]> git.pld-linux.org Git - packages/exim.git/blob - exim-bug-1057.patch
- rel 2; add av loadbalancing (upstream bug 1057)
[packages/exim.git] / exim-bug-1057.patch
1 diff -urN exim-4.73_RC1/src/malware.c exim-4.73_RC1-new/src/malware.c
2 --- exim-4.73_RC1/src/malware.c 2010-12-23 14:19:35.000000000 +0000
3 +++ exim-4.73_RC1-new/src/malware.c     2011-01-05 09:58:34.000000000 +0000
4 @@ -12,6 +12,16 @@
5  #include "exim.h"
6  #ifdef WITH_CONTENT_SCAN
7  
8 +/* The maximum number of clamd servers that are supported in the configuration */
9 +#define MAX_CLAMD_SERVERS 32
10 +/* Maximum length of the hostname that can be specified in the clamd address list */
11 +#define MAX_CLAMD_ADDRESS_LENGTH 64
12 +
13 +typedef struct clamd_address_container {
14 +  uschar tcp_addr[MAX_CLAMD_ADDRESS_LENGTH];
15 +  unsigned int tcp_port;
16 +} clamd_address_container;
17 +
18  /* declaration of private routines */
19  static int mksd_scan_packed(int sock, uschar *scan_filename);
20  static int malware_internal(uschar **listptr, uschar *eml_filename, BOOL faking);
21 @@ -1295,7 +1305,7 @@
22       * WITH_OLD_CLAMAV_STREAM is defined.
23       * See Exim bug 926 for details.  */
24      else if (strcmpic(scanner_name,US"clamd") == 0) {
25 -      uschar *clamd_options;
26 +      uschar *clamd_options = NULL;
27        uschar clamd_options_buffer[1024];
28        uschar clamd_options_default[] = "/tmp/clamd";
29        uschar *p, *vname, *result_tag, *response_end;
30 @@ -1304,16 +1314,16 @@
31        unsigned int port;
32        uschar file_name[1024];
33        uschar av_buffer[1024];
34 -      uschar hostname[256];
35 +      uschar *hostname = "";
36        struct hostent *he;
37        struct in_addr in;
38 -      uschar *clamd_options2;
39 -      uschar clamd_options2_buffer[1024];
40 -      uschar clamd_options2_default[] = "";
41        uschar *clamav_fbuf;
42        int clam_fd, result;
43        unsigned int fsize;
44 -      BOOL use_scan_command, fits;
45 +      BOOL use_scan_command = FALSE, fits;
46 +      clamd_address_container * clamd_address_vector[MAX_CLAMD_SERVERS];
47 +      int current_server;
48 +      int num_servers = 0;
49  #ifdef WITH_OLD_CLAMAV_STREAM
50        uschar av_buffer2[1024];
51        int sockData;
52 @@ -1327,16 +1337,60 @@
53          /* no options supplied, use default options */
54          clamd_options = clamd_options_default;
55        }
56 -      if ((clamd_options2 = string_nextinlist(&av_scanner_work, &sep,
57 -                                             clamd_options2_buffer,
58 -                                             sizeof(clamd_options2_buffer))) == NULL) {
59 -        clamd_options2 = clamd_options2_default;
60 -      }
61  
62 -      if ((*clamd_options == '/') || (strcmpic(clamd_options2,US"local") == 0))
63 +      if (*clamd_options == '/')
64 +        /* Local file; so we def want to use_scan_command and don't want to try
65 +         * passing IP/port combinations */
66          use_scan_command = TRUE;
67 -      else
68 -        use_scan_command = FALSE;
69 +      else {
70 +        uschar *address = clamd_options;
71 +        uschar address_buffer[MAX_CLAMD_ADDRESS_LENGTH + 20];
72 +
73 +        /* Go through the rest of the list of host/port and construct an array
74 +         * of servers to try. The first one is the bit we just passed from
75 +         * clamd_options so process that first and then scan the remainder of
76 +         * the address buffer */
77 +        do {
78 +          clamd_address_container *this_clamd;
79 +
80 +          /* The 'local' option means use the SCAN command over the network
81 +           * socket (ie common file storage in use) */
82 +          if (strcmpic(address,US"local") == 0) {
83 +            use_scan_command = TRUE;
84 +            continue;
85 +          }
86 +
87 +          /* XXX: If unsuccessful we should free this memory */
88 +          this_clamd =
89 +              (clamd_address_container *)store_get(sizeof(clamd_address_container));
90 +
91 +          /* extract host and port part */
92 +          if( sscanf(CS address, "%" MAX_CLAMD_ADDRESS_LENGTH "s %u", this_clamd->tcp_addr,
93 +                                            &(this_clamd->tcp_port)) != 2 ) {
94 +            log_write(0, LOG_MAIN|LOG_PANIC,
95 +                      "malware acl condition: clamd: invalid address '%s'", address);
96 +            continue;
97 +          }
98 +
99 +          clamd_address_vector[num_servers] = this_clamd;
100 +          num_servers++;
101 +          if (num_servers >= MAX_CLAMD_SERVERS) {
102 +            log_write(0, LOG_MAIN|LOG_PANIC,
103 +                  "More than " MAX_CLAMD_SERVERS " clamd servers specified; "
104 +                  "only using the first " MAX_CLAMD_SERVERS );
105 +            break;
106 +          }
107 +        } while ((address = string_nextinlist(&av_scanner_work, &sep,
108 +                                        address_buffer,
109 +                                        sizeof(address_buffer))) != NULL);
110 +
111 +        /* check if we have at least one server */
112 +        if (!num_servers) {
113 +          log_write(0, LOG_MAIN|LOG_PANIC,
114 +             "malware acl condition: clamd: no useable clamd server addresses in malware configuration option.");
115 +          return DEFER;
116 +        }
117 +      }
118  
119        /* See the discussion of response formats below to see why we really don't
120        like colons in filenames when passing filenames to ClamAV. */
121 @@ -1347,45 +1401,72 @@
122         return DEFER;
123        }
124  
125 -      /* socket does not start with '/' -> network socket */
126 -      if (*clamd_options != '/') {
127 +      /* We have some network servers specified */
128 +      if (num_servers) {
129  
130          /* Confirmed in ClamAV source (0.95.3) that the TCPAddr option of clamd
131           * only supports AF_INET, but we should probably be looking to the
132           * future and rewriting this to be protocol-independent anyway. */
133  
134 -        /* extract host and port part */
135 -        if( sscanf(CS clamd_options, "%s %u", hostname, &port) != 2 ) {
136 -          log_write(0, LOG_MAIN|LOG_PANIC,
137 -                    "malware acl condition: clamd: invalid socket '%s'", clamd_options);
138 -          return DEFER;
139 -        };
140 +        while ( num_servers > 0 ) {
141 +          /* Randomly pick a server to start with */
142 +          current_server = random_number( num_servers );
143 +
144 +          debug_printf("trying server name %s, port %u\n",
145 +                       clamd_address_vector[current_server]->tcp_addr,
146 +                       clamd_address_vector[current_server]->tcp_port);
147 +
148 +          /* Lookup the host. This is to ensure that we connect to the same IP
149 +           * on both connections (as one host could resolve to multiple ips) */
150 +          if((he = gethostbyname(CS clamd_address_vector[current_server]->tcp_addr))
151 +                          == 0) {
152 +            log_write(0, LOG_MAIN|LOG_PANIC,
153 +                    "malware acl condition: clamd: failed to lookup host '%s'",
154 +                    clamd_address_vector[current_server]->tcp_addr
155 +                    );
156 +            goto try_next_server;
157 +          }
158  
159 -        /* Lookup the host */
160 -        if((he = gethostbyname(CS hostname)) == 0) {
161 -          log_write(0, LOG_MAIN|LOG_PANIC,
162 -                    "malware acl condition: clamd: failed to lookup host '%s'", hostname);
163 -          return DEFER;
164 -        }
165 +          in = *(struct in_addr *) he->h_addr_list[0];
166  
167 -        in = *(struct in_addr *) he->h_addr_list[0];
168 +          /* Open the ClamAV Socket */
169 +          if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
170 +            log_write(0, LOG_MAIN|LOG_PANIC,
171 +                      "malware acl condition: clamd: unable to acquire socket (%s)",
172 +                      strerror(errno));
173 +            goto try_next_server;
174 +          }
175  
176 -        /* Open the ClamAV Socket */
177 -        if ( (sock = ip_socket(SOCK_STREAM, AF_INET)) < 0) {
178 -          log_write(0, LOG_MAIN|LOG_PANIC,
179 -                    "malware acl condition: clamd: unable to acquire socket (%s)",
180 -                    strerror(errno));
181 -          return DEFER;
182 -        }
183 +          if (ip_connect( sock,
184 +                          AF_INET,
185 +                          (uschar*)inet_ntoa(in),
186 +                          clamd_address_vector[current_server]->tcp_port,
187 +                          5 ) > -1) {
188 +            /* Connection successfully established with a server */
189 +            hostname = clamd_address_vector[current_server]->tcp_addr;
190 +            break;
191 +          } else {
192 +            log_write(0, LOG_MAIN|LOG_PANIC,
193 +               "malware acl condition: clamd: connection to %s, port %u failed (%s)",
194 +               clamd_address_vector[current_server]->tcp_addr,
195 +               clamd_address_vector[current_server]->tcp_port,
196 +               strerror(errno));
197  
198 -        if (ip_connect(sock, AF_INET, (uschar*)inet_ntoa(in), port, 5) < 0) {
199 -          (void)close(sock);
200 -          log_write(0, LOG_MAIN|LOG_PANIC,
201 -                    "malware acl condition: clamd: connection to %s, port %u failed (%s)",
202 -                    inet_ntoa(in), port, strerror(errno));
203 -          return DEFER;
204 +            (void)close(sock);
205 +          }
206 +
207 +try_next_server:
208 +          /* Remove the server from the list. XXX We should free the memory */
209 +          num_servers--;
210 +          int i;
211 +          for( i = current_server; i < num_servers; i++ )
212 +            clamd_address_vector[i] = clamd_address_vector[i+1];
213          }
214  
215 +        if ( num_servers == 0 ) {
216 +          log_write(0, LOG_MAIN|LOG_PANIC, "malware acl condition: all clamd servers failed");
217 +            return DEFER;
218 +        }
219        } else {
220          /* open the local socket */
221          if ((sock = socket(AF_UNIX, SOCK_STREAM, 0)) < 0) {
This page took 0.07445 seconds and 4 git commands to generate.