incorrect use of gethostbyname leads to false detection of comment spam
|Reported by:||tanuki||Owned by:||anonymous|
|Severity:||critical||Keywords:||comment spam wrong detection bg|has-patch bg|commit|
In functions-post.php, function wp_proxy_check($ipnum), we encounter the following code:
$lookup = $rev_ip . '.opm.blitzed.org'; if ( $lookup != gethostbyname( $lookup ) ) return true;
Unfortunately, a hostname not ending with a dot is a relative hostname. Thus, the name is first resolved relatively to the domain name of the hosting server, and if it is not resolved, it is then tried to be resolved as an absolute hostname. For domain names where there is a 'catch-all' IP registered, there is always a resolved address, and then the control fails, marking the comment as SPAM. (Refs: RFC 1034, Linux man page for gethostbyname).
$lookup = $rev_ip . '.opm.blitzed.org.'; if ( $lookup != gethostbyname( $lookup ) ) return true;