-$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.291 2006/02/10 16:29:20 ph10 Exp $
+$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.292 2006/02/13 11:13:37 ph10 Exp $
Change log file for Exim from version 4.21
-------------------------------------------
on a system where the size of off_t is not greater than 4, a panic error
is given.
+PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can
+ never match. The debug and -bh output now contains an explicit error
+ message indicating a malformed IPv4 address or mask.
+
+PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address
+ 1.2.3.4 without a mask. Now it is not recognized as an IP address, and
+ PH/23 above applies.
+
Exim version 4.60
-/* $Cambridge: exim/src/src/string.c,v 1.8 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/string.c,v 1.9 2006/02/13 11:13:37 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
s a string
maskptr NULL if no mask is permitted to follow
otherwise, points to an int where the offset of '/' is placed
+ if there is no / followed by trailing digits, *maskptr is set 0
Returns: 0 if the string is not a textual representation of an IP address
4 if it is an IPv4 address
sign, which introduces the interface specifier (scope id) of a link local
address. */
- if (!v4end) return (*s == 0 || *s == '%' || *s == '/')? yield : 0;
+ if (!v4end)
+ return (*s == 0 || *s == '%' ||
+ (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0;
}
/* Test for IPv4 address, which may be the tail-end of an IPv6 address. */
if (isdigit(*s) && isdigit(*(++s))) s++;
}
-return (*s == 0 || *s == '/')? yield : 0;
+return (*s == 0 || (*s == '/' && maskptr != NULL && *maskptr != 0))?
+ yield : 0;
}
#endif /* COMPILE_UTILITY */
-/* $Cambridge: exim/src/src/verify.c,v 1.31 2006/02/07 11:19:00 ph10 Exp $ */
+/* $Cambridge: exim/src/src/verify.c,v 1.32 2006/02/13 11:13:37 ph10 Exp $ */
/*************************************************
* Exim - an Internet mail transport agent *
BOOL iplookup = FALSE;
BOOL isquery = FALSE;
BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0;
-uschar *t = ss;
+uschar *t;
uschar *semicolon;
uschar **aliases;
if (string_is_ip_address(ss, &maskoffset) != 0)
return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL);
+/* The pattern is not an IP address. A common error that people make is to omit
+one component of an IPv4 address, either by accident, or believing that, for
+example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0,
+which it isn't. (Those applications that do accept 1.2.3 as an IP address
+interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an
+ancient specification.) To aid in debugging these cases, we give a specific
+error if the pattern contains only digits and dots or contains a slash preceded
+only by digits and dots (a slash at the start indicates a file name and of
+course slashes may be present in lookups, but not preceded only by digits and
+dots). */
+
+for (t = ss; isdigit(*t) || *t == '.'; t++);
+if (*t == 0 || (*t == '/' && t != ss))
+ {
+ *error = US"malformed IPv4 address or address mask";
+ return ERROR;
+ }
+
/* See if there is a semicolon in the pattern */
semicolon = Ustrchr(ss, ';');
if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */
iplookup = (*t++ == '-');
}
+else t = ss;
/* Do the IP address lookup if that is indeed what we have */
# ----- Main settings -----
-acl_smtp_rcpt = a1
+acl_smtp_rcpt = $local_part
# ----- ACL -----
a1:
deny hosts = 1.2.3.4 : <; 1.2.3.4::5.6.7.8
+a2:
+ deny hosts = 1.2.3/24
+
# End
.
quit
****
+# Certain kind of error
+exim -d -be
+match_ip: 15 ${if match_ip{1.2.3.4}{1.2.3}}
+match_ip: 16 ${if match_ip{1.2.3.4}{1.2.3.4/abc}}
+****
# malformed item in host list
exim -bh V4NET.0.0.0
mail from:<>
-rcpt to:<a@b>
+rcpt to:<a1@b>
+rcpt to:<a2@b>
quit
****
>>> processing "deny"
>>> deny: condition test succeeded
LOG: 10HmbD-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address=<>
+Exim version x.yz ....
+changed uid/gid: -C, -D, -be or -bf forces real uid
+ uid=CALLER_UID gid=CALLER_GID pid=pppp
+configuration file is TESTSUITE/test-config
+admin user
+originator: uid=CALLER_UID gid=CALLER_GID login=CALLER name=CALLER_NAME
+sender address = CALLER@myhost.test.ex
+1.2.3.4 in "1.2.3"? no (malformed IPv4 address or address mask)
+1.2.3.4 in "1.2.3.4/abc"? no (malformed IPv4 address or address mask)
+search_tidyup called
+>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>>
LOG: unknown lookup type "<" in host list item "<; 1.2.3.4:5.6.7.8"
>>> host in "1.2.3.4 : <; 1.2.3.4::5.6.7.8"? lookup deferred for <; 1.2.3.4:5.6.7.8
>>> deny: condition test deferred
-LOG: H=[V4NET.0.0.0] F=<> temporarily rejected RCPT <a@b>: unknown lookup type "<"
+LOG: H=[V4NET.0.0.0] F=<> temporarily rejected RCPT <a1@b>: unknown lookup type "<"
+>>> using ACL "a2"
+>>> processing "deny"
+>>> check hosts = 1.2.3/24
+>>> host in "1.2.3/24"? no (malformed IPv4 address or address mask)
+>>> deny: condition test failed
+>>> end of ACL "a2": implicit DENY
+LOG: H=[V4NET.0.0.0] F=<> rejected RCPT <a2@b>
354 Enter message, ending with "." on a line by itself\r
550 reply_address=<>\r
221 myhost.test.ex closing connection\r
+> match_ip: 15
+> match_ip: 16
+>
220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000\r
250 OK\r
451 Temporary local problem - please try later\r
+550 Administrative prohibition\r
221 the.local.host.name closing connection\r
git://git.exim.org / exim.git / commitdiff