[exim-dev] [Bug 440] New: dnslists '=' following '!=' treate…

Top Page
Delete this message
Reply to this message
Author: bug440
Date:  
To: exim-dev
Subject: [exim-dev] [Bug 440] New: dnslists '=' following '!=' treated as '!='
------- You are receiving this mail because: -------
You are the QA contact for the bug, or are watching the QA contact.

http://www.exim.org/bugzilla/show_bug.cgi?id=440

           Summary: dnslists '=' following '!=' treated as '!='
           Product: Exim
           Version: 4.64
          Platform: Other
        OS/Version: All
            Status: NEW
          Severity: bug
          Priority: medium
         Component: ACLs
        AssignedTo: ph10@???
        ReportedBy: anomie@???
         QAContact: exim-dev@???



When using an ACL like this:
deny dnslists = foo.example.com!=127.0.0.2 : bar.example.com=127.0.0.2

If the host is not listed in foo.example.com (or is with 127.0.0.2), but is
listed in bar.example.com with 127.0.0.2, the deny will not occur as expected.
The -bh debug output says
>>> processing "deny"
>>> check dnslists = foo.example.com!=127.0.0.2 : bar.example.com=127.0.0.2
>>> DNS list check: foo.example.com!=127.0.0.2
>>> new DNS lookup for 1.0.0.10.foo.example.com
>>> DNS lookup for 1.0.0.10.foo.example.com failed
>>> => that means 10.0.0.1 is not listed at foo.example.com
>>> DNS list check: bar.example.com=127.0.0.2
>>> new DNS lookup for 1.0.0.10.bar.example.com
>>> DNS lookup for 1.0.0.10.bar.example.com succeeded (yielding 127.0.0.2)
>>> => but we are not accepting this block class because
>>> => there was an exclude match for =127.0.0.2
>>> deny: condition test failed


Note the second-to-last line claiming an exclude match: invert_result is not
getting reset for each domain in the dnslists list.

In verify.c function verify_check_dnsbl, moving the "invert_result = FALSE" to
inside the while loop fixes it.

--
Configure bugmail: http://www.exim.org/bugzilla/userprefs.cgi?tab=email