Force the final dot, even if not provided in the configuration for RBLs.

Note: the len - 2 and len - 1 are safe because each format will always
write more than 2 chars in the buffer.

We also check for overflow at the same time.

Signed-off-by: Pierre Habouzit <madcoder@debian.org>

diff --git a/common/rbl.c b/common/rbl.c
index 0ae4979..1f2f442 100644 (file)
--- a/common/rbl.c
+++ b/common/rbl.c
@@ -56,15 +56,27 @@ static inline rbl_result_t rbl_dns_check(const char *hostname)
 rbl_result_t rbl_check(const char *rbl, uint32_t ip)
 {
     char host[257];
-    snprintf(host, 257, "%d.%d.%d.%d.%s",
-             ip & 0xff, (ip >> 8) & 0xff, (ip >> 16) & 0xff, (ip >> 24) & 0xff,
-             rbl);
+    int len;
+
+    len = snprintf(host, 257, "%d.%d.%d.%d.%s.",
+                   ip & 0xff, (ip >> 8) & 0xff, (ip >> 16) & 0xff, (ip >> 24) & 0xff,
+                   rbl);
+    if (len >= (int)sizeof(host))
+        return RBL_ERROR;
+    if (host[len - 2] == '.')
+        host[len - 1] = '\0';
     return rbl_dns_check(host);
 }
 
 rbl_result_t rhbl_check(const char *rhbl, const char *hostname)
 {
     char host[257];
-    snprintf(host, 257, "%s.%s", hostname, rhbl);
+    int len;
+
+    len = snprintf(host, 257, "%s.%s.", hostname, rhbl);
+    if (len >= (int)sizeof(host))
+        return RBL_ERROR;
+    if (host[len - 2] == '.')
+        host[len - 1] = '\0';
     return rbl_dns_check(host);
 }