[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-anubis] 2 bugs and an annoyance
|
From: |
Sergey Poznyakoff |
|
Subject: |
Re: [bug-anubis] 2 bugs and an annoyance |
|
Date: |
Wed, 02 Jul 2008 16:13:19 +0300 |
Hi Pascal,
Thanks for your report.
> 1. On a server with IP address 10.1.1.1 and anubisrc containing:
>
> bind 10.1.1.1:25
> remote-mta 127.0.0.1
>
> Anubis gives the error "Loop not allowed. Connection rejected." It
> appears Anubis includes code to avoid loops, but this code has a bug
> wherein if both bind and remote IPs are on the same box and the port
> numbers match, it incorrectly believes that it would be talking to
> itself.
Indeed, this code seems a leftover from early versions. Moreover, I see
no reason why this check needs to be repeated on every connection.
Please try the attached patch.
I will return to points 2 and 3 later.
Regards,
Sergey
Index: src/authmode.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/authmode.c,v
retrieving revision 1.45
diff -p -u -r1.45 authmode.c
--- src/authmode.c 3 Nov 2007 17:04:40 -0000 1.45
+++ src/authmode.c 2 Jul 2008 13:08:45 -0000
@@ -596,51 +596,6 @@ anubis_authenticate_mode (struct sockadd
"Set either REMOTE-MTA or LOCAL-MTA."));
}
- /*
- Protection against a loop connection.
- */
-
- if (!(topt & T_LOCAL_MTA))
- {
- unsigned long inaddr;
- struct sockaddr_in ad;
-
- memset (&ad, 0, sizeof (ad));
- inaddr = inet_addr (session.mta);
- if (inaddr != INADDR_NONE)
- memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
- else
- {
- struct hostent *hp = 0;
- hp = gethostbyname (session.mta);
- if (hp == 0)
- {
- hostname_error (session.mta);
- return EXIT_FAILURE;
- }
- else
- {
- if (hp->h_length != 4 && hp->h_length != 8)
- {
- anubis_error (EXIT_FAILURE, 0,
- _("Illegal address length received for host %s"),
- session.mta);
- }
- else
- {
- memcpy ((char *) &ad.sin_addr.s_addr,
- hp->h_addr, hp->h_length);
- }
- }
- }
- if (ntohl (ad.sin_addr.s_addr) == INADDR_LOOPBACK
- && session.anubis_port == session.mta_port)
- {
- anubis_error (EXIT_FAILURE, 0,
- _("Loop not allowed. Connection rejected."));
- }
- }
-
alarm (300);
if (topt & T_LOCAL_MTA)
{
Index: src/env.opt
===================================================================
RCS file: /cvsroot/anubis/anubis/src/env.opt,v
retrieving revision 1.3
diff -p -u -r1.3 env.opt
--- src/env.opt 6 Aug 2007 15:29:22 -0000 1.3
+++ src/env.opt 2 Jul 2008 13:08:46 -0000
@@ -1,4 +1,4 @@
-/* -* c -*-
+/* -*- c -*-
env.c
This file is part of GNU Anubis.
@@ -155,6 +155,38 @@ OPTIONS_END
int x_argc;
char **x_argv;
+static unsigned long
+string_to_ipaddr (const char *str)
+{
+ unsigned long inaddr;
+ struct sockaddr_in ad;
+
+ memset (&ad, 0, sizeof (ad));
+ inaddr = inet_addr (str);
+ if (inaddr != INADDR_NONE)
+ memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
+ else
+ {
+ struct hostent *hp = 0;
+ hp = gethostbyname (str);
+ if (hp == 0)
+ hostname_error (str);
+ else
+ {
+ if (hp->h_length != 4 && hp->h_length != 8)
+ {
+ anubis_error (EXIT_FAILURE, 0,
+ _("Illegal address length received for host %s"),
+ str);
+ }
+ else
+ memcpy ((char *) &ad.sin_addr.s_addr, hp->h_addr, hp->h_length);
+ }
+ }
+
+ return inaddr;
+}
+
void
get_options (int argc, char *argv[])
{
@@ -172,6 +204,11 @@ get_options (int argc, char *argv[])
if (x_argc == 0)
anubis_error (EX_USAGE, 0, _("Missing recipient addresses"));
}
+ if (!(topt & T_LOCAL_MTA)
+ && string_to_ipaddr (session.mta) == string_to_ipaddr (session.anubis)
+ && session.anubis_port == session.mta_port)
+ anubis_error (EXIT_FAILURE, 0,
+ _("remote-mta loops back to Anubis"));
}
/*********************
Index: src/transmode.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/transmode.c,v
retrieving revision 1.17
diff -p -u -r1.17 transmode.c
--- src/transmode.c 6 Aug 2007 15:29:24 -0000 1.17
+++ src/transmode.c 2 Jul 2008 13:08:46 -0000
@@ -62,50 +62,6 @@ anubis_transparent_mode (struct sockaddr
"Set the REMOTE-MTA or LOCAL-MTA."));
}
- /*
- Protection against a loop connection.
- */
-
- if (!(topt & T_LOCAL_MTA))
- {
- unsigned long inaddr;
- struct sockaddr_in ad;
-
- memset (&ad, 0, sizeof (ad));
- inaddr = inet_addr (session.mta);
- if (inaddr != INADDR_NONE)
- memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
- else
- {
- struct hostent *hp = 0;
- hp = gethostbyname (session.mta);
- if (hp == 0)
- {
- hostname_error (session.mta);
- }
- else
- {
- if (hp->h_length != 4 && hp->h_length != 8)
- {
- anubis_error (EXIT_FAILURE, 0,
- _("Illegal address length received for host
%s"),
- session.mta);
- }
- else
- {
- memcpy ((char *) &ad.sin_addr.s_addr,
- hp->h_addr, hp->h_length);
- }
- }
- }
- if (ntohl (ad.sin_addr.s_addr) == INADDR_LOOPBACK
- && session.anubis_port == session.mta_port)
- {
- anubis_error (EXIT_FAILURE, 0,
- _("Loop not allowed. Connection rejected."));
- }
- }
-
alarm (300);
if (topt & T_LOCAL_MTA)
{