From: Stephan Bosch <stephan.bosch@open-xchange.com>
Date: Sun, 21 Nov 2021 12:03:59 +0000 (+0100)
Subject: lib-smtp: smtp-dovecot - Return error from smtp_proxy_redirect_parse().
X-Git-Tag: 2.4.0~4691
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=dec583f01ede9ea7f599ac3d01ff8398e765de49;p=thirdparty%2Fdovecot%2Fcore.git

lib-smtp: smtp-dovecot - Return error from smtp_proxy_redirect_parse().
---

diff --git a/src/lib-smtp/smtp-dovecot.c b/src/lib-smtp/smtp-dovecot.c
index beb4b88d50..510091a412 100644
--- a/src/lib-smtp/smtp-dovecot.c
+++ b/src/lib-smtp/smtp-dovecot.c
@@ -22,23 +22,31 @@ bool smtp_reply_is_proxy_redirect(const struct smtp_reply *reply)
 
 int smtp_proxy_redirect_parse(const char *target, const char **destuser_r,
 			      const char **host_r, struct ip_addr *ip_r,
-			      in_port_t *port_r)
+			      in_port_t *port_r, const char **error_r)
 {
 	const char *pend;
 
+	*error_r = NULL;
+
 	/* Skip <address> part of the reply if present (RCPT reply) */
 	pend = strchr(target, ' ');
 	if (*target == '<') {
-		if (pend == NULL)
+		if (pend == NULL) {
+			*error_r = "Invalid path in redirect response";
 			return -1;
+		}
 		target = pend + 1;
 		pend = strchr(target, ' ');
 	}
 	if (pend != NULL)
 		target = t_strdup_until(target, pend);
 
-	return (auth_proxy_parse_redirect(target, destuser_r, host_r,
-					  ip_r, port_r) ? 0 : -1);
+	if (!auth_proxy_parse_redirect(target, destuser_r, host_r,
+				       ip_r, port_r)) {
+		*error_r = "Invalid redirect data";
+		return -1;
+	}
+	return 0;
 }
 
 static const char *
diff --git a/src/lib-smtp/smtp-dovecot.h b/src/lib-smtp/smtp-dovecot.h
index 8d2dace993..75352d325e 100644
--- a/src/lib-smtp/smtp-dovecot.h
+++ b/src/lib-smtp/smtp-dovecot.h
@@ -22,7 +22,7 @@ bool smtp_reply_is_proxy_redirect(const struct smtp_reply *reply);
 
 int smtp_proxy_redirect_parse(const char *target, const char **destuser_r,
 			      const char **host_r, struct ip_addr *ip_r,
-			      in_port_t *port_r);
+			      in_port_t *port_r, const char **error_r);
 
 void smtp_server_reply_redirect(struct smtp_server_cmd_ctx *cmd,
 				in_port_t default_port,
diff --git a/src/lmtp/lmtp-proxy.c b/src/lmtp/lmtp-proxy.c
index dfc6a0fa51..f5ffdaf4df 100644
--- a/src/lmtp/lmtp-proxy.c
+++ b/src/lmtp/lmtp-proxy.c
@@ -557,12 +557,12 @@ static int
 lmtp_proxy_rcpt_parse_redirect(const struct smtp_reply *proxy_reply,
 			       const char **destuser_r,
 			       const char **host_r, struct ip_addr *ip_r,
-			       in_port_t *port_r)
+			       in_port_t *port_r, const char **error_r)
 {
 	if (proxy_reply->text_lines == NULL)
 		return -1;
 	return smtp_proxy_redirect_parse(*proxy_reply->text_lines, destuser_r,
-					 host_r, ip_r, port_r);
+					 host_r, ip_r, port_r, error_r);
 }
 
 static void
@@ -699,15 +699,15 @@ lmtp_proxy_rcpt_redirect(struct lmtp_proxy_recipient *lprcpt,
 	struct smtp_server_recipient *rcpt = lrcpt->rcpt;
 	struct lmtp_proxy_connection *conn = lprcpt->conn;
 	struct lmtp_proxy_rcpt_settings set;
-	const char *host, *destuser = lrcpt->username;
+	const char *host, *destuser = lrcpt->username, *error;
 	struct ip_addr ip;
 	in_port_t port;
 
 	if (lmtp_proxy_rcpt_parse_redirect(proxy_reply, &destuser,
-					   &host, &ip, &port) < 0) {
+					   &host, &ip, &port, &error) < 0) {
 		e_error(rcpt->event,
-			"Backend server returned invalid redirect: %s",
-			smtp_reply_log(proxy_reply));
+			"Backend server returned invalid redirect '%s': %s",
+			smtp_reply_log(proxy_reply), error);
 		smtp_server_recipient_reply(rcpt, 451, "4.3.0",
 					    "Temporary internal proxy error");
 		return;
diff --git a/src/submission-login/submission-proxy.c b/src/submission-login/submission-proxy.c
index b757734c66..36dacab96c 100644
--- a/src/submission-login/submission-proxy.c
+++ b/src/submission-login/submission-proxy.c
@@ -384,13 +384,15 @@ strip_enhanced_code(const char *text, const char **enh_code_r)
 }
 
 static int
-submission_proxy_parse_redirect(const char *target, const char **userhostport_r)
+submission_proxy_parse_redirect(const char *target, const char **userhostport_r,
+				const char **error_r)
 {
 	const char *destuser, *host;
 	struct ip_addr ip;
 	in_port_t port;
 
-	if (smtp_proxy_redirect_parse(target, &destuser, &host, &ip, &port) < 0)
+	if (smtp_proxy_redirect_parse(target, &destuser, &host, &ip, &port,
+				      error_r) < 0)
 		return -1;
 
 	string_t *str = t_str_new(128);
@@ -410,13 +412,16 @@ submission_proxy_handle_redirect(struct client *client, unsigned int status,
 				 enum login_proxy_failure_type *failure_type_r,
 				 const char **text_r)
 {
+	const char *error;
+
 	if (!smtp_reply_code_is_proxy_redirect(status, enh_code))
 		return FALSE;
 
-	if (submission_proxy_parse_redirect(target, text_r) < 0) {
+	if (submission_proxy_parse_redirect(target, text_r, &error) < 0) {
 		e_debug(login_proxy_get_event(client->login_proxy),
-			"Backend server returned invalid redirect: %03u %s %s",
-			status, enh_code, target);
+			"Backend server returned invalid redirect "
+			"'%03u %s %s': %s",
+			status, enh_code, target, error);
 		*failure_type_r = LOGIN_PROXY_FAILURE_TYPE_AUTH_TEMPFAIL;
 		*text_r = "Temporary internal proxy error";
 		return TRUE;