# HG changeset patch
# User Carl Byington <carl@five-ten-sg.com>
# Date 1333926631 25200
# Node ID 836b7f2357f9128ce46968e580d2c29a0c5f0530
# Parent  0a2b842c07cd50d90cc32eb63b2af36c3767201e
need ntohl() before using masks that are defined in host byte order

diff -r 0a2b842c07cd -r 836b7f2357f9 src/dnsbl.cpp
--- a/src/dnsbl.cpp	Sun Apr 08 11:56:00 2012 -0700
+++ b/src/dnsbl.cpp	Sun Apr 08 16:10:31 2012 -0700
@@ -155,7 +155,7 @@
     #ifdef NS_PACKETSZ
         u_char answer[NS_PACKETSZ*4];   // with a resolver, we return resolver answers
     #else
-        int32_t answer;                 // without a resolver, we return a single ipv4 address, 0 == no answer
+        uint32_t answer;                // without a resolver, we return a single ipv4 address in network byte order, 0 == no answer
     #endif
 } __attribute__ ((packed));
 
@@ -255,13 +255,13 @@
 
 
 ////////////////////////////////////////////////
-//  ask a dns question and get an A record answer - we don't try
-//  very hard, just using the default resolver retry settings.
+//  ask a dns question and get an A record answer in network byte order
+//  we don't try very hard, just using the default resolver retry settings.
 //  If we cannot get an answer, we just accept the mail.
 //
 //
-int32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers);
-int32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers) {
+uint32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers);
+uint32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers) {
     // tell sendmail we are still working
     #if _FFR_SMFI_PROGRESS
         if (priv.eom) smfi_progress(priv.ctx);
@@ -275,7 +275,7 @@
         // might be a bare ip address, try this first to avoid dns lookups that may not be needed
         in_addr ip;
         if (inet_aton(question, &ip)) {
-            return (int32_t)ip.s_addr;
+            return ip.s_addr;
         }
     }
     int n = strlen(question);
@@ -305,7 +305,7 @@
 #ifdef NS_PACKETSZ
     // now we need to lock the resolver mutex to keep the milter threads from
     // stepping on each other while parsing the dns answer.
-    int ret_address = 0;
+    uint32_t ret_address = 0;
     pthread_mutex_lock(&resolve_mutex);
         // parse the answer
         ns_msg handle;
@@ -350,7 +350,7 @@
                         ns_mapper::iterator i = ns.ns_ip.find(nam);
                         if (i != ns.ns_ip.end()) {
                             // we want this ip address
-                            int32_t address;
+                            uint32_t address;
                             memcpy(&address, ns_rr_rdata(rr), sizeof(address));
                             ns.ns_ip[nam] = address;
                         }
@@ -360,7 +360,7 @@
             int rrnum = 0;
             while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) {
                 if (ns_rr_type(rr) == ns_t_a) {
-                    int32_t address;
+                    uint32_t address;
                     memcpy(&address, ns_rr_rdata(rr), sizeof(address));
                     ret_address = address;
                 }
@@ -817,10 +817,10 @@
 
 
 ////////////////////////////////////////////////
-//  check a single dnsbl
+//  check a single dns list, return ip address in network byte order
 //
-int32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix);
-int32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix) {
+uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix);
+uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix) {
     // make a dns question
     const u_char *src = (const u_char *)&ip;
     if (src[0] == 127) return 0;    // don't do dns lookups on localhost
@@ -852,13 +852,13 @@
 //
 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl);
 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl) {
-    int32_t r = check_single(priv, ip, wl.suffix);
-    int32_t v = (int32_t)0x7f000000;
-    int32_t m = (int32_t)0xffff0000;
-    int32_t m2 = (int32_t)0x000000ff;
+    uint32_t r = ntohl(check_single(priv, ip, wl.suffix));
+    uint32_t v = (uint32_t)0x7f000000;
+    uint32_t m = (uint32_t)0xffff0000;
+    uint32_t m2 = (uint32_t)0x000000ff;
     if ((r & m) == v) {
-        int32_t l = r & m2;
-        if (l >= wl.level) return true;
+        uint32_t l = r & m2;
+        if ((int)l >= wl.level) return true;
     }
     return false;
 }
diff -r 0a2b842c07cd -r 836b7f2357f9 src/dnsbl.h
--- a/src/dnsbl.h	Sun Apr 08 11:56:00 2012 -0700
+++ b/src/dnsbl.h	Sun Apr 08 16:10:31 2012 -0700
@@ -12,6 +12,7 @@
 #include "context.h"
 #include "spamass.h"
 #include "dccifd.h"
+#include <stdint.h>
 
 extern int debug_syslog;
 #define dccbulk 1000
@@ -31,7 +32,7 @@
     CONFIG  *pc;                            // global filtering configuration
     int     fd;                             // to talk to dns resolver process
     bool    err;                            // did we get any errors on the resolver socket?
-    int32_t ip;                             // ip4 address of the smtp client
+    uint32_t ip;                            // ip4 address of the smtp client in network order
     const char      *helo;                  // helo from client
     map<DNSBLP, bool> checked_black;        // map of dnsblp to result of (ip listed on that dnsbl)
     map<DNSWLP, bool> checked_white;        // map of dnswlp to result of (ip listed on that dnswl)