From: Wietse Venema <wietse@porcupine.org>
Date: Sun, 12 Jun 2016 05:00:00 +0000 (-0500)
Subject: postfix-3.2-20160612
X-Git-Tag: v3.2.0-RC1~24
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8c9a213e877d444cded1f89c81f5ecc1366239fa;p=thirdparty%2Fpostfix.git

postfix-3.2-20160612
---

diff --git a/postfix/HISTORY b/postfix/HISTORY
index 6f3dd54ae..ad4a2be63 100644
--- a/postfix/HISTORY
+++ b/postfix/HISTORY
@@ -22367,3 +22367,8 @@ Apologies for any names omitted.
 	cleanup/cleanup.h, cleanup/cleanup_milter.c, global/mail_proto.h,
 	milter/milter.h, smtpd/smtpd.c, smtpd/smtpd.h, smtpd/smtpd_check.c,
 	smtpd/smtpd_haproxy.c, smtpd/smtpd_milter.c, smtpd/smtpd_peer.c.
+
+20140612
+
+	Bugfix: missing server address/port conversion. File:
+	smtpd/smtpd_peer.c.
diff --git a/postfix/html/dnsblog.8.html b/postfix/html/dnsblog.8.html
index e12f8311d..8e51362e4 100644
--- a/postfix/html/dnsblog.8.html
+++ b/postfix/html/dnsblog.8.html
@@ -24,9 +24,9 @@ DNSBLOG(8)                                                          DNSBLOG(8)
        match and replies with the query arguments plus an  address  list  with
        the resulting IP addresses, separated by whitespace, and the reply TTL.
        Otherwise it replies with the query arguments  plus  an  empty  address
-       list and the reply TTL; the reply TTL is -1 if no reply is received, or
-       a negative reply without SOA record.  Finally,  The  <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a>  server
-       closes the connection.
+       list and the reply TTL; the reply TTL is -1 if there is no reply, or if
+       a negative reply contains  no  SOA  record.   Finally,  The  <a href="dnsblog.8.html"><b>dnsblog</b>(8)</a>
+       server closes the connection.
 
 <b>DIAGNOSTICS</b>
        Problems and transactions are logged to <b>syslogd</b>(8).
diff --git a/postfix/man/man8/dnsblog.8 b/postfix/man/man8/dnsblog.8
index 38c5a2474..ba95973fe 100644
--- a/postfix/man/man8/dnsblog.8
+++ b/postfix/man/man8/dnsblog.8
@@ -28,8 +28,8 @@ If the IP address is listed under the DNS white/blacklist, the
 query arguments plus an address list with the resulting IP
 addresses, separated by whitespace, and the reply TTL.
 Otherwise it replies with the query arguments plus an empty
-address list and the reply TTL; the reply TTL is \-1 if no
-reply is received, or a negative reply without SOA record.
+address list and the reply TTL; the reply TTL is \-1 if there
+is no reply, or if a negative reply contains no SOA record.
 Finally, The \fBdnsblog\fR(8) server closes the connection.
 .SH DIAGNOSTICS
 .ad
diff --git a/postfix/src/dnsblog/dnsblog.c b/postfix/src/dnsblog/dnsblog.c
index 37265f12b..5243828b6 100644
--- a/postfix/src/dnsblog/dnsblog.c
+++ b/postfix/src/dnsblog/dnsblog.c
@@ -20,8 +20,8 @@
 /*	query arguments plus an address list with the resulting IP
 /*	addresses, separated by whitespace, and the reply TTL.
 /*	Otherwise it replies with the query arguments plus an empty
-/*	address list and the reply TTL; the reply TTL is -1 if no
-/*	reply is received, or a negative reply without SOA record.
+/*	address list and the reply TTL; the reply TTL is -1 if there
+/*	is no reply, or if a negative reply contains no SOA record.
 /*	Finally, The \fBdnsblog\fR(8) server closes the connection.
 /* DIAGNOSTICS
 /*	Problems and transactions are logged to \fBsyslogd\fR(8).
diff --git a/postfix/src/global/mail_version.h b/postfix/src/global/mail_version.h
index 94268b98a..11e92caa3 100644
--- a/postfix/src/global/mail_version.h
+++ b/postfix/src/global/mail_version.h
@@ -20,7 +20,7 @@
   * Patches change both the patchlevel and the release date. Snapshots have no
   * patchlevel; they change the release date only.
   */
-#define MAIL_RELEASE_DATE	"20160611"
+#define MAIL_RELEASE_DATE	"20160612"
 #define MAIL_VERSION_NUMBER	"3.2"
 
 #ifdef SNAPSHOT
diff --git a/postfix/src/smtpd/smtpd.h b/postfix/src/smtpd/smtpd.h
index 13ea8fc1b..fdce24929 100644
--- a/postfix/src/smtpd/smtpd.h
+++ b/postfix/src/smtpd/smtpd.h
@@ -83,6 +83,8 @@ typedef struct {
     char   *dest_port;			/* Milter {daemon_port} */
     struct sockaddr_storage sockaddr;	/* binary client endpoint */
     SOCKADDR_SIZE sockaddr_len;		/* binary client endpoint */
+    struct sockaddr_storage dest_sockaddr;	/* binary local endpoint */
+    SOCKADDR_SIZE dest_sockaddr_len;	/* binary local endpoint */
     int     name_status;		/* 2=ok 4=soft 5=hard 6=forged */
     int     reverse_name_status;	/* 2=ok 4=soft 5=hard */
     int     conn_count;			/* connections from this client */
diff --git a/postfix/src/smtpd/smtpd_peer.c b/postfix/src/smtpd/smtpd_peer.c
index f1f80e921..d319f693c 100644
--- a/postfix/src/smtpd/smtpd_peer.c
+++ b/postfix/src/smtpd/smtpd_peer.c
@@ -175,6 +175,8 @@ static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
 	) {
 	MAI_HOSTADDR_STR client_addr;
 	MAI_SERVPORT_STR client_port;
+	MAI_HOSTADDR_STR server_addr;
+	MAI_SERVPORT_STR server_port;
 	int     aierr;
 	char   *colonp;
 
@@ -276,6 +278,21 @@ static int smtpd_peer_sockaddr_to_hostaddr(SMTPD_STATE *state)
 	    state->rfc_addr = mystrdup(client_addr.buf);
 	    state->addr_family = sa->sa_family;
 	}
+
+	/*
+	 * Convert the server address/port to printable form.
+	 */
+	if ((aierr = sockaddr_to_hostaddr((struct sockaddr *)
+					  &state->dest_sockaddr,
+					  state->dest_sockaddr_len,
+					  &server_addr,
+					  &server_port, 0)) != 0)
+	    msg_fatal("%s: cannot convert server address/port to string: %s",
+		      myname, MAI_STRERROR(aierr));
+	/* TODO: convert IPv4-in-IPv6 to IPv4 form. */
+	state->dest_addr = mystrdup(server_addr.buf);
+	state->dest_port = mystrdup(server_port.buf);
+
 	return (0);
     }
 
@@ -493,8 +510,6 @@ static void smtpd_peer_from_pass_attr(SMTPD_STATE *state)
 
 static void smtpd_peer_from_default(SMTPD_STATE *state)
 {
-    SOCKADDR_SIZE sa_length = sizeof(state->sockaddr);
-    struct sockaddr *sa = (struct sockaddr *) &(state->sockaddr);
 
     /*
      * The "no client" routine provides surrogate information so that the
@@ -502,13 +517,19 @@ static void smtpd_peer_from_default(SMTPD_STATE *state)
      * before the server wakes up. The "not inet" routine provides surrogate
      * state for (presumably) local IPC channels.
      */
-    if (getpeername(vstream_fileno(state->client), sa, &sa_length) < 0) {
+    state->sockaddr_len = sizeof(state->sockaddr);
+    state->dest_sockaddr_len = sizeof(state->dest_sockaddr);
+    if (getpeername(vstream_fileno(state->client),
+		    (struct sockaddr *) &state->sockaddr,
+		    &state->sockaddr_len) <0
+	|| getsockname(vstream_fileno(state->client),
+		       (struct sockaddr *) &state->dest_sockaddr,
+		       &state->dest_sockaddr_len) < 0) {
 	if (errno == ENOTSOCK)
 	    smtpd_peer_not_inet(state);
 	else
 	    smtpd_peer_no_client(state);
     } else {
-	state->sockaddr_len = sa_length;
 	if (smtpd_peer_sockaddr_to_hostaddr(state) < 0)
 	    smtpd_peer_not_inet(state);
     }