Mercurial > dnsbl
comparison src/dnsbl.cpp @ 252:836b7f2357f9
need ntohl() before using masks that are defined in host byte order
| author | Carl Byington <carl@five-ten-sg.com> |
|---|---|
| date | Sun, 08 Apr 2012 16:10:31 -0700 |
| parents | 15bf4f68a0b2 |
| children | d6d5c50b9278 |
comparison
equal
deleted
inserted
replaced
| 251:0a2b842c07cd | 252:836b7f2357f9 |
|---|---|
| 153 struct glommer { | 153 struct glommer { |
| 154 size_t length; | 154 size_t length; |
| 155 #ifdef NS_PACKETSZ | 155 #ifdef NS_PACKETSZ |
| 156 u_char answer[NS_PACKETSZ*4]; // with a resolver, we return resolver answers | 156 u_char answer[NS_PACKETSZ*4]; // with a resolver, we return resolver answers |
| 157 #else | 157 #else |
| 158 int32_t answer; // without a resolver, we return a single ipv4 address, 0 == no answer | 158 uint32_t answer; // without a resolver, we return a single ipv4 address in network byte order, 0 == no answer |
| 159 #endif | 159 #endif |
| 160 } __attribute__ ((packed)); | 160 } __attribute__ ((packed)); |
| 161 | 161 |
| 162 | 162 |
| 163 //////////////////////////////////////////////// | 163 //////////////////////////////////////////////// |
| 253 return sock; | 253 return sock; |
| 254 } | 254 } |
| 255 | 255 |
| 256 | 256 |
| 257 //////////////////////////////////////////////// | 257 //////////////////////////////////////////////// |
| 258 // ask a dns question and get an A record answer - we don't try | 258 // ask a dns question and get an A record answer in network byte order |
| 259 // very hard, just using the default resolver retry settings. | 259 // we don't try very hard, just using the default resolver retry settings. |
| 260 // If we cannot get an answer, we just accept the mail. | 260 // If we cannot get an answer, we just accept the mail. |
| 261 // | 261 // |
| 262 // | 262 // |
| 263 int32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers); | 263 uint32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers); |
| 264 int32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers) { | 264 uint32_t dns_interface(mlfiPriv &priv, const char *question, bool maybe_ip, ns_map *nameservers) { |
| 265 // tell sendmail we are still working | 265 // tell sendmail we are still working |
| 266 #if _FFR_SMFI_PROGRESS | 266 #if _FFR_SMFI_PROGRESS |
| 267 if (priv.eom) smfi_progress(priv.ctx); | 267 if (priv.eom) smfi_progress(priv.ctx); |
| 268 #endif | 268 #endif |
| 269 | 269 |
| 273 if (priv.err) return 0; // cannot ask more questions on this socket. | 273 if (priv.err) return 0; // cannot ask more questions on this socket. |
| 274 if (maybe_ip) { | 274 if (maybe_ip) { |
| 275 // might be a bare ip address, try this first to avoid dns lookups that may not be needed | 275 // might be a bare ip address, try this first to avoid dns lookups that may not be needed |
| 276 in_addr ip; | 276 in_addr ip; |
| 277 if (inet_aton(question, &ip)) { | 277 if (inet_aton(question, &ip)) { |
| 278 return (int32_t)ip.s_addr; | 278 return ip.s_addr; |
| 279 } | 279 } |
| 280 } | 280 } |
| 281 int n = strlen(question); | 281 int n = strlen(question); |
| 282 if (question[n-1] == '.') { | 282 if (question[n-1] == '.') { |
| 283 priv.my_write(question, n+1); // write the question including the null terminator | 283 priv.my_write(question, n+1); // write the question including the null terminator |
| 303 priv.my_read(buf, glom.length); | 303 priv.my_read(buf, glom.length); |
| 304 | 304 |
| 305 #ifdef NS_PACKETSZ | 305 #ifdef NS_PACKETSZ |
| 306 // now we need to lock the resolver mutex to keep the milter threads from | 306 // now we need to lock the resolver mutex to keep the milter threads from |
| 307 // stepping on each other while parsing the dns answer. | 307 // stepping on each other while parsing the dns answer. |
| 308 int ret_address = 0; | 308 uint32_t ret_address = 0; |
| 309 pthread_mutex_lock(&resolve_mutex); | 309 pthread_mutex_lock(&resolve_mutex); |
| 310 // parse the answer | 310 // parse the answer |
| 311 ns_msg handle; | 311 ns_msg handle; |
| 312 ns_rr rr; | 312 ns_rr rr; |
| 313 if (ns_initparse(glom.answer, glom.length, &handle) == 0) { | 313 if (ns_initparse(glom.answer, glom.length, &handle) == 0) { |
| 348 if (ns_rr_type(rr) == ns_t_a) { | 348 if (ns_rr_type(rr) == ns_t_a) { |
| 349 char* nam = (char*)ns_rr_name(rr); | 349 char* nam = (char*)ns_rr_name(rr); |
| 350 ns_mapper::iterator i = ns.ns_ip.find(nam); | 350 ns_mapper::iterator i = ns.ns_ip.find(nam); |
| 351 if (i != ns.ns_ip.end()) { | 351 if (i != ns.ns_ip.end()) { |
| 352 // we want this ip address | 352 // we want this ip address |
| 353 int32_t address; | 353 uint32_t address; |
| 354 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); | 354 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); |
| 355 ns.ns_ip[nam] = address; | 355 ns.ns_ip[nam] = address; |
| 356 } | 356 } |
| 357 } | 357 } |
| 358 } | 358 } |
| 359 } | 359 } |
| 360 int rrnum = 0; | 360 int rrnum = 0; |
| 361 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) { | 361 while (ns_parserr(&handle, ns_s_an, rrnum++, &rr) == 0) { |
| 362 if (ns_rr_type(rr) == ns_t_a) { | 362 if (ns_rr_type(rr) == ns_t_a) { |
| 363 int32_t address; | 363 uint32_t address; |
| 364 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); | 364 memcpy(&address, ns_rr_rdata(rr), sizeof(address)); |
| 365 ret_address = address; | 365 ret_address = address; |
| 366 } | 366 } |
| 367 } | 367 } |
| 368 } | 368 } |
| 815 } | 815 } |
| 816 } | 816 } |
| 817 | 817 |
| 818 | 818 |
| 819 //////////////////////////////////////////////// | 819 //////////////////////////////////////////////// |
| 820 // check a single dnsbl | 820 // check a single dns list, return ip address in network byte order |
| 821 // | 821 // |
| 822 int32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix); | 822 uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix); |
| 823 int32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix) { | 823 uint32_t check_single(mlfiPriv &priv, int32_t ip, const char *suffix) { |
| 824 // make a dns question | 824 // make a dns question |
| 825 const u_char *src = (const u_char *)&ip; | 825 const u_char *src = (const u_char *)&ip; |
| 826 if (src[0] == 127) return 0; // don't do dns lookups on localhost | 826 if (src[0] == 127) return 0; // don't do dns lookups on localhost |
| 827 if (src[0] == 10) return 0; // don't do dns lookups on rfc1918 space | 827 if (src[0] == 10) return 0; // don't do dns lookups on rfc1918 space |
| 828 if ((src[0] == 192) && (src[1] == 168)) return 0; | 828 if ((src[0] == 192) && (src[1] == 168)) return 0; |
| 850 //////////////////////////////////////////////// | 850 //////////////////////////////////////////////// |
| 851 // check a single dnswl | 851 // check a single dnswl |
| 852 // | 852 // |
| 853 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl); | 853 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl); |
| 854 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl) { | 854 bool check_single(mlfiPriv &priv, int32_t ip, DNSWL &wl) { |
| 855 int32_t r = check_single(priv, ip, wl.suffix); | 855 uint32_t r = ntohl(check_single(priv, ip, wl.suffix)); |
| 856 int32_t v = (int32_t)0x7f000000; | 856 uint32_t v = (uint32_t)0x7f000000; |
| 857 int32_t m = (int32_t)0xffff0000; | 857 uint32_t m = (uint32_t)0xffff0000; |
| 858 int32_t m2 = (int32_t)0x000000ff; | 858 uint32_t m2 = (uint32_t)0x000000ff; |
| 859 if ((r & m) == v) { | 859 if ((r & m) == v) { |
| 860 int32_t l = r & m2; | 860 uint32_t l = r & m2; |
| 861 if (l >= wl.level) return true; | 861 if ((int)l >= wl.level) return true; |
| 862 } | 862 } |
| 863 return false; | 863 return false; |
| 864 } | 864 } |
| 865 | 865 |
| 866 | 866 |