Thorild Selen
2003-Jul-05 09:08 UTC
Unhelpful error message when matching hosts in access list [PATCH]
Greetings,
As previously reported by me to the Debian bug tracking system:
----------------------------------------------------------------------
An access list in rsyncd.conf may contain hostnames as well as
addresses. It may contain several patterns to match against.
address_match (in access.c) does this by trying to match hostname and
address against each of the patterns until a match is found or there
are no more patterns.
1. For each failed hostname match, an address (non-hostname) match is
also attempted. If the pattern isn't a valid address (maybe because
it is a hostname that didn't match the pattern) the less helpful
error message "malformed address <foo>" is written to the log
for
every failed match. If hostname "baz" is matched against the
pattern list "foo, bar, baz" this will give two confusing error
messages "malformed address foo" "malformed address bar"
in the
log.
Suggestion: If something looks like a hostname and not like an
address (by some clever criterion), then this match either should
not be done, or the confusing error message should not be printed.
2. The "malformed address" message is written whenever getaddrinfo()
fails, ignoring the error code.
Suggestion: Instead of
rprintf(FERROR,"malformed address %s\n", tok);
use gai_strerror(3) to get a more helpful error description:
rprintf(FERROR,"error matching address %s: %s\n", tok,
gai_strerror(gai));
----------------------------------------------------------------------
Below is a patch that fixes these bugs. Seems to work just fine.
Thorild Sel?n
Datorf?reningen Update / Update Computer Club, Uppsala, SE
--- rsync-2.5.6/access.c 2003-01-20 14:46:28.000000000 +0100
+++ rsync/access.c 2003-07-04 23:59:01.000000000 +0200
@@ -93,7 +93,10 @@
if (p)
*p++ = '/';
if (gai) {
- rprintf(FERROR,"malformed address %s\n", tok);
+ rprintf(FERROR,
+ "error matching address %s: %s\n",
+ tok,
+ gai_strerror(gai));
freeaddrinfo(resa);
return 0;
}
@@ -192,6 +195,18 @@
return ret;
}
+/* Test if a string is likely to be an (IPv4 or IPv6) address */
+static int likely_address(char *s)
+{
+ size_t len = strlen(s);
+
+ return ((strspn(s, ".0123456789") == len)
+#ifdef INET6
+ || (strspn(s, ":0123456789ABCDEFabcdef") == len)
+#endif
+ );
+}
+
static int access_match(char *list, char *addr, char *host)
{
char *tok;
@@ -203,7 +218,9 @@
if (host) strlower(host);
for (tok=strtok(list2," ,\t"); tok; tok=strtok(NULL,"
,\t")) {
- if (match_hostname(host, tok) || match_address(addr, tok)) {
+ if (match_hostname(host, tok)
+ || (likely_address(tok)
+ && match_address(addr, tok))) {
free(list2);
return 1;
}
Thorild Selen
2003-Jul-05 10:15 UTC
Unhelpful error message when matching hosts in access list [PATCH]
Sorry, I missed that an address should be able to contain a slash
(used with netmask) and a % and some more stuff too if it's a scoped
IPv6 address. Here's a new patch.
Thorild Sel?n
Datorf?reningen Update / Update Computer Club, Uppsala, SE
----------------------------------------------------------------------
--- rsync/access.c 2003-01-20 14:46:28.000000000 +0100
+++ rsync-new/access.c 2003-07-05 02:02:09.000000000 +0200
@@ -93,7 +93,10 @@
if (p)
*p++ = '/';
if (gai) {
- rprintf(FERROR,"malformed address %s\n", tok);
+ rprintf(FERROR,
+ "error matching address %s: %s\n",
+ tok,
+ gai_strerror(gai));
freeaddrinfo(resa);
return 0;
}
@@ -192,6 +195,19 @@
return ret;
}
+/* Test if a string is likely to be an (IPv4 or IPv6) address */
+static int likely_address(char *s)
+{
+ size_t len = strlen(s);
+
+ return ((strspn(s, "./0123456789") == len)
+#ifdef INET6
+ || (strspn(s, "/0123456789:ABCDEFabcdef") == len)
+ || strchr(s, '%')
+#endif
+ );
+}
+
static int access_match(char *list, char *addr, char *host)
{
char *tok;
@@ -203,7 +219,9 @@
if (host) strlower(host);
for (tok=strtok(list2," ,\t"); tok; tok=strtok(NULL,"
,\t")) {
- if (match_hostname(host, tok) || match_address(addr, tok)) {
+ if (match_hostname(host, tok)
+ || (likely_address(tok)
+ && match_address(addr, tok))) {
free(list2);
return 1;
}
John Van Essen
2003-Jul-05 14:07 UTC
Unhelpful error message when matching hosts in access list [PATCH]
On Sat, 5 Jul 2003, Thorild Selen <thorild@Update.UU.SE>?wrote:>Greetings, > >As previously reported by me to the Debian bug tracking system: > >---------------------------------------------------------------------- > >An access list in rsyncd.conf may contain hostnames as well as >addresses. It may contain several patterns to match against. >address_match (in access.c) does this by trying to match hostname and >address against each of the patterns until a match is found or there >are no more patterns. > >1. For each failed hostname match, an address (non-hostname) match is >??also attempted. If the pattern isn't a valid address (maybe because >??it is a hostname that didn't match the pattern) the less helpful >??error message "malformed address <foo>" is written to the log for >??every failed match. If hostname "baz" is matched against the >??pattern list "foo, bar, baz" this will give two confusing error >??messages "malformed address foo" "malformed address bar" in the >??log. > >??Suggestion: If something looks like a hostname and not like an >??address (by some clever criterion), then this match either should >??not be done, or the confusing error message should not be printed.I had submitted a similar bug report and small patch on April 10: http://lists.samba.org/pipermail/rsync/2003-April/010404.html There were no followups to it at the time. -- John Van Essen <vanes002@umn.edu>