diff options
| author | Jeremy Harris <jgh146exb@wizmail.org> | 2017-03-18 14:41:50 +0000 |
|---|---|---|
| committer | Jeremy Harris <jgh146exb@wizmail.org> | 2017-03-18 15:28:41 +0000 |
| commit | 8d909960c69378a54d9493586d74ba361948bf49 (patch) | |
| tree | 8d0cda6714e58719719c37c7422d02add3f97d84 | |
| parent | 5e6d12accb0bdfa1cee9d8c9a1ecec3131b9f502 (diff) | |
Expansions: check numeric values of IPv4 address components
| -rw-r--r-- | doc/doc-docbook/spec.xfpt | 11 | ||||
| -rw-r--r-- | doc/doc-txt/ChangeLog | 3 | ||||
| -rw-r--r-- | src/src/string.c | 15 | ||||
| -rw-r--r-- | test/scripts/0000-Basic/0002 | 3 | ||||
| -rw-r--r-- | test/stdout/0002 | 3 |
5 files changed, 26 insertions, 9 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt index 91dacb7bb..128ee8004 100644 --- a/doc/doc-docbook/spec.xfpt +++ b/doc/doc-docbook/spec.xfpt @@ -11042,9 +11042,14 @@ colon-separated components are permitted, each containing from one to four hexadecimal digits. There may be fewer than eight components if an empty component (adjacent colons) is present. Only one empty component is permitted. -&*Note*&: The checks are just on the form of the address; actual numerical -values are not considered. Thus, for example, 999.999.999.999 passes the IPv4 -check. The main use of these tests is to distinguish between IP addresses and +.new +&*Note*&: The checks used to be just on the form of the address; actual numerical +values were not considered. Thus, for example, 999.999.999.999 passed the IPv4 +check. +This is no longer the case. +.wen + +The main use of these tests is to distinguish between IP addresses and host names, or between IPv4 and IPv6 addresses. For example, you could use .code ${if isip4{$sender_host_address}... diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog index f43475ba3..ac35c75f1 100644 --- a/doc/doc-txt/ChangeLog +++ b/doc/doc-txt/ChangeLog @@ -35,6 +35,9 @@ PP/02 Bug 2070: uClibc defines __GLIBC__ without providing glibc headers; add noisy ifdef guards to special-case this sillyness. Patch from Bernd Kuhls. +JH/05 Tighten up the checking in isip4 (et al): dotted-quad components larger + than 255 are no longer allowed. + Exim version 4.89 ----------------- diff --git a/src/src/string.c b/src/src/string.c index cec59506d..4850fd958 100644 --- a/src/src/string.c +++ b/src/src/string.c @@ -42,7 +42,7 @@ int yield = 4; /* If an optional mask is permitted, check for it. If found, pass back the offset. */ -if (maskptr != NULL) +if (maskptr) { const uschar *ss = s + Ustrlen(s); *maskptr = 0; @@ -79,7 +79,7 @@ if (Ustrchr(s, ':') != NULL) if we hit the / that introduces a mask or the % that introduces the interface specifier (scope id) of a link-local address. */ - if (*s == 0 || *s == '%' || *s == '/') return had_double_colon? yield : 0; + if (*s == 0 || *s == '%' || *s == '/') return had_double_colon ? yield : 0; /* If a component starts with an additional colon, we have hit a double colon. This is permitted to appear once only, and counts as at least @@ -135,13 +135,16 @@ if (Ustrchr(s, ':') != NULL) for (i = 0; i < 4; i++) { + long n; + uschar * end; + if (i != 0 && *s++ != '.') return 0; - if (!isdigit(*s++)) return 0; - if (isdigit(*s) && isdigit(*(++s))) s++; + n = strtol(CCS s, CSS &end, 10); + if (n > 255 || n < 0 || end <= s || end > s+3) return 0; + s = end; } -return (*s == 0 || (*s == '/' && maskptr != NULL && *maskptr != 0))? - yield : 0; +return !*s || (*s == '/' && maskptr && *maskptr != 0) ? yield : 0; } #endif /* COMPILE_UTILITY */ diff --git a/test/scripts/0000-Basic/0002 b/test/scripts/0000-Basic/0002 index cf8dc36e0..cb0bb188f 100644 --- a/test/scripts/0000-Basic/0002 +++ b/test/scripts/0000-Basic/0002 @@ -417,6 +417,8 @@ gei: ${if gei{ABC}{abc}{y}{n}} isip: ${if isip {1.2.3.4}{y}{n}} 1.2.3.4 isip4: ${if isip4{1.2.3.4}{y}{n}} 1.2.3.4 isip6: ${if isip6{1.2.3.4}{y}{n}} 1.2.3.4 +isip: ${if isip {::1.2.3.256}{y}{n}} ::1.2.3.256 +isip4: ${if isip4{1.2.3.256}{y}{n}} 1.2.3.256 isip: ${if isip {1:2:3:4}{y}{n}} 1:2:3:4 isip4: ${if isip4{1:2:3:4}{y}{n}} 1:2:3:4 isip6: ${if isip6{1:2:3:4}{y}{n}} 1:2:3:4 @@ -426,6 +428,7 @@ isip6: ${if isip6{::1}{y}{n}} ::1 isip: ${if isip {fe80::a00:20ff:fe86:a061}{y}{n}} fe80::a00:20ff:fe86:a061 isip4: ${if isip4{fe80::a00:20ff:fe86:a061}{y}{n}} fe80::a00:20ff:fe86:a061 isip6: ${if isip6{fe80::a00:20ff:fe86:a061}{y}{n}} fe80::a00:20ff:fe86:a061 +isip: ${if isip {fe80::1.2.3.4}{y}{n}} fe80::1.2.3.4 isip: ${if isip {rhubarb}{y}{n}} rhubarb isip4: ${if isip4{rhubarb}{y}{n}} rhubarb isip6: ${if isip6{rhubarb}{y}{n}} rhubarb diff --git a/test/stdout/0002 b/test/stdout/0002 index fa445b01c..5593f06cc 100644 --- a/test/stdout/0002 +++ b/test/stdout/0002 @@ -393,6 +393,8 @@ newline tab\134backslash ~tilde\177DEL\200\201. > isip: y 1.2.3.4 > isip4: y 1.2.3.4 > isip6: n 1.2.3.4 +> isip: n ::1.2.3.256 +> isip4: n 1.2.3.256 > isip: n 1:2:3:4 > isip4: n 1:2:3:4 > isip6: n 1:2:3:4 @@ -402,6 +404,7 @@ newline tab\134backslash ~tilde\177DEL\200\201. > isip: y fe80::a00:20ff:fe86:a061 > isip4: n fe80::a00:20ff:fe86:a061 > isip6: y fe80::a00:20ff:fe86:a061 +> isip: y fe80::1.2.3.4 > isip: n rhubarb > isip4: n rhubarb > isip6: n rhubarb |