From: Philip Hazel Date: Mon, 13 Feb 2006 11:13:37 +0000 (+0000) Subject: Better debug diagnosis of malformed IPv4 addresses. X-Git-Tag: exim-4_61~64 X-Git-Url: https://git.exim.org/exim.git/commitdiff_plain/1688f43b3071b3b4d7d3a88a6ccf28c1bc3272e0 Better debug diagnosis of malformed IPv4 addresses. --- diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index c66ec6a12..3e3da3bfd 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -1,4 +1,4 @@ -$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.291 2006/02/10 16:29:20 ph10 Exp $ +$Cambridge: exim/doc/doc-txt/ChangeLog,v 1.292 2006/02/13 11:13:37 ph10 Exp $ Change log file for Exim from version 4.21 ------------------------------------------- @@ -129,6 +129,14 @@ PH/22 Test the values given for quota, quota_filecount, quota_warn_threshold, on a system where the size of off_t is not greater than 4, a panic error is given. +PH/23 When a malformed item such as 1.2.3/24 appears in a host list, it can + never match. The debug and -bh output now contains an explicit error + message indicating a malformed IPv4 address or mask. + +PH/24 An host item such as 1.2.3.4/abc was being treated as the IP address + 1.2.3.4 without a mask. Now it is not recognized as an IP address, and + PH/23 above applies. + Exim version 4.60 diff --git a/src/src/string.c b/src/src/string.c index a093a3874..2fe57b303 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/string.c,v 1.8 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/string.c,v 1.9 2006/02/13 11:13:37 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -28,6 +28,7 @@ Arguments: s a string maskptr NULL if no mask is permitted to follow otherwise, points to an int where the offset of '/' is placed + if there is no / followed by trailing digits, *maskptr is set 0 Returns: 0 if the string is not a textual representation of an IP address 4 if it is an IPv4 address @@ -127,7 +128,9 @@ if (Ustrchr(s, ':') != NULL) sign, which introduces the interface specifier (scope id) of a link local address. */ - if (!v4end) return (*s == 0 || *s == '%' || *s == '/')? yield : 0; + if (!v4end) + return (*s == 0 || *s == '%' || + (*s == '/' && maskptr != NULL && *maskptr != 0))? yield : 0; } /* Test for IPv4 address, which may be the tail-end of an IPv6 address. */ @@ -139,7 +142,8 @@ for (i = 0; i < 4; i++) if (isdigit(*s) && isdigit(*(++s))) s++; } -return (*s == 0 || *s == '/')? yield : 0; +return (*s == 0 || (*s == '/' && maskptr != NULL && *maskptr != 0))? + yield : 0; } #endif /* COMPILE_UTILITY */ diff --git a/src/src/verify.c b/src/src/verify.c index 117cf81f8..ef7ab8d22 100644 --- a/src/src/verify.c +++ b/src/src/verify.c @@ -1,4 +1,4 @@ -/* $Cambridge: exim/src/src/verify.c,v 1.31 2006/02/07 11:19:00 ph10 Exp $ */ +/* $Cambridge: exim/src/src/verify.c,v 1.32 2006/02/13 11:13:37 ph10 Exp $ */ /************************************************* * Exim - an Internet mail transport agent * @@ -1945,7 +1945,7 @@ int maskoffset; BOOL iplookup = FALSE; BOOL isquery = FALSE; BOOL isiponly = cb->host_name != NULL && cb->host_name[0] == 0; -uschar *t = ss; +uschar *t; uschar *semicolon; uschar **aliases; @@ -1986,6 +1986,24 @@ a (possibly masked) comparision with the current IP address. */ if (string_is_ip_address(ss, &maskoffset) != 0) return (host_is_in_net(cb->host_address, ss, maskoffset)? OK : FAIL); +/* The pattern is not an IP address. A common error that people make is to omit +one component of an IPv4 address, either by accident, or believing that, for +example, 1.2.3/24 is the same as 1.2.3.0/24, or 1.2.3 is the same as 1.2.3.0, +which it isn't. (Those applications that do accept 1.2.3 as an IP address +interpret it as 1.2.0.3 because the final component becomes 16-bit - this is an +ancient specification.) To aid in debugging these cases, we give a specific +error if the pattern contains only digits and dots or contains a slash preceded +only by digits and dots (a slash at the start indicates a file name and of +course slashes may be present in lookups, but not preceded only by digits and +dots). */ + +for (t = ss; isdigit(*t) || *t == '.'; t++); +if (*t == 0 || (*t == '/' && t != ss)) + { + *error = US"malformed IPv4 address or address mask"; + return ERROR; + } + /* See if there is a semicolon in the pattern */ semicolon = Ustrchr(ss, ';'); @@ -2013,6 +2031,7 @@ if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL) if (mlen == 0 && t == ss+3) mlen = -1; /* No mask supplied */ iplookup = (*t++ == '-'); } +else t = ss; /* Do the IP address lookup if that is indeed what we have */ diff --git a/test/confs/0475 b/test/confs/0475 index f279cfd63..ff050bd53 100644 --- a/test/confs/0475 +++ b/test/confs/0475 @@ -10,7 +10,7 @@ gecos_name = CALLER_NAME # ----- Main settings ----- -acl_smtp_rcpt = a1 +acl_smtp_rcpt = $local_part # ----- ACL ----- @@ -20,4 +20,7 @@ begin acl a1: deny hosts = 1.2.3.4 : <; 1.2.3.4::5.6.7.8 +a2: + deny hosts = 1.2.3/24 + # End diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002 index f869c6da4..e73b5a84b 100644 --- a/test/scripts/0000-Basic/0002 +++ b/test/scripts/0000-Basic/0002 @@ -692,3 +692,8 @@ Subject: =?iso-8859-8?Q?_here_we_go=3A_a_string_that_is_going_to_be_encoded=3A_i . quit **** +# Certain kind of error +exim -d -be +match_ip: 15 ${if match_ip{1.2.3.4}{1.2.3}} +match_ip: 16 ${if match_ip{1.2.3.4}{1.2.3.4/abc}} +**** diff --git a/test/scripts/0000-Basic/0475 b/test/scripts/0000-Basic/0475 index e863f07c6..1571f4e89 100644 --- a/test/scripts/0000-Basic/0475 +++ b/test/scripts/0000-Basic/0475 @@ -1,6 +1,7 @@ # malformed item in host list exim -bh V4NET.0.0.0 mail from:<> -rcpt to: +rcpt to: +rcpt to: quit **** diff --git a/test/stderr/0002 b/test/stderr/0002 index 245d3904a..68d246ecd 100644 --- a/test/stderr/0002 +++ b/test/stderr/0002 @@ -348,3 +348,14 @@ LOG: 10HmbD-0005vi-00 Subject is: " here we go: a string that is going to be enc >>> processing "deny" >>> deny: condition test succeeded LOG: 10HmbD-0005vi-00 H=[V4NET.0.0.0] F=<> rejected after DATA: reply_address=<> +Exim version x.yz .... +changed uid/gid: -C, -D, -be or -bf forces real uid + uid=CALLER_UID gid=CALLER_GID pid=pppp +configuration file is TESTSUITE/test-config +admin user +originator: uid=CALLER_UID gid=CALLER_GID login=CALLER name=CALLER_NAME +sender address = CALLER@myhost.test.ex +1.2.3.4 in "1.2.3"? no (malformed IPv4 address or address mask) +1.2.3.4 in "1.2.3.4/abc"? no (malformed IPv4 address or address mask) +search_tidyup called +>>>>>>>>>>>>>>>> Exim pid=pppp terminating with rc=0 >>>>>>>>>>>>>>>> diff --git a/test/stderr/0475 b/test/stderr/0475 index d28c7ba53..e254d08f7 100644 --- a/test/stderr/0475 +++ b/test/stderr/0475 @@ -12,4 +12,11 @@ LOG: unknown lookup type "<" in host list item "<; 1.2.3.4:5.6.7.8" >>> host in "1.2.3.4 : <; 1.2.3.4::5.6.7.8"? lookup deferred for <; 1.2.3.4:5.6.7.8 >>> deny: condition test deferred -LOG: H=[V4NET.0.0.0] F=<> temporarily rejected RCPT : unknown lookup type "<" +LOG: H=[V4NET.0.0.0] F=<> temporarily rejected RCPT : unknown lookup type "<" +>>> using ACL "a2" +>>> processing "deny" +>>> check hosts = 1.2.3/24 +>>> host in "1.2.3/24"? no (malformed IPv4 address or address mask) +>>> deny: condition test failed +>>> end of ACL "a2": implicit DENY +LOG: H=[V4NET.0.0.0] F=<> rejected RCPT diff --git a/test/stdout/0002 b/test/stdout/0002 index 4d87e0acc..5cdba5219 100644 --- a/test/stdout/0002 +++ b/test/stdout/0002 @@ -658,3 +658,6 @@ xyz 354 Enter message, ending with "." on a line by itself 550 reply_address=<> 221 myhost.test.ex closing connection +> match_ip: 15 +> match_ip: 16 +> diff --git a/test/stdout/0475 b/test/stdout/0475 index dd4af68db..2fc366e62 100644 --- a/test/stdout/0475 +++ b/test/stdout/0475 @@ -6,4 +6,5 @@ 220 the.local.host.name ESMTP Exim x.yz Tue, 2 Mar 1999 09:44:33 +0000 250 OK 451 Temporary local problem - please try later +550 Administrative prohibition 221 the.local.host.name closing connection