Package: denyhosts Version: 2.6-10.1 Severity: important
Hi I have 2.6-10 running on a few squeeze hosts here and applied the patch that should fix #692229. I think there is a problem with one aspect of that change - - FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>.*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*?) .*from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") + FAILED_ENTRY_REGEX = re.compile(r"""Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})$""") The issue is the $ after the IP address matching - this fails on my syslog files which have lines like: Jan 5 21:01:15 venice sshd[12491]: Failed password for root from 122.252.245.89 port 57845 ssh2 To make the regex match again, just drop the $. (Tested with 'kodos'). What I am unclear about is whether making this change will allow IP address injections again. Can the wildcard for the <user> match be made non-greedy? Otherwise, the following regex may be ok: Failed (?P<method>\S*) for (?P<invalid>invalid user |illegal user )?(?P<user>.*) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})( port \d+)? This issue is also present in 2.6-7+deb6u2 (I checked regex.py) and (I infer) 2.6-10+deb7u. Kind regards Vince -- System Information: Debian Release: 6.0.8 APT prefers oldstable APT policy: (990, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-0.bpo.4-amd64 (SMP w/8 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages denyhosts depends on: ii lsb-base 3.2-23.2squeeze1 Linux Standard Base 3.2 init scrip ii python 2.6.6-3+squeeze7 interactive high-level object-orie denyhosts recommends no packages. denyhosts suggests no packages. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org