ph10 2006/02/13 11:13:37 GMT
Modified files:
exim-doc/doc-txt ChangeLog
exim-src/src string.c verify.c
exim-test/confs 0475
exim-test/scripts/0000-Basic 0002 0475
exim-test/stderr 0002 0475
exim-test/stdout 0002 0475
Log:
Better debug diagnosis of malformed IPv4 addresses.
Revision Changes Path
1.292 +8 -0 exim/exim-doc/doc-txt/ChangeLog
1.9 +6 -2 exim/exim-src/src/string.c
1.32 +20 -1 exim/exim-src/src/verify.c
1.2 +4 -1 exim/exim-test/confs/0475
1.3 +5 -0 exim/exim-test/scripts/0000-Basic/0002
1.2 +2 -1 exim/exim-test/scripts/0000-Basic/0475
1.2 +11 -0 exim/exim-test/stderr/0002
1.2 +8 -1 exim/exim-test/stderr/0475
1.3 +3 -0 exim/exim-test/stdout/0002
1.2 +1 -0 exim/exim-test/stdout/0475
Index: ChangeLog
===================================================================
RCS file: /home/cvs/exim/exim-doc/doc-txt/ChangeLog,v
retrieving revision 1.291
retrieving revision 1.292
diff -u -r1.291 -r1.292
--- ChangeLog 10 Feb 2006 16:29:20 -0000 1.291
+++ ChangeLog 13 Feb 2006 11:13:37 -0000 1.292
@@ -1,4 +1,4 @@
-$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.291 2006/02/10 16:29:20 ph10 Exp $
+$Cambridge: exim/exim-doc/doc-txt/ChangeLog,v 1.292 2006/02/13 11:13:37 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
@@ -128,6 +128,14 @@
filecount value is greater than 2G or if a quota value is greater than 2G
on a system where the size of off_t is not greater than 4, a panic error
is given.
+
+PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
+ never match. The debug and -bh output now contains an explicit error
+ message indicating a malformed IPv4 address or mask.
+
+PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
+ 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
+ PH/23 above applies.
Index: string.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/string.c,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- string.c 7 Feb 2006 11:19:00 -0000 1.8
+++ string.c 13 Feb 2006 11:13:37 -0000 1.9
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/string.c,v 1.8 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/string.c,v 1.9 2006/02/13 11:13:37 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -28,6 +28,7 @@
s a string
maskptr NULL if no mask is permitted to follow
otherwise, points to an int where the offset of '/' is placed
+ if there is no / followed by trailing digits, *maskptr is set 0
Returns: 0 if the string is not a textual representation of an IP address
4 if it is an IPv4 address
@@ -127,7 +128,9 @@
sign, which introduces the interface specifier (scope id) of a link local
address. */
- if (!v4end) return (*s == 0 || *s == '%' || *s == '/')? yield : 0;
+ if (!v4end)
+ return (*s == 0 || *s == '%' ||
+ (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0;
}
/* Test for IPv4 address, which may be the tail-end of an IPv6 address. */
@@ -139,7 +142,8 @@
if (isdigit(*s) && isdigit(*(++s))) s++;
}
-return (*s == 0 || *s == '/')? yield : 0;
+return (*s == 0 || (*s == '/' && maskptr != NULL && *maskptr != 0))?
+ yield : 0;
}
#endif /* COMPILE_UTILITY */
Index: verify.c
===================================================================
RCS file: /home/cvs/exim/exim-src/src/verify.c,v
retrieving revision 1.31
retrieving revision 1.32
diff -u -r1.31 -r1.32
--- verify.c 7 Feb 2006 11:19:00 -0000 1.31
+++ verify.c 13 Feb 2006 11:13:37 -0000 1.32
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/exim-src/src/verify.c,v 1.31 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/exim-src/src/verify.c,v 1.32 2006/02/13 11:13:37 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
@@ -1945,7 +1945,7 @@
BOOL iplookup = FALSE;
BOOL isquery = FALSE;
BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
-uschar *t = ss;
+uschar *t;
uschar *semicolon;
uschar **aliases;
@@ -1986,6 +1986,24 @@
if (string_is_ip_address(ss, &maskoffset) != 0)
return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
+/* The pattern is not an IP address. A common error that people make is to omit
+one component of an IPv4 address, either by accident, or believing that, for
+example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
+which it isn't. (Those applications that do accept 1.2.3 as an IP address
+interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
+ancient specification.) To aid in debugging these cases, we give a specific
+error if the pattern contains only digits and dots or contains a slash preceded
+only by digits and dots (a slash at the start indicates a file name and of
+course slashes may be present in lookups, but not preceded only by digits and
+dots). */
+
+for (t = ss; isdigit(*t) || *t == '.'; t++);
+if (*t == 0 || (*t == '/' && t != ss))
+ {
+ *error = US"malformed IPv4 address or address mask";
+ return ERROR;
+ }
+
/* See if there is a semicolon in the pattern */
semicolon = Ustrchr(ss, ';');
@@ -2013,6 +2031,7 @@
if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
iplookup = (*t++ == '-');
}
+else t = ss;
/* Do the IP address lookup if that is indeed what we have */
Index: 0475
===================================================================
RCS file: /home/cvs/exim/exim-test/confs/0475,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 0475 7 Feb 2006 10:34:26 -0000 1.1
+++ 0475 13 Feb 2006 11:13:37 -0000 1.2
@@ -10,7 +10,7 @@
# ----- Main settings -----
-acl_smtp_rcpt = a1
+acl_smtp_rcpt = $local_part
# ----- ACL -----
@@ -19,5 +19,8 @@
a1:
deny hosts = 1.2.3.4 : <; 1.2.3.4::5.6.7.8
+
+a2:
+ deny hosts = 1.2.3/24
# End
Index: 0002
===================================================================
RCS file: /home/cvs/exim/exim-test/scripts/0000-Basic/0002,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 0002 10 Feb 2006 14:25:44 -0000 1.2
+++ 0002 13 Feb 2006 11:13:37 -0000 1.3
@@ -692,3 +692,8 @@
.
quit
****
+# Certain kind of error
+exim -d -be
+match_ip: 15 ${if match_ip{1.2.3.4}{1.2.3}}
+match_ip: 16 ${if match_ip{1.2.3.4}{1.2.3.4/abc}}
+****
Index: 0475
===================================================================
RCS file: /home/cvs/exim/exim-test/scripts/0000-Basic/0475,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 0475 7 Feb 2006 10:54:33 -0000 1.1
+++ 0475 13 Feb 2006 11:13:37 -0000 1.2
@@ -1,6 +1,7 @@
# malformed item in host list
exim -bh V4NET.0.0.0
mail from:<>
-rcpt to:<a@b>
+rcpt to:<a1@b>
+rcpt to:<a2@b>
quit
****
Index: 0002
===================================================================
RCS file: /home/cvs/exim/exim-test/stderr/0002,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 0002 7 Feb 2006 10:47:31 -0000 1.1
+++ 0002 13 Feb 2006 11:13:37 -0000 1.2
@@ -348,3 +348,14 @@
>>> processing "deny"
>>> deny: condition test succeeded
LOG: 10HmbD-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address=<>
+Exim version x.yz ....
+changed uid/gid: -C, -D, -be or -bf forces real uid
+ uid=CALLER_UID gid=CALLER_GID pid=pppp
+configuration file is TESTSUITE/test-config
+admin user
+originator: uid=CALLER_UID gid=CALLER_GID login=CALLER name=CALLER_NAME
+sender address = CALLER@???
+1.2.3.4 in "1.2.3"? no (malformed IPv4 address or address mask)
+1.2.3.4 in "1.2.3.4/abc"? no (malformed IPv4 address or address mask)
+search_tidyup called
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
Index: 0475
===================================================================
RCS file: /home/cvs/exim/exim-test/stderr/0475,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 0475 7 Feb 2006 10:47:31 -0000 1.1
+++ 0475 13 Feb 2006 11:13:37 -0000 1.2
@@ -12,4 +12,11 @@
LOG: unknown lookup type "<" in host list item "<; 1.2.3.4:5.6.7.8"
>>> host in "1.2.3.4 : <; 1.2.3.4::5.6.7.8"? lookup deferred for <; 1.2.3.4:5.6.7.8
>>> deny: condition test deferred
-LOG: H=[V4NET.0.0.0] F=<> temporarily rejected RCPT <a@b>: unknown lookup type "<"
+LOG: H=[V4NET.0.0.0] F=<> temporarily rejected RCPT <a1@b>: unknown lookup type "<"
+>>> using ACL "a2"
+>>> processing "deny"
+>>> check hosts = 1.2.3/24
+>>> host in "1.2.3/24"? no (malformed IPv4 address or address mask)
+>>> deny: condition test failed
+>>> end of ACL "a2": implicit DENY
+LOG: H=[V4NET.0.0.0] F=<> rejected RCPT <a2@b>
Index: 0002
===================================================================
RCS file: /home/cvs/exim/exim-test/stdout/0002,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- 0002 10 Feb 2006 14:25:44 -0000 1.2
+++ 0002 13 Feb 2006 11:13:37 -0000 1.3
@@ -658,3 +658,6 @@
354 Enter message, ending with "." on a line by itself
550 reply_address=<>
221 myhost.test.ex closing connection
+> match_ip: 15
+> match_ip: 16
+>
Index: 0475
===================================================================
RCS file: /home/cvs/exim/exim-test/stdout/0475,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- 0475 7 Feb 2006 10:47:37 -0000 1.1
+++ 0475 13 Feb 2006 11:13:37 -0000 1.2
@@ -6,4 +6,5 @@
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000
250 OK
451 Temporary local problem - please try later
+550 Administrative prohibition
221 the.local.host.name closing connection
