[PATCH] fix #7476: config: allow TLS policy nexthops with port

[PATCH] fix #7476: config: allow TLS policy nexthops with port

[Maksim Usmanov]

From: maks <maks@adw.es>

Postfix smtp_tls_policy_maps require an exact nexthop match. When a
transport uses an explicit port (e.g. smtp:[1.2.3.4]:25), the TLS
policy key must include the port as well.

The previous validation used a greedy regex, causing bracketed
addresses with a port to fail validation.

Handle bracketed nexthops ([host] or [host]:port) and unbracketed
nexthops (host or host:port) explicitly.

Signed-off-by: Maksim Usmanov <maks@adw.es>
---
 src/PMG/Config.pm | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

diff --git a/src/PMG/Config.pm b/src/PMG/Config.pm
index 495fe70..91fe8ac 100644
--- a/src/PMG/Config.pm
+++ b/src/PMG/Config.pm
@@ -1196,19 +1196,15 @@ sub pmg_verify_transport_domain_or_nexthop {
 
     if (pmg_verify_transport_domain($name, 1)) {
         return $name;
-    } elsif ($name =~ m/^(\S+)(?::\d+)?$/) {
-        my $nexthop = $1;
-        if ($nexthop =~ m/^\[(.*)\]$/) {
-            $nexthop = $1;
-        }
-        return $name if pmg_verify_transport_address($nexthop, 1);
-        # else fall through, because it is a failure
+    } elsif ($name =~ m/^\[([^\]]+)\](?::\d+)?$/) {
+        return $name if pmg_verify_transport_address($1, 1);
+    } elsif ($name =~ m/^([^:\s]+)(?::\d+)?$/) {
+        return $name if pmg_verify_transport_address($1, 1);
     }
 
     return undef if $noerr;
     die "value does not look like a valid domain or next-hop\n";
 }
-
 sub read_tls_policy {
     my ($filename, $fh) = @_;
 
-- 
2.53.0