[Minor] Some neats when working with Unix sockets

rspamd · Sep 24, 2022 · 43de82c · 43de82c
1 parent b20b81d
commit 43de82c
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 28 deletions.
diff --git a/src/fuzzy_storage.c b/src/fuzzy_storage.c
@@ -252,6 +252,10 @@ rspamd_fuzzy_check_ratelimit (struct fuzzy_session *session)
 	struct rspamd_leaky_bucket_elt *elt;
 	ev_tstamp now;
 
+	if (!session->addr) {
+		return TRUE;
+	}
+
 	if (session->ctx->ratelimit_whitelist != NULL) {
 		if (rspamd_match_radix_map_addr (session->ctx->ratelimit_whitelist,
 				session->addr) != NULL) {
@@ -358,7 +362,7 @@ rspamd_fuzzy_check_write (struct fuzzy_session *session)
 		return FALSE;
 	}
 
-	if (session->ctx->update_ips != NULL) {
+	if (session->ctx->update_ips != NULL && session->addr) {
 		if (rspamd_match_radix_map_addr (session->ctx->update_ips,
 				session->addr) == NULL) {
 			return FALSE;
@@ -870,7 +874,12 @@ rspamd_fuzzy_check_callback (struct rspamd_fuzzy_reply *result, void *ud)
 		/* function */
 		lua_rawgeti (L, LUA_REGISTRYINDEX, session->ctx->lua_post_handler_cbref);
 		/* client IP */
-		rspamd_lua_ip_push (L, session->addr);
+		if (session->addr) {
+			rspamd_lua_ip_push(L, session->addr);
+		}
+		else {
+			lua_pushnil (L);
+		}
 		/* client command */
 		lua_pushinteger (L, cmd->cmd);
 		/* command value (push as rspamd_text) */
@@ -1114,7 +1123,7 @@ rspamd_fuzzy_process_command (struct fuzzy_session *session)
 		return;
 	}
 
-	if (session->key_stat) {
+	if (session->key_stat && session->addr) {
 		ip_stat = rspamd_lru_hash_lookup (session->key_stat->last_ips,
 				session->addr, -1);
 
@@ -1575,6 +1584,13 @@ fuzzy_session_destroy (gpointer d)
 #define MSGVEC_LEN 1
 #endif
 
+union sa_union {
+	struct sockaddr sa;
+	struct sockaddr_in s4;
+	struct sockaddr_in6 s6;
+	struct sockaddr_un su;
+	struct sockaddr_storage ss;
+};
 /*
  * Accept new connection and construct task
  */
@@ -1587,7 +1603,7 @@ accept_fuzzy_socket (EV_P_ ev_io *w, int revents)
 	guint64 *nerrors;
 	struct iovec iovs[MSGVEC_LEN];
 	guint8 bufs[MSGVEC_LEN][FUZZY_INPUT_BUFLEN];
-	struct sockaddr_storage peer_sa[MSGVEC_LEN];
+	union sa_union peer_sa[MSGVEC_LEN];
 	socklen_t salen = sizeof (peer_sa[0]);
 #ifdef HAVE_RECVMMSG
 #define MSG_FIELD(msg, field) msg.msg_hdr.field
@@ -1643,13 +1659,17 @@ accept_fuzzy_socket (EV_P_ ev_io *w, int revents)
 			for (int i = 0; i < r; i ++) {
 				rspamd_inet_addr_t *client_addr;
 
-				client_addr = rspamd_inet_address_from_sa (MSG_FIELD(msg[i], msg_name),
-						MSG_FIELD(msg[i], msg_namelen));
-
-				if (!rspamd_fuzzy_check_client (worker->ctx, client_addr)) {
-					/* Disallow forbidden clients silently */
-					rspamd_inet_address_free (client_addr);
-					continue;
+				if (MSG_FIELD(msg[i], msg_namelen) >= sizeof(struct sockaddr)) {
+					client_addr = rspamd_inet_address_from_sa(MSG_FIELD(msg[i], msg_name),
+							MSG_FIELD(msg[i], msg_namelen));
+					if (!rspamd_fuzzy_check_client (worker->ctx, client_addr)) {
+						/* Disallow forbidden clients silently */
+						rspamd_inet_address_free (client_addr);
+						continue;
+					}
+				}
+				else {
+					client_addr = NULL;
 				}
 
 				session = g_malloc0 (sizeof (*session));
@@ -1676,18 +1696,20 @@ accept_fuzzy_socket (EV_P_ ev_io *w, int revents)
 					session->ctx->stat.invalid_requests ++;
 					msg_debug ("invalid fuzzy command of size %z received", r);
 
-					nerrors = rspamd_lru_hash_lookup (session->ctx->errors_ips,
-							session->addr, -1);
-
-					if (nerrors == NULL) {
-						nerrors = g_malloc (sizeof (*nerrors));
-						*nerrors = 1;
-						rspamd_lru_hash_insert (session->ctx->errors_ips,
-								rspamd_inet_address_copy(session->addr, NULL),
-								nerrors, -1, -1);
-					}
-					else {
-						*nerrors = *nerrors + 1;
+					if (session->addr) {
+						nerrors = rspamd_lru_hash_lookup(session->ctx->errors_ips,
+								session->addr, -1);
+
+						if (nerrors == NULL) {
+							nerrors = g_malloc(sizeof(*nerrors));
+							*nerrors = 1;
+							rspamd_lru_hash_insert(session->ctx->errors_ips,
+									rspamd_inet_address_copy(session->addr, NULL),
+									nerrors, -1, -1);
+						}
+						else {
+							*nerrors = *nerrors + 1;
+						}
 					}
 				}
 

diff --git a/src/libutil/addr.c b/src/libutil/addr.c
@@ -1060,6 +1060,13 @@ rspamd_inet_address_connect (const rspamd_inet_addr_t *addr, gint type,
 
 	if (addr->af == AF_UNIX) {
 		sa = (const struct sockaddr *)&addr->u.un->addr;
+
+		struct sockaddr_un ssun;
+		strcpy(ssun.sun_path, tmpnam(NULL));
+		ssun.sun_len = SUN_LEN(&ssun);
+		ssun.sun_family = AF_UNIX;
+		/* Also bind unix client sockets to allow unconnected reply from that side */
+		r = bind (fd, &ssun, ssun.sun_len);
 	}
 	else {
 		sa = &addr->u.in.addr.sa;
@@ -1249,6 +1256,9 @@ rspamd_inet_address_sendto (gint fd, const void *buf, gsize len, gint fl,
 	const struct sockaddr *sa;
 
 	if (addr == NULL) {
+#ifdef EADDRNOTAVAIL
+		errno = EADDRNOTAVAIL;
+#endif
 		return -1;
 	}
 

diff --git a/src/lua/lua_ip.c b/src/lua/lua_ip.c
@@ -588,11 +588,16 @@ rspamd_lua_ip_push (lua_State *L, rspamd_inet_addr_t *addr)
 {
 	struct rspamd_lua_ip *ip, **pip;
 
-	ip = g_malloc0 (sizeof (struct rspamd_lua_ip));
-	ip->addr = rspamd_inet_address_copy(addr, NULL);
-	pip = lua_newuserdata (L, sizeof (struct rspamd_lua_ip *));
-	rspamd_lua_setclass (L, "rspamd{ip}", -1);
-	*pip = ip;
+	if (addr) {
+		ip = g_malloc0(sizeof(struct rspamd_lua_ip));
+		ip->addr = rspamd_inet_address_copy(addr, NULL);
+		pip = lua_newuserdata(L, sizeof(struct rspamd_lua_ip *));
+		rspamd_lua_setclass(L, "rspamd{ip}", -1);
+		*pip = ip;
+	}
+	else {
+		lua_pushnil (L);
+	}
 }
 
 void

diff --git a/src/rspamd.c b/src/rspamd.c
@@ -451,6 +451,8 @@ systemd_get_socket (struct rspamd_main *rspamd_main, const gchar *fdname)
 	union {
 		struct sockaddr_storage ss;
 		struct sockaddr sa;
+		struct sockaddr_un sun;
+		struct sockaddr_in6 s6;
 	} addr_storage;
 	socklen_t slen = sizeof (addr_storage);
 	gint stype;