BF: aInfo could be modified by actions, causing unexpected behaviour

A separate copy of aInfo is passed to each action
2014-06-17 23:24:23 +01:00 · 2014-06-17 23:24:23 +01:00 · 8268c1641f
parent 4190a4030c
commit 8268c1641f
3 changed files with 15 additions and 7 deletions
--- a/config/action.d/smtp.py
+++ b/config/action.d/smtp.py
@ -45,7 +45,7 @@ messages['ban'] = {}
 messages['ban']['head'] = \
 """Hi,

-The IP %(ip)s has just been banned for %(bantime)s seconds
+The IP %(ip)s has just been banned for %(bantime)i seconds
 by Fail2Ban after %(failures)i attempts against %(jailname)s.
 """
 messages['ban']['tail'] = \
--- a/fail2ban/server/action.py
+++ b/fail2ban/server/action.py
@ -68,6 +68,9 @@ class CallingMap(MutableMapping):
 	def __init__(self, *args, **kwargs):
 		self.data = dict(*args, **kwargs)

+	def __repr__(self):
+		return "%s(%r)" % (self.__class__.__name__, self.data)
+
 	def __getitem__(self, key):
 		value = self.data[key]
 		if callable(value):
@ -87,6 +90,9 @@ class CallingMap(MutableMapping):
 	def __len__(self):
 		return len(self.data)

+	def copy(self):
+		return self.__class__(self.data.copy())
+
 class ActionBase(object):
 	"""An abstract base class for actions in Fail2Ban.

--- a/fail2ban/server/actions.py
+++ b/fail2ban/server/actions.py
@ -273,11 +273,12 @@ class Actions(JailThread, Mapping):
 				logSys.notice("[%s] Ban %s" % (self._jail.name, aInfo["ip"]))
 				for name, action in self._actions.iteritems():
 					try:
-						action.ban(aInfo)
+						action.ban(aInfo.copy())
 					except Exception as e:
 						logSys.error(
-							"Failed to execute ban jail '%s' action '%s': %s",
-							self._jail.name, name, e,
+							"Failed to execute ban jail '%s' action '%s' "
+							"info '%r': %s",
+							self._jail.name, name, aInfo, e,
 							exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)
 				return True
 			else:
@ -321,11 +322,12 @@ class Actions(JailThread, Mapping):
 		logSys.notice("[%s] Unban %s" % (self._jail.name, aInfo["ip"]))
 		for name, action in self._actions.iteritems():
 			try:
-				action.unban(aInfo)
+				action.unban(aInfo.copy())
 			except Exception as e:
 				logSys.error(
-					"Failed to execute unban jail '%s' action '%s': %s",
-					self._jail.name, name, e,
+					"Failed to execute unban jail '%s' action '%s' "
+					"info '%r': %s",
+					self._jail.name, name, aInfo, e,
 					exc_info=logSys.getEffectiveLevel()<=logging.DEBUG)

 	@property