bug-anubis
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-anubis] 2 bugs and an annoyance


From: Sergey Poznyakoff
Subject: Re: [bug-anubis] 2 bugs and an annoyance
Date: Wed, 02 Jul 2008 16:13:19 +0300

Hi Pascal,

Thanks for your report.

> 1.  On a server with IP address 10.1.1.1 and anubisrc containing:
> 
> bind 10.1.1.1:25
> remote-mta 127.0.0.1
> 
> Anubis gives the error "Loop not allowed. Connection rejected."  It
> appears Anubis includes code to avoid loops, but this code has a bug
> wherein if both bind and remote IPs are on the same box and the port
> numbers match, it incorrectly believes that it would be talking to
> itself.

Indeed, this code seems a leftover from early versions.  Moreover, I see
no reason why this check needs to be repeated on every connection.
Please try the attached patch.

I will return to points 2 and 3 later.

Regards,
Sergey

Index: src/authmode.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/authmode.c,v
retrieving revision 1.45
diff -p -u -r1.45 authmode.c
--- src/authmode.c      3 Nov 2007 17:04:40 -0000       1.45
+++ src/authmode.c      2 Jul 2008 13:08:45 -0000
@@ -596,51 +596,6 @@ anubis_authenticate_mode (struct sockadd
                          "Set either REMOTE-MTA or LOCAL-MTA."));
        }
 
-      /*
-       Protection against a loop connection.
-      */
-      
-      if (!(topt & T_LOCAL_MTA))
-       {
-         unsigned long inaddr;
-         struct sockaddr_in ad;
-         
-         memset (&ad, 0, sizeof (ad));
-         inaddr = inet_addr (session.mta);
-         if (inaddr != INADDR_NONE)
-           memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
-         else
-           {
-             struct hostent *hp = 0;
-             hp = gethostbyname (session.mta);
-             if (hp == 0)
-               {
-                 hostname_error (session.mta);
-                 return EXIT_FAILURE;
-               }
-             else
-               {
-                 if (hp->h_length != 4 && hp->h_length != 8)
-                   {
-                     anubis_error (EXIT_FAILURE, 0,
-                        _("Illegal address length received for host %s"),
-                                   session.mta);
-                   }
-                 else
-                   {
-                     memcpy ((char *) &ad.sin_addr.s_addr,
-                             hp->h_addr, hp->h_length);
-                   }
-               }
-           }
-         if (ntohl (ad.sin_addr.s_addr) == INADDR_LOOPBACK
-             && session.anubis_port == session.mta_port)
-           {
-             anubis_error (EXIT_FAILURE, 0, 
-                             _("Loop not allowed. Connection rejected."));
-           }
-       }
-      
       alarm (300);
       if (topt & T_LOCAL_MTA)
        {
Index: src/env.opt
===================================================================
RCS file: /cvsroot/anubis/anubis/src/env.opt,v
retrieving revision 1.3
diff -p -u -r1.3 env.opt
--- src/env.opt 6 Aug 2007 15:29:22 -0000       1.3
+++ src/env.opt 2 Jul 2008 13:08:46 -0000
@@ -1,4 +1,4 @@
-/* -* c -*-
+/* -*- c -*-
    env.c
 
    This file is part of GNU Anubis.
@@ -155,6 +155,38 @@ OPTIONS_END
 int x_argc;
 char **x_argv;
 
+static unsigned long 
+string_to_ipaddr (const char *str)
+{
+  unsigned long inaddr;
+  struct sockaddr_in ad;
+
+  memset (&ad, 0, sizeof (ad));
+  inaddr = inet_addr (str);
+  if (inaddr != INADDR_NONE)
+    memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
+  else
+    {
+      struct hostent *hp = 0;
+      hp = gethostbyname (str);
+      if (hp == 0)
+       hostname_error (str);
+      else
+       {
+         if (hp->h_length != 4 && hp->h_length != 8)
+           {
+             anubis_error (EXIT_FAILURE, 0,
+                           _("Illegal address length received for host %s"),
+                           str);
+           }
+         else
+           memcpy ((char *) &ad.sin_addr.s_addr, hp->h_addr, hp->h_length);
+       }
+    }
+
+  return inaddr;
+}
+
 void
 get_options (int argc, char *argv[])
 {
@@ -172,6 +204,11 @@ get_options (int argc, char *argv[])
       if (x_argc == 0)
        anubis_error (EX_USAGE, 0, _("Missing recipient addresses"));
     }
+  if (!(topt & T_LOCAL_MTA)
+      && string_to_ipaddr (session.mta) == string_to_ipaddr (session.anubis)
+      && session.anubis_port == session.mta_port)
+    anubis_error (EXIT_FAILURE, 0,
+                  _("remote-mta loops back to Anubis"));
 }
 
 /*********************
Index: src/transmode.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/transmode.c,v
retrieving revision 1.17
diff -p -u -r1.17 transmode.c
--- src/transmode.c     6 Aug 2007 15:29:24 -0000       1.17
+++ src/transmode.c     2 Jul 2008 13:08:46 -0000
@@ -62,50 +62,6 @@ anubis_transparent_mode (struct sockaddr
                                       "Set the REMOTE-MTA or LOCAL-MTA."));
     }
 
-  /*
-     Protection against a loop connection.
-   */
-
-  if (!(topt & T_LOCAL_MTA))
-    {
-      unsigned long inaddr;
-      struct sockaddr_in ad;
-
-      memset (&ad, 0, sizeof (ad));
-      inaddr = inet_addr (session.mta);
-      if (inaddr != INADDR_NONE)
-       memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
-      else
-       {
-         struct hostent *hp = 0;
-         hp = gethostbyname (session.mta);
-         if (hp == 0)
-           {
-             hostname_error (session.mta);
-           }
-         else
-           {
-             if (hp->h_length != 4 && hp->h_length != 8)
-               {
-                 anubis_error (EXIT_FAILURE, 0,
-                               _("Illegal address length received for host 
%s"),
-                               session.mta);
-               }
-             else
-               {
-                 memcpy ((char *) &ad.sin_addr.s_addr,
-                         hp->h_addr, hp->h_length);
-               }
-           }
-       }
-      if (ntohl (ad.sin_addr.s_addr) == INADDR_LOOPBACK
-         && session.anubis_port == session.mta_port)
-       {
-         anubis_error (EXIT_FAILURE, 0,
-                        _("Loop not allowed. Connection rejected."));
-       }
-    }
-
   alarm (300);
   if (topt & T_LOCAL_MTA)
     {

reply via email to

[Prev in Thread] Current Thread [Next in Thread]