diff options
-rw-r--r-- | src/fuzzy_storage.c | 68 | ||||
-rw-r--r-- | src/libutil/addr.c | 10 | ||||
-rw-r--r-- | src/lua/lua_ip.c | 15 | ||||
-rw-r--r-- | src/rspamd.c | 2 |
4 files changed, 67 insertions, 28 deletions
diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c index 569b6112e..385018565 100644 --- a/src/fuzzy_storage.c +++ b/src/fuzzy_storage.c @@ -252,6 +252,10 @@ rspamd_fuzzy_check_ratelimit (struct fuzzy_session *session) struct rspamd_leaky_bucket_elt *elt; ev_tstamp now; + if (!session->addr) { + return TRUE; + } + if (session->ctx->ratelimit_whitelist != NULL) { if (rspamd_match_radix_map_addr (session->ctx->ratelimit_whitelist, session->addr) != NULL) { @@ -358,7 +362,7 @@ rspamd_fuzzy_check_write (struct fuzzy_session *session) return FALSE; } - if (session->ctx->update_ips != NULL) { + if (session->ctx->update_ips != NULL && session->addr) { if (rspamd_match_radix_map_addr (session->ctx->update_ips, session->addr) == NULL) { return FALSE; @@ -870,7 +874,12 @@ rspamd_fuzzy_check_callback (struct rspamd_fuzzy_reply *result, void *ud) /* function */ lua_rawgeti (L, LUA_REGISTRYINDEX, session->ctx->lua_post_handler_cbref); /* client IP */ - rspamd_lua_ip_push (L, session->addr); + if (session->addr) { + rspamd_lua_ip_push(L, session->addr); + } + else { + lua_pushnil (L); + } /* client command */ lua_pushinteger (L, cmd->cmd); /* command value (push as rspamd_text) */ @@ -1114,7 +1123,7 @@ rspamd_fuzzy_process_command (struct fuzzy_session *session) return; } - if (session->key_stat) { + if (session->key_stat && session->addr) { ip_stat = rspamd_lru_hash_lookup (session->key_stat->last_ips, session->addr, -1); @@ -1575,6 +1584,13 @@ fuzzy_session_destroy (gpointer d) #define MSGVEC_LEN 1 #endif +union sa_union { + struct sockaddr sa; + struct sockaddr_in s4; + struct sockaddr_in6 s6; + struct sockaddr_un su; + struct sockaddr_storage ss; +}; /* * Accept new connection and construct task */ @@ -1587,7 +1603,7 @@ accept_fuzzy_socket (EV_P_ ev_io *w, int revents) guint64 *nerrors; struct iovec iovs[MSGVEC_LEN]; guint8 bufs[MSGVEC_LEN][FUZZY_INPUT_BUFLEN]; - struct sockaddr_storage peer_sa[MSGVEC_LEN]; + union sa_union peer_sa[MSGVEC_LEN]; socklen_t salen = sizeof (peer_sa[0]); #ifdef HAVE_RECVMMSG #define MSG_FIELD(msg, field) msg.msg_hdr.field @@ -1643,13 +1659,17 @@ accept_fuzzy_socket (EV_P_ ev_io *w, int revents) for (int i = 0; i < r; i ++) { rspamd_inet_addr_t *client_addr; - client_addr = rspamd_inet_address_from_sa (MSG_FIELD(msg[i], msg_name), - MSG_FIELD(msg[i], msg_namelen)); - - if (!rspamd_fuzzy_check_client (worker->ctx, client_addr)) { - /* Disallow forbidden clients silently */ - rspamd_inet_address_free (client_addr); - continue; + if (MSG_FIELD(msg[i], msg_namelen) >= sizeof(struct sockaddr)) { + client_addr = rspamd_inet_address_from_sa(MSG_FIELD(msg[i], msg_name), + MSG_FIELD(msg[i], msg_namelen)); + if (!rspamd_fuzzy_check_client (worker->ctx, client_addr)) { + /* Disallow forbidden clients silently */ + rspamd_inet_address_free (client_addr); + continue; + } + } + else { + client_addr = NULL; } session = g_malloc0 (sizeof (*session)); @@ -1676,18 +1696,20 @@ accept_fuzzy_socket (EV_P_ ev_io *w, int revents) session->ctx->stat.invalid_requests ++; msg_debug ("invalid fuzzy command of size %z received", r); - nerrors = rspamd_lru_hash_lookup (session->ctx->errors_ips, - session->addr, -1); - - if (nerrors == NULL) { - nerrors = g_malloc (sizeof (*nerrors)); - *nerrors = 1; - rspamd_lru_hash_insert (session->ctx->errors_ips, - rspamd_inet_address_copy(session->addr, NULL), - nerrors, -1, -1); - } - else { - *nerrors = *nerrors + 1; + if (session->addr) { + nerrors = rspamd_lru_hash_lookup(session->ctx->errors_ips, + session->addr, -1); + + if (nerrors == NULL) { + nerrors = g_malloc(sizeof(*nerrors)); + *nerrors = 1; + rspamd_lru_hash_insert(session->ctx->errors_ips, + rspamd_inet_address_copy(session->addr, NULL), + nerrors, -1, -1); + } + else { + *nerrors = *nerrors + 1; + } } } diff --git a/src/libutil/addr.c b/src/libutil/addr.c index d5502fce0..63e92c801 100644 --- a/src/libutil/addr.c +++ b/src/libutil/addr.c @@ -1060,6 +1060,13 @@ rspamd_inet_address_connect (const rspamd_inet_addr_t *addr, gint type, if (addr->af == AF_UNIX) { sa = (const struct sockaddr *)&addr->u.un->addr; + + struct sockaddr_un ssun; + strcpy(ssun.sun_path, tmpnam(NULL)); + ssun.sun_len = SUN_LEN(&ssun); + ssun.sun_family = AF_UNIX; + /* Also bind unix client sockets to allow unconnected reply from that side */ + r = bind (fd, &ssun, ssun.sun_len); } else { sa = &addr->u.in.addr.sa; @@ -1249,6 +1256,9 @@ rspamd_inet_address_sendto (gint fd, const void *buf, gsize len, gint fl, const struct sockaddr *sa; if (addr == NULL) { +#ifdef EADDRNOTAVAIL + errno = EADDRNOTAVAIL; +#endif return -1; } diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c index ad2e2e8b0..8abb91a1e 100644 --- a/src/lua/lua_ip.c +++ b/src/lua/lua_ip.c @@ -588,11 +588,16 @@ rspamd_lua_ip_push (lua_State *L, rspamd_inet_addr_t *addr) { struct rspamd_lua_ip *ip, **pip; - ip = g_malloc0 (sizeof (struct rspamd_lua_ip)); - ip->addr = rspamd_inet_address_copy(addr, NULL); - pip = lua_newuserdata (L, sizeof (struct rspamd_lua_ip *)); - rspamd_lua_setclass (L, "rspamd{ip}", -1); - *pip = ip; + if (addr) { + ip = g_malloc0(sizeof(struct rspamd_lua_ip)); + ip->addr = rspamd_inet_address_copy(addr, NULL); + pip = lua_newuserdata(L, sizeof(struct rspamd_lua_ip *)); + rspamd_lua_setclass(L, "rspamd{ip}", -1); + *pip = ip; + } + else { + lua_pushnil (L); + } } void diff --git a/src/rspamd.c b/src/rspamd.c index 230206add..3779e7f8e 100644 --- a/src/rspamd.c +++ b/src/rspamd.c @@ -451,6 +451,8 @@ systemd_get_socket (struct rspamd_main *rspamd_main, const gchar *fdname) union { struct sockaddr_storage ss; struct sockaddr sa; + struct sockaddr_un sun; + struct sockaddr_in6 s6; } addr_storage; socklen_t slen = sizeof (addr_storage); gint stype; |