On 6/28/06, Timothy White <weirdit@gmail.com> wrote:
I just realised that it may be possible to exploit the snprintf and send strange commands to the server, for this reason, the user that the plugin uses, should only be able to run the 2 procedure's. I have no idea how to make this secure, or if it is secure or not. Any ideas? (e.g. snprintf(query, 20+MAXSIGLEN, "CALL SPAM(\"%s\")", signature); If someone modifies the header, as long as it's within the MAXSIGLEN then they can effect the query?)
Anyone got ideas/comments on this?
Anyway, I'm off to try and work out why my DB is doing strange things, then I'll update my wiki, and check for compat with RC1
Wiki updated, code still untested with RC1. Client Runner written (in php for now). I discovered a bug in my SQL file for setting up the procedures, which was truncating signatures. Also fixed warning, by using count(ID) rather than trying to select ID's when it could/should result in an empty set.
Tim http://members.plug.org.au/~linuxalien/dokuwiki/projects:dovecot-mysql-dspam...
Linux Counter user #273956