002 !strcmp(user, "*")
003 (!strncmp(user, "*@", 2) && !strcmp(user+1, strchr(username,'@')))
001 checks if user (from the group definition) is equal to current user
[true/false]
002 checks if user (from the group definition) is equal to "*"
[true/false]
003 checks all the conditions below (AND):
001) if first 2 characters from user (from the group definition) is
equal to "*@" [true/false]
002) if after 1st character from user (from the group definition) is
equal to all the characters after "@" in the username [true/false]
The problem is now that on 003 the 2nd check (003.002) could result in
"strchr(username,'@')" to be NULL and passing NULL to strcmp is something
not good. So the additional check you added does check that first and
ensures that no NULL is passed to strchr.
I would however like to change the above condition/extend your condition
to be case insensive:
if (
strcasecmp(user, username) == 0 ||
strcmp(user, "*") == 0 ||
(strncmp(user, "*@", 2) == 0 && strchr(username, "@") != NULL &&
strcasecmp(user+1, strchr(username, "@")) == 0)
)
Any objection from your part?
Kind Regards from Switzerland
Stevan Bajic
----------------------------------------------------------------------
Comment By: Carlo Rodrigues (csmr)
Date: 2009-07-28 13:25
Message:
Yes, but it happens with any name without @. Existent or non-existent.
----------------------------------------------------------------------
Comment By: Stevan Bajic (sbajic)
Date: 2009-07-28 13:16
Message:
Hallo Carlo
I see it now. It's a group name. Sorry.
Kind Regards from Switzerland
Stevan Bajic
----------------------------------------------------------------------
Comment By: Stevan Bajic (sbajic)
Date: 2009-07-28 13:07
Message:
Hallo Carlo
Is the user "internet" a valid DSPAM user on your setup?
Kind Regards from Switzerland
Stevan Bajic
----------------------------------------------------------------------
Comment By: Carlo Rodrigues (csmr)
Date: 2009-07-28 12:14
Message:
Hey, Stevan.
Yes, latest git still has the same issue. I'm going to attach my
dspam.conf,
my $DSPAM_HOME/group:
internet:shared,managed:*
ad...@net4b.pt:shared,managed:*...@net4b.pt
$ dspam --process --user internet --stdout --deliver=summary < email.eml
Segmentation fault
$ dspam --version
DSPAM Anti-Spam Suite GIT (agent/library)
Copyright (c) 2002-2009 DSPAM Project
http://dspam.sourceforge.net.
DSPAM may be copied only under the terms of the GNU General Public
License,
a copy of which can be found with the DSPAM distribution kit.
Configuration parameters: '--prefix=/usr' '--with-logdir=/var/log/dspam'
'--with-dspam-home=/var/dspam' '--with-dspam-home-mode=2775'
'--with-dspam-home-owner=dspam' '--with-dspam-home-group=dspam'
'--with-dspam-mode=0755' '--with-dspam-owner=dspam'
'--with-dspam-group=dspam' '--sysconfdir=/etc' '--enable-daemon'
'--enable-clamav' '--enable-virtual-users' '--enable-preferences-extension'
'--with-storage-driver=mysql_drv'
'--with-delivery-agent=/usr/sbin/sendmail'
'--with-mysql-libraries=/usr/lib64/mysql'
'--with-mysql-includes=/usr/include/mysql' '--enable-debug'
----------------------------------------------------------------------
Comment By: Stevan Bajic (sbajic)
Date: 2009-07-28 09:24
Message:
Hallo Carlo
Do you still have that problem with the latest GIT? Would you mind
attaching here your dspam.conf?
Kind Regards from Switzerland
Stevan Bajic
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=1126467&aid=2823000&group_id=250683
------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Dspam-devel mailing list
Dspam-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dspam-devel
