Fix another case of bad comparison between IPv6 addresses that may or

[exim.git] / src / src / verify.c

diff --git a/src/src/verify.c b/src/src/verify.c
index 2614a23e066ec428c853c1bb1f1e0bebb240fa23..b84044d0c06ea3874c626025dcde37ede2afded0 100644 (file)
--- a/src/src/verify.c
+++ b/src/src/verify.c
@@ -1,4 +1,4 @@
-/* $Cambridge: exim/src/src/verify.c,v 1.26 2005/09/06 13:17:36 ph10 Exp $ */
+/* $Cambridge: exim/src/src/verify.c,v 1.29 2005/11/28 10:07:55 ph10 Exp $ */
 
 /*************************************************
 *     Exim - an Internet mail transport agent    *
@@ -410,18 +410,22 @@ for (host = host_list; host != NULL && !done; host = host->next)
 
   host_af = (Ustrchr(host->address, ':') == NULL)? AF_INET:AF_INET6;
 
-  /* Expand and interpret the interface and port strings. This has to
-  be delayed till now, because they may expand differently for different
-  hosts. If there's a failure, log it, but carry on with the defaults. */
+  /* Expand and interpret the interface and port strings. The latter will not
+  be used if there is a host-specific port (e.g. from a manualroute router).
+  This has to be delayed till now, because they may expand differently for
+  different hosts. If there's a failure, log it, but carry on with the
+  defaults. */
 
   deliver_host = host->name;
   deliver_host_address = host->address;
   deliver_domain = addr->domain;
+
   if (!smtp_get_interface(tf->interface, host_af, addr, NULL, &interface,
           US"callout") ||
       !smtp_get_port(tf->port, addr, &port, US"callout"))
     log_write(0, LOG_MAIN|LOG_PANIC, "<%s>: %s", addr->address,
       addr->message);
+
   deliver_host = deliver_host_address = NULL;
   deliver_domain = save_deliver_domain;
 
@@ -1987,7 +1991,7 @@ if (string_is_ip_address(ss, &maskoffset) > 0)
 semicolon = Ustrchr(ss, ';');
 
 /* If we are doing an IP address only match, then all lookups must be IP
-address lookups. */
+address lookups, even if there is no "net-". */
 
 if (isiponly)
   {
@@ -1995,13 +1999,14 @@ if (isiponly)
   }
 
 /* Otherwise, if the item is of the form net[n]-lookup;<file|query> then it is
-a lookup on a masked IP network, in textual form. The net- stuff really only
-applies to single-key lookups where the key is implicit. For query-style
-lookups the key is specified in the query. From release 4.30, the use of net-
-for query style is no longer needed, but we retain it for backward
-compatibility. */
-
-else if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
+a lookup on a masked IP network, in textual form. We obey this code even if we
+have already set iplookup, so as to skip over the "net-" prefix and to set the
+mask length. The net- stuff really only applies to single-key lookups where the
+key is implicit. For query-style lookups the key is specified in the query.
+From release 4.30, the use of net- for query style is no longer needed, but we
+retain it for backward compatibility. */
+
+if (Ustrncmp(ss, "net", 3) == 0 && semicolon != NULL)
   {
   mlen = 0;
   for (t = ss + 3; isdigit(*t); t++) mlen = mlen * 10 + *t - '0';
@@ -2104,9 +2109,7 @@ if (*t == 0)
     host_item *hh;
     for (hh = &h; hh != NULL; hh = hh->next)
       {
-      if (Ustrcmp(hh->address, (Ustrchr(hh->address, ':') == NULL)?
-        cb->host_ipv4 : cb->host_address) == 0)
-          return OK;
+      if (host_is_in_net(hh->address, cb->host_address, 0)) return OK;
       }
     return FAIL;
     }