[Fix] Do not use local_addrs in proxy

diff --git a/src/libutil/addr.c b/src/libutil/addr.c
index 27ccbc4dbad2979e8e862d50cbf0036ebf774e30..463706aea3c01e6c87004a40a712c818620e74fb 100644 (file)
--- a/src/libutil/addr.c
+++ b/src/libutil/addr.c
@@ -1664,7 +1664,8 @@ rspamd_inet_address_equal (gconstpointer a, gconstpointer b)
 #endif
 
 gboolean
-rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr)
+rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
+               gboolean check_laddrs)
 {
        if (addr == NULL) {
                return FALSE;
@@ -1689,7 +1690,7 @@ rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr)
                        }
                }
 
-               if (local_addrs) {
+               if (check_laddrs && local_addrs) {
                        if (radix_find_compressed_addr (local_addrs, addr) != RADIX_NO_VALUE) {
                                return TRUE;
                        }

diff --git a/src/libutil/addr.h b/src/libutil/addr.h
index 2d31e4f23f2f56757a7c92e39a5c1d28d714edd5..a50786adc043f624b4243649e94c816672a15636 100644 (file)
--- a/src/libutil/addr.h
+++ b/src/libutil/addr.h
@@ -274,7 +274,8 @@ gboolean rspamd_inet_address_equal (gconstpointer a, gconstpointer b);
 /**
  * Returns TRUE if an address belongs to some local address
  */
-gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr);
+gboolean rspamd_inet_address_is_local (const rspamd_inet_addr_t *addr,
+               gboolean check_laddrs);
 
 /**
  * Returns size of storage required to store a complete IP address

diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c
index 0086e2b7a31796845c3a5a58aa3730fecf600cee..6499a657df3aec16e4912ffb35fc99d1d605e6a2 100644 (file)
--- a/src/lua/lua_ip.c
+++ b/src/lua/lua_ip.c
@@ -496,9 +496,16 @@ static gint
 lua_ip_is_local (lua_State *L)
 {
        struct rspamd_lua_ip *ip = lua_check_ip (L, 1);
+       gboolean check_laddrs = TRUE;
 
        if (ip && ip->addr) {
-               lua_pushboolean (L, rspamd_inet_address_is_local (ip->addr));
+
+               if (lua_type (L, 2) == LUA_TBOOLEAN) {
+                       check_laddrs = lua_toboolean (L, 2);
+               }
+
+               lua_pushboolean (L, rspamd_inet_address_is_local (ip->addr,
+                               check_laddrs));
        }
        else {
                lua_pushnil (L);

diff --git a/src/plugins/dkim_check.c b/src/plugins/dkim_check.c
index 11d6f2c9ac2f1c8095cc1aed7110474a29c751e1..808b19f178e6adc953fd9e3054e5f012bd97310a 100644 (file)
--- a/src/plugins/dkim_check.c
+++ b/src/plugins/dkim_check.c
@@ -858,7 +858,8 @@ dkim_symbol_callback (struct rspamd_task *task, void *unused)
 
        /* First check if plugin should be enabled */
        if ((!dkim_module_ctx->check_authed && task->user != NULL)
-                       || (!dkim_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) {
+                       || (!dkim_module_ctx->check_local &&
+                                       rspamd_inet_address_is_local (task->from_addr, TRUE))) {
                msg_info_task ("skip DKIM checks for local networks and authorized users");
                return;
        }

diff --git a/src/plugins/spf.c b/src/plugins/spf.c
index a3103d699cc4e60661a40ebd90f2c6a94a3ad6ab..aa63c8018460a00cf62e668d2461fd406422d54d 100644 (file)
--- a/src/plugins/spf.c
+++ b/src/plugins/spf.c
@@ -557,7 +557,8 @@ spf_symbol_callback (struct rspamd_task *task, void *unused)
        }
 
        if ((!spf_module_ctx->check_authed && task->user != NULL)
-                       || (!spf_module_ctx->check_local && rspamd_inet_address_is_local (task->from_addr))) {
+                       || (!spf_module_ctx->check_local &&
+                                       rspamd_inet_address_is_local (task->from_addr, TRUE))) {
                msg_info_task ("skip SPF checks for local networks and authorized users");
                return;
        }

diff --git a/src/rspamd_proxy.c b/src/rspamd_proxy.c
index ea8964d85e694344bd044e97b43f053e2c72226c..8be244229ee318e124651d245ae130a31d199797 100644 (file)
--- a/src/rspamd_proxy.c
+++ b/src/rspamd_proxy.c
@@ -1074,7 +1074,8 @@ proxy_open_mirror_connections (struct rspamd_proxy_session *session)
                }
 
                if (m->local ||
-                               rspamd_inet_address_is_local (rspamd_upstream_addr (bk_conn->up))) {
+                               rspamd_inet_address_is_local (
+                                               rspamd_upstream_addr (bk_conn->up), FALSE)) {
 
                        if (session->fname) {
                                rspamd_http_message_add_header (msg, "File", session->fname);
@@ -1278,7 +1279,7 @@ retry:
 
                if (backend->local ||
                                rspamd_inet_address_is_local (
-                                               rspamd_upstream_addr (session->master_conn->up))) {
+                                               rspamd_upstream_addr (session->master_conn->up), FALSE)) {
 
                        if (session->fname) {
                                rspamd_http_message_add_header (msg, "File", session->fname);