[Mimedefang] [Patch] relay_is_* not ipv6 friendly (IPv4 Compatible "patch")
-
kd6lvw at yahoo.com
Wed Feb 3 15:49:02 EST 2010
--- On Wed, 2/3/10, David F. Skoll <dfs at roaringpenguin.com> wrote:
> Here's my compromise on the IPv4-mapped IPv6 address question:
>
> if (tmp) {
> if (IN6_IS_ADDR_V4MAPPED(&in6sa->sin6_addr) ||
> IN6_IS_ADDR_V4COMPAT(&in6sa->sin6_addr)) {
> if (strchr(data->hostip, '.')) {
> char const *lastcolon = strrchr(data->hostip, ':');
> char *dst = data->hostip;
> while(lastcolon) {
> lastcolon++;
> *dst++ = *lastcolon;
> if (!*lastcolon) break;
> }
> }
> }
> }
Comments:
> if (strchr(data->hostip, '.')) {
This conditional is redundant. IF we have a V4 embedded address, we already know this is true (for all machine-generated text address forms).
....
char const *lastcolon = strrchr(data->hostip, ':');
if (lastcolon)
strncpy((char *)data->hostip,++lastcolon,16);
}
....
We don't need the while loop which is UNBOUNDED by length. Text IPv4 addresses are never longer than 16 characters including the terminator. With memory corruption, your while loop could run forever/indefinently, while strncpy will always terminate. If it weren't for the fact that the address source is from a library routine, I would have suggested length checking too.
I wasn't certain if the type-casting on data->hostip was needed, so I did it anyway.
> So we only do the evil hack if IN6_IS_ADDR_V4MAPPED or
> IN6_IS_ADDR_V4COMPAT returns true. I think that should be pretty
> safe... if we can't trust our system's own inet_ntop function, we're
> in trouble anyway.
I agree.
More information about the MIMEDefang
mailing list