amavisd-new & broken mysql
Tom Sommer
mail at tomsommer.dk
Thu Jun 13 10:51:43 CEST 2019
On 2019-06-13 10:17, pali at cpan.org wrote:
> For more then 2 years people complain about semi-broken support when
> amavisd-new use MySQL database as a storage via DBD::mysql driver.
>
> See e.g. this ticket:
> https://github.com/perl5-dbi/DBD-mysql/issues/78
>
> In past I tried to fix this problem in DBD::mysql, but due to
> compatibility with legacy DBD::mysql applications, fix had to be
> reverted.
To me, it seems better to fix the problem in Amavisd.
I think the problem is the usage of untaint() in SQL statements, like
this:
$conn_h->execute($ins_msg,
$partition_tag, $msginfo->mail_id, $msginfo->secret_id,
$msginfo->log_id, int($msginfo->rx_time), $time_iso,
untaint($sid), c('policy_bank_path'),
untaint($msginfo->client_addr),
0+untaint($msginfo->msg_size),
untaint(substr(idn_to_utf8(c('myhostname')),0,255)));
As far as I can see untaint() forces a string value, which fucks up the
DBD::mysql driver.
In this example, $sid becomes a string, but the database-schema and
driver expects a BIGINT?
But I'm really no expert in Perl, so I'm not 100% sure.
--
Tom
More information about the amavis-users
mailing list