INN commit: trunk (control/controlchan.in m4/perl.m4)

INN Commit rra at isc.org
Mon Jul 11 14:12:18 UTC 2011


    Date: Monday, July 11, 2011 @ 07:12:18
  Author: iulius
Revision: 9238

controlchan:  impose a date cutoff, block the replay of old control articles

controlchan now requires DateTime::Format::Mail to parse dates.
Otherwise, with the new Injection-Date: header field, old control articles
could be maliciously reinjected into Usenet, and replayed.

The Injection-Date: header of old control articles is not always signed...

controlchan now imposes a date cutoff.


According to RFC 5537, a relaying agent processes an article as follows:

  2.  It MUST examine the Injection-Date header field or, if absent,
      the Date header field, and reject the article if that date is
      more than 24 hours into the future.  It MAY reject articles with
      dates in the future with a smaller margin than 24 hours.

That is to say that the Date: header field can be set to anything when
an Injection-Date header field exists.

Modified:
  trunk/control/controlchan.in
  trunk/m4/perl.m4

------------------------+
 control/controlchan.in |   45 +++++++++++++++++++++++++++++++++++++++++++--
 m4/perl.m4             |    1 +
 2 files changed, 44 insertions(+), 2 deletions(-)

Modified: control/controlchan.in
===================================================================
--- control/controlchan.in	2011-07-11 09:39:33 UTC (rev 9237)
+++ control/controlchan.in	2011-07-11 14:12:18 UTC (rev 9238)
@@ -30,8 +30,9 @@
 ##     :<pathbin>/controlchan
 
 require 5.004_03;
+use DateTime::Format::Mail;
+use Encode;
 use MIME::Parser;
-use Encode;
 use strict;
 
 delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
@@ -106,6 +107,46 @@
         next;
     }
 
+    # Make sure old control articles are not replayed.
+    # Use a loose date parser (not strict).
+    my ($postingdate, $injectiondate);
+    my $dateparser = DateTime::Format::Mail->new( 'loose' => 1 );
+    my $currentdate = DateTime->now();
+
+    # Parse date header fields.  We will take the oldest date.
+    if ($hdr{'date'}) {
+        $postingdate = $dateparser->parse_datetime($hdr{'date'});
+    } else {
+        logmsg('Missing Date: header field');
+        $parser->filer->purge;
+        next;
+    }
+    if ($hdr{'injection-date'}) {
+        $injectiondate = $dateparser->parse_datetime($hdr{'injection-date'});
+    } else {
+        $injectiondate = $postingdate;
+    }
+
+    my $articledate = ($postingdate < $injectiondate) ? $postingdate : $injectiondate;
+
+    my $mindate = $currentdate->clone->subtract( 'days' => $INN::Config::artcutoff );
+    my $maxdate = $currentdate->clone->add( 'days' => 1 );
+
+    if ($articledate > $maxdate) {
+        logmsg('Control article injected or posted in the future ('
+               . $articledate->datetime() . ')');
+        $parser->filer->purge;
+        next;
+    }
+
+    if ($INN::Config::artcutoff > 0 && $articledate < $mindate) {
+        logmsg('Control article too old ('
+               . $articledate->datetime() . '), artcutoff set to '
+               . $INN::Config::artcutoff . ' days');
+        $parser->filer->purge;
+        next;
+    }
+
     $curmsgid = $hdr{'message-id'};
     my $sender = cleanaddr($hdr{'sender'} || $hdr{'from'});
     my $replyto = cleanaddr($hdr{'reply-to'} || $hdr{'from'});
@@ -208,7 +249,7 @@
     my ($article, $hdr) = @_;
     my ($h, $buffer);
     my %uniquehdr = map { $_ => 1 } qw(approved control date followup-to
-        from message-id newsgroups path reply-to sender subject);
+        from injection-date message-id newsgroups path reply-to sender subject);
 
     my $head = $article->head;
 

Modified: m4/perl.m4
===================================================================
--- m4/perl.m4	2011-07-11 09:39:33 UTC (rev 9237)
+++ m4/perl.m4	2011-07-11 14:12:18 UTC (rev 9238)
@@ -48,6 +48,7 @@
 dnl We also check for useful Perl modules.
 INN_PATH_PROG_ENSURE([PERL], [perl])
 _INN_PERL_VERSION(5.004_03)
+INN_PERL_MODULE([DateTime::Format::Mail], [controlchan])
 INN_PERL_MODULE([Encode], [controlchan])
 INN_PERL_MODULE([GD], [innreport's HTML output])
 INN_PERL_MODULE([MIME::Parser], [controlchan])




More information about the inn-committers mailing list