Re: [bug-anubis] 2 bugs and an annoyance

Sergey Poznyakoff Wed, 02 Jul 2008 06:13:36 -0700

Hi Pascal,

Thanks for your report.


> 1.  On a server with IP address 10.1.1.1 and anubisrc containing:
> 
> bind 10.1.1.1:25
> remote-mta 127.0.0.1
> 
> Anubis gives the error "Loop not allowed. Connection rejected."  It
> appears Anubis includes code to avoid loops, but this code has a bug
> wherein if both bind and remote IPs are on the same box and the port
> numbers match, it incorrectly believes that it would be talking to
> itself.

Indeed, this code seems a leftover from early versions.  Moreover, I see
no reason why this check needs to be repeated on every connection.
Please try the attached patch.

I will return to points 2 and 3 later.

Regards,
Sergey

Index: src/authmode.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/authmode.c,v
retrieving revision 1.45
diff -p -u -r1.45 authmode.c
--- src/authmode.c	3 Nov 2007 17:04:40 -0000	1.45
+++ src/authmode.c	2 Jul 2008 13:08:45 -0000
@@ -596,51 +596,6 @@ anubis_authenticate_mode (struct sockadd
 		  	  "Set either REMOTE-MTA or LOCAL-MTA."));
 	}
 
-      /*
-	Protection against a loop connection.
-      */
-      
-      if (!(topt & T_LOCAL_MTA))
-	{
-	  unsigned long inaddr;
-	  struct sockaddr_in ad;
-	  
-	  memset (&ad, 0, sizeof (ad));
-	  inaddr = inet_addr (session.mta);
-	  if (inaddr != INADDR_NONE)
-	    memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
-	  else
-	    {
-	      struct hostent *hp = 0;
-	      hp = gethostbyname (session.mta);
-	      if (hp == 0)
-		{
-		  hostname_error (session.mta);
-		  return EXIT_FAILURE;
-		}
-	      else
-		{
-		  if (hp->h_length != 4 && hp->h_length != 8)
-		    {
-		      anubis_error (EXIT_FAILURE, 0,
-			 _("Illegal address length received for host %s"),
-				    session.mta);
-		    }
-		  else
-		    {
-		      memcpy ((char *) &ad.sin_addr.s_addr,
-			      hp->h_addr, hp->h_length);
-		    }
-		}
-	    }
-	  if (ntohl (ad.sin_addr.s_addr) == INADDR_LOOPBACK
-	      && session.anubis_port == session.mta_port)
-	    {
-	      anubis_error (EXIT_FAILURE, 0, 
-                             _("Loop not allowed. Connection rejected."));
-	    }
-	}
-      
       alarm (300);
       if (topt & T_LOCAL_MTA)
 	{
Index: src/env.opt
===================================================================
RCS file: /cvsroot/anubis/anubis/src/env.opt,v
retrieving revision 1.3
diff -p -u -r1.3 env.opt
--- src/env.opt	6 Aug 2007 15:29:22 -0000	1.3
+++ src/env.opt	2 Jul 2008 13:08:46 -0000
@@ -1,4 +1,4 @@
-/* -* c -*-
+/* -*- c -*-
    env.c
 
    This file is part of GNU Anubis.
@@ -155,6 +155,38 @@ OPTIONS_END
 int x_argc;
 char **x_argv;
 
+static unsigned long 
+string_to_ipaddr (const char *str)
+{
+  unsigned long inaddr;
+  struct sockaddr_in ad;
+
+  memset (&ad, 0, sizeof (ad));
+  inaddr = inet_addr (str);
+  if (inaddr != INADDR_NONE)
+    memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
+  else
+    {
+      struct hostent *hp = 0;
+      hp = gethostbyname (str);
+      if (hp == 0)
+	hostname_error (str);
+      else
+	{
+	  if (hp->h_length != 4 && hp->h_length != 8)
+	    {
+	      anubis_error (EXIT_FAILURE, 0,
+			    _("Illegal address length received for host %s"),
+			    str);
+	    }
+	  else
+	    memcpy ((char *) &ad.sin_addr.s_addr, hp->h_addr, hp->h_length);
+	}
+    }
+
+  return inaddr;
+}
+
 void
 get_options (int argc, char *argv[])
 {
@@ -172,6 +204,11 @@ get_options (int argc, char *argv[])
       if (x_argc == 0)
 	anubis_error (EX_USAGE, 0, _("Missing recipient addresses"));
     }
+  if (!(topt & T_LOCAL_MTA)
+      && string_to_ipaddr (session.mta) == string_to_ipaddr (session.anubis)
+      && session.anubis_port == session.mta_port)
+    anubis_error (EXIT_FAILURE, 0,
+                  _("remote-mta loops back to Anubis"));
 }
 
 /*********************
Index: src/transmode.c
===================================================================
RCS file: /cvsroot/anubis/anubis/src/transmode.c,v
retrieving revision 1.17
diff -p -u -r1.17 transmode.c
--- src/transmode.c	6 Aug 2007 15:29:24 -0000	1.17
+++ src/transmode.c	2 Jul 2008 13:08:46 -0000
@@ -62,50 +62,6 @@ anubis_transparent_mode (struct sockaddr
 			               "Set the REMOTE-MTA or LOCAL-MTA."));
     }
 
-  /*
-     Protection against a loop connection.
-   */
-
-  if (!(topt & T_LOCAL_MTA))
-    {
-      unsigned long inaddr;
-      struct sockaddr_in ad;
-
-      memset (&ad, 0, sizeof (ad));
-      inaddr = inet_addr (session.mta);
-      if (inaddr != INADDR_NONE)
-	memcpy (&ad.sin_addr, &inaddr, sizeof (inaddr));
-      else
-	{
-	  struct hostent *hp = 0;
-	  hp = gethostbyname (session.mta);
-	  if (hp == 0)
-	    {
-	      hostname_error (session.mta);
-	    }
-	  else
-	    {
-	      if (hp->h_length != 4 && hp->h_length != 8)
-		{
-		  anubis_error (EXIT_FAILURE, 0,
-				_("Illegal address length received for host %s"),
-				session.mta);
-		}
-	      else
-		{
-		  memcpy ((char *) &ad.sin_addr.s_addr,
-			  hp->h_addr, hp->h_length);
-		}
-	    }
-	}
-      if (ntohl (ad.sin_addr.s_addr) == INADDR_LOOPBACK
-	  && session.anubis_port == session.mta_port)
-	{
-	  anubis_error (EXIT_FAILURE, 0,
-                        _("Loop not allowed. Connection rejected."));
-	}
-    }
-
   alarm (300);
   if (topt & T_LOCAL_MTA)
     {

_______________________________________________
Bug-anubis mailing list
[email protected]
http://lists.gnu.org/mailman/listinfo/bug-anubis

Re: [bug-anubis] 2 bugs and an annoyance

Reply via email to