Merge branch 'beta'

Conflicts:
	ChangeLog
	configure.ac
	doc/manual.html
	doc/rsyslog_conf.html
	plugins/imudp/imudp.c
	runtime/rsyslog.h

17 files changed, 184 insertions, 59 deletions

diff --git a/ChangeLog b/ChangeLog
index 3ac558e3..f0cbdee5 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,9 @@
 ---------------------------------------------------------------------------
-Version 4.1.2  [DEVEL] (rgerhards), 2008-11-??
+Version 4.1.2  [DEVEL] (rgerhards), 2008-12-04
 - bugfix: code did not compile without zlib
+- security bugfix: $AllowedSender was not honored, all senders were
+  permitted instead (see http://www.rsyslog.com/Article322.phtml)
+- imported other changes from 3.21.8 and 3.20.1 (see there)
 ---------------------------------------------------------------------------
 Version 4.1.1  [DEVEL] (rgerhards), 2008-11-26
 - added $PrivDropToGroup, $PrivDropToUser, $PrivDropToGroupID,
@@ -44,8 +47,11 @@ version before switching to this one.
 - bugfix: memory leak in ompgsql
   Thanks to Ken for providing the patch
 ---------------------------------------------------------------------------
-Version 3.21.8  [BETA] (rgerhards), 2008-11-??
+Version 3.21.8  [BETA] (rgerhards), 2008-12-04
 - bugfix: imklog did not compile on FreeBSD
+- security bugfix: $AllowedSender was not honored, all senders were
+  permitted instead (see http://www.rsyslog.com/Article322.phtml)
+- merged in all other changes from 3.20.1 (see there)
 ---------------------------------------------------------------------------
 Version 3.21.7  [BETA] (rgerhards), 2008-11-11
 - this is the new beta branch, based on the former 3.21.6 devel
@@ -169,13 +175,21 @@ Version 3.21.0  [DEVEL] (rgerhards), 2008-07-18
 - imported all changes from 3.18.1 until today (some quite important,
   see below)
 ---------------------------------------------------------------------------
-Version 3.20.1 [v3-stable] (rgerhards), 2008-11-??
+Version 3.20.1 [v3-stable] (rgerhards), 2008-112-04
+- security bugfix: $AllowedSender was not honored, all senders were
+  permitted instead
 - enhance: regex nomatch option "ZERO" has been added
   This allows to return the string 0 if a regular expression is
   not found. This is probably useful for storing numerical values into
   database columns.
+- bugfix: memory leak in gtls netstream driver fixed
+  memory was lost each time a TLS session was torn down. This could 
+  result in a considerable memory leak if it happened quite frequently
+  (potential system crash condition)
 - doc update: documented how to specify multiple property replacer
   options + link to new online regex generator tool added
+- minor bufgfix: very small memory leak in gtls netstream driver
+  around a handful of bytes (< 20) for each HUP
 - improved debug output for regular expressions inside property replacer
   RE's seem to be a big trouble spot and I would like to have more
   information inside the debug log. So I decided to add some additional
diff --git a/configure.ac b/configure.ac
index 8eecf2ab..e8aa644a 100644
--- a/configure.ac
+++ b/configure.ac
@@ -2,7 +2,7 @@
 # Process this file with autoconf to produce a configure script.
 
 AC_PREREQ(2.61)
-AC_INIT([rsyslog],[4.1.1],[rsyslog@lists.adiscon.com])
+AC_INIT([rsyslog],[4.1.2],[rsyslog@lists.adiscon.com])
 AM_INIT_AUTOMAKE
 AC_CONFIG_SRCDIR([ChangeLog])
 AC_CONFIG_HEADERS([config.h])
diff --git a/doc/manual.html b/doc/manual.html
index aea98dd3..63a68b4f 100644
--- a/doc/manual.html
+++ b/doc/manual.html
@@ -19,7 +19,7 @@ rsyslog support</a> available directly from the source!</p>
 <p><b>Please visit the <a href="http://www.rsyslog.com/sponsors">rsyslog sponsor's page</a>
 to honor the project sponsors or become one yourself!</b> We are very grateful for any help towards the
 project goals.</p>
-<p><b>This documentation is for version 4.1.1 (devel branch) of rsyslog.</b>
+<p><b>This documentation is for version 4.1.2 (devel branch) of rsyslog.</b>
 Visit the <i> <a href="http://www.rsyslog.com/doc-status.html">rsyslog status page</a></i></b> to obtain current
 version information and project status.
 </p><p><b>If you like rsyslog, you might
diff --git a/plugins/imgssapi/imgssapi.c b/plugins/imgssapi/imgssapi.c
index cce6c40f..fcc930ea 100644
--- a/plugins/imgssapi/imgssapi.c
+++ b/plugins/imgssapi/imgssapi.c
@@ -176,10 +176,10 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*p
 	pGSess = (gss_sess_t*) pUsrSess;
 
 	if((pGSrv->allowedMethods & ALLOWEDMETHOD_TCP) &&
-	   net.isAllowedSender(net.pAllowedSenders_TCP, addr, (char*)fromHostFQDN))
+	   net.isAllowedSender((uchar*)"TCP", addr, (char*)fromHostFQDN))
 		allowedMethods |= ALLOWEDMETHOD_TCP;
 	if((pGSrv->allowedMethods & ALLOWEDMETHOD_GSS) &&
-	   net.isAllowedSender(net.pAllowedSenders_GSS, addr, (char*)fromHostFQDN))
+	   net.isAllowedSender((uchar*)"GSS", addr, (char*)fromHostFQDN))
 		allowedMethods |= ALLOWEDMETHOD_GSS;
 	if(allowedMethods && pGSess != NULL)
 		pGSess->allowedMethods = allowedMethods;
@@ -187,6 +187,7 @@ isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void *pUsrSrv, void*p
 	return allowedMethods;
 }
 
+
 static rsRetVal
 onSessAccept(tcpsrv_t *pThis, tcps_sess_t *pSess)
 {
@@ -663,14 +664,8 @@ ENDmodExit
 BEGINafterRun
 CODESTARTafterRun
 	/* do cleanup here */
-	if (net.pAllowedSenders_TCP != NULL) {
-		net.clearAllowedSenders (net.pAllowedSenders_TCP);
-		net.pAllowedSenders_TCP = NULL;
-	}
-	if (net.pAllowedSenders_GSS != NULL) {
-		net.clearAllowedSenders (net.pAllowedSenders_GSS);
-		net.pAllowedSenders_GSS = NULL;
-	}
+	net.clearAllowedSenders((uchar*)"TCP");
+	net.clearAllowedSenders((uchar*)"GSS");
 ENDafterRun
 
 
diff --git a/plugins/imtcp/imtcp.c b/plugins/imtcp/imtcp.c
index f01a9f0f..89f1dbcf 100644
--- a/plugins/imtcp/imtcp.c
+++ b/plugins/imtcp/imtcp.c
@@ -89,7 +89,7 @@ static int
 isPermittedHost(struct sockaddr *addr, char *fromHostFQDN, void __attribute__((unused)) *pUsrSrv,
 	        void __attribute__((unused)) *pUsrSess)
 {
-	return net.isAllowedSender(net.pAllowedSenders_TCP, addr, fromHostFQDN);
+	return net.isAllowedSender((uchar*) "TCP", addr, fromHostFQDN);
 }
 
 
@@ -212,10 +212,7 @@ ENDwillRun
 BEGINafterRun
 CODESTARTafterRun
 	/* do cleanup here */
-	if(net.pAllowedSenders_TCP != NULL) {
-		net.clearAllowedSenders(net.pAllowedSenders_TCP);
-		net.pAllowedSenders_TCP = NULL;
-	}
+	net.clearAllowedSenders((uchar*)"TCP");
 ENDafterRun
 
 
diff --git a/plugins/imudp/imudp.c b/plugins/imudp/imudp.c
index a49378cf..c2d704dc 100644
--- a/plugins/imudp/imudp.c
+++ b/plugins/imudp/imudp.c
@@ -184,12 +184,13 @@ processSocket(int fd, struct sockaddr_storage *frominetPrev, int *pbIsPermitted,
 			* configured to do this).
 			* rgerhards, 2005-09-26
 			*/
-			*pbIsPermitted = net.isAllowedSender(net.pAllowedSenders_UDP,
+			*pbIsPermitted = net.isAllowedSender((uchar*)"UDP",
 			  			            (struct sockaddr *)&frominet, (char*)fromHostFQDN);
 	
 			if(!*pbIsPermitted) {
 				DBGPRINTF("%s is not an allowed sender\n", (char*)fromHostFQDN);
 				if(glbl.GetOption_DisallowWarning) {
+				       // TODO: add rate-limiter, otherwise we have a DoS
 				       errmsg.LogError(0, NO_ERRCODE, "UDP message from disallowed sender %s discarded",
 						  (char*)fromHost);
 				}
@@ -321,10 +322,7 @@ ENDwillRun
 BEGINafterRun
 CODESTARTafterRun
 	/* do cleanup here */
-	if (net.pAllowedSenders_UDP != NULL) {
-		net.clearAllowedSenders (net.pAllowedSenders_UDP);
-		net.pAllowedSenders_UDP = NULL;
-	}
+	net.clearAllowedSenders((uchar*)"UDP");
 	if(udpLstnSocks != NULL) {
 		net.closeUDPListenSockets(udpLstnSocks);
 		udpLstnSocks = NULL;
diff --git a/runtime/net.c b/runtime/net.c
index 44c9008a..1472b4db 100644
--- a/runtime/net.c
+++ b/runtime/net.c
@@ -92,6 +92,32 @@ int     ACLDontResolve = 0;       /* add hostname to acl instead of resolving it
 /* ------------------------------ begin permitted peers code ------------------------------ */
 
 
+/* sets the correct allow root pointer based on provided type
+ * rgerhards, 2008-12-01
+ */
+static inline rsRetVal
+setAllowRoot(struct AllowedSenders **ppAllowRoot, uchar *pszType)
+{
+	DEFiRet;
+
+	if(!strcmp((char*)pszType, "UDP"))
+		*ppAllowRoot = pAllowedSenders_UDP;
+	else if(!strcmp((char*)pszType, "TCP"))
+		*ppAllowRoot = pAllowedSenders_TCP;
+#ifdef USE_GSSAPI
+	else if(!strcmp((char*)pszType, "GSS"))
+		*ppAllowRoot = pAllowedSenders_GSS;
+#endif
+	else {
+		dbgprintf("program error: invalid allowed sender ID '%s', denying...\n", pszType);
+		ABORT_FINALIZE(RS_RET_CODE_ERR); /* everything is invalid for an invalid type */
+	}
+
+finalize_it:
+	RETiRet;
+}
+
+
 /* add a wildcard entry to this permitted peer. Entries are always
  * added at the tail of the list. pszStr and lenStr identify the wildcard
  * entry to be added. Note that the string is NOT \0 terminated, so
@@ -507,27 +533,32 @@ static rsRetVal AddAllowedSenderEntry(struct AllowedSenders **ppRoot, struct All
 }
 
 /* function to clear the allowed sender structure in cases where
- * it must be freed (occurs most often when HUPed.
- * TODO: reconsider recursive implementation
- * I think there is also a memory leak, because only the last entry
- * is acutally deleted... -- rgerhards, 2007-12-25
+ * it must be freed (occurs most often when HUPed).
+ * rgerhards, 2008-12-02: revamped this code when we fixed the interface
+ * definition. Now an iterative algorithm is used.
  */
-void clearAllowedSenders (struct AllowedSenders *pAllow)
+static void
+clearAllowedSenders(uchar *pszType)
 {
-	if (pAllow != NULL) {
-		if (pAllow->pNext != NULL)
-			clearAllowedSenders (pAllow->pNext);
-		else {
-			if (F_ISSET(pAllow->allowedSender.flags, ADDR_NAME))
-				free (pAllow->allowedSender.addr.HostWildcard);
-			else
-				free (pAllow->allowedSender.addr.NetAddr);
-			
-			free (pAllow);
-		}
+	struct AllowedSenders *pPrev;
+	struct AllowedSenders *pCurr;
+
+	if(setAllowRoot(&pCurr, pszType) != RS_RET_OK)
+		return;	/* if something went wrong, so let's leave */
+	
+	while(pCurr != NULL) {
+		pPrev = pCurr;
+		pCurr = pCurr->pNext;
+		/* now delete the entry we are right now processing */
+		if(F_ISSET(pPrev->allowedSender.flags, ADDR_NAME))
+			free(pPrev->allowedSender.addr.HostWildcard);
+		else
+			free(pPrev->allowedSender.addr.NetAddr);
+		free(pPrev);
 	}
 }
 
+
 /* function to add an allowed sender to the allowed sender list. The
  * root of the list is caller-provided, so it can be used for all
  * supported lists. The caller must provide a pointer to the root,
@@ -905,11 +936,15 @@ static inline int MaskCmp(struct NetAddr *pAllow, uint8_t bits, struct sockaddr
  * returns 1, if the sender is allowed, 0 otherwise.
  * rgerhards, 2005-09-26
  */
-static int isAllowedSender(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost)
+static int isAllowedSender(uchar *pszType, struct sockaddr *pFrom, const char *pszFromHost)
 {
 	struct AllowedSenders *pAllow;
-	
+	struct AllowedSenders *pAllowRoot;
+
 	assert(pFrom != NULL);
+	
+	if(setAllowRoot(&pAllowRoot, pszType) != RS_RET_OK)
+		return 0;	/* if something went wrong, we denie access - that's the better choice... */
 
 	if(pAllowRoot == NULL)
 		return 1; /* checking disabled, everything is valid! */
diff --git a/runtime/net.h b/runtime/net.h
index 0d36e824..092c3116 100644
--- a/runtime/net.h
+++ b/runtime/net.h
@@ -135,11 +135,11 @@ BEGINinterface(net) /* name must also be changed in ENDinterface macro! */
 	/* things to go away after proper modularization */
 	rsRetVal (*addAllowedSenderLine)(char* pName, uchar** ppRestOfConfLine);
 	void (*PrintAllowedSenders)(int iListToPrint);
-	void (*clearAllowedSenders) ();
+	void (*clearAllowedSenders)(uchar*);
 	void (*debugListenInfo)(int fd, char *type);
 	int *(*create_udp_socket)(uchar *hostname, uchar *LogPort, int bIsServer);
 	void (*closeUDPListenSockets)(int *finet);
-	int (*isAllowedSender)(struct AllowedSenders *pAllowRoot, struct sockaddr *pFrom, const char *pszFromHost);
+	int (*isAllowedSender)(uchar *pszType, struct sockaddr *pFrom, const char *pszFromHost);
 	rsRetVal (*getLocalHostname)(uchar**);
 	int (*should_use_so_bsdcompat)(void);
 	/* permitted peer handling should be replaced by something better (see comments above) */
@@ -149,9 +149,6 @@ BEGINinterface(net) /* name must also be changed in ENDinterface macro! */
 	/* data members - these should go away over time... TODO */
 	int    *pACLAddHostnameOnFail; /* add hostname to acl when DNS resolving has failed */
 	int    *pACLDontResolve;       /* add hostname to acl instead of resolving it to IP(s) */
-	struct AllowedSenders *pAllowedSenders_UDP;
-	struct AllowedSenders *pAllowedSenders_TCP;
-	struct AllowedSenders *pAllowedSenders_GSS;
 ENDinterface(net)
 #define netCURR_IF_VERSION 4 /* increment whenever you change the interface structure! */
 
diff --git a/runtime/netstrm.c b/runtime/netstrm.c
index 2f4a1964..ffa1c578 100644
--- a/runtime/netstrm.c
+++ b/runtime/netstrm.c
@@ -265,6 +265,17 @@ GetRemoteIP(netstrm_t *pThis, uchar **ppsz)
 }
 
 
+/* get remote addr - slim wrapper for NSD driver function */
+static rsRetVal
+GetRemAddr(netstrm_t *pThis, struct sockaddr_storage **ppAddr)
+{
+	DEFiRet;
+	ISOBJ_TYPE_assert(pThis, netstrm);
+	iRet = pThis->Drvr.GetRemAddr(pThis->pDrvrData, ppAddr);
+	RETiRet;
+}
+
+
 /* open a connection to a remote host (server).
  * rgerhards, 2008-03-19
  */
@@ -320,6 +331,7 @@ CODESTARTobjQueryInterface(netstrm)
 	pIf->AcceptConnReq = AcceptConnReq;
 	pIf->GetRemoteHName = GetRemoteHName;
 	pIf->GetRemoteIP = GetRemoteIP;
+	pIf->GetRemAddr = GetRemAddr;
 	pIf->SetDrvrMode = SetDrvrMode;
 	pIf->SetDrvrAuthMode = SetDrvrAuthMode;
 	pIf->SetDrvrPermPeers = SetDrvrPermPeers;
diff --git a/runtime/netstrm.h b/runtime/netstrm.h
index 1a97ef23..3ab790e8 100644
--- a/runtime/netstrm.h
+++ b/runtime/netstrm.h
@@ -61,8 +61,16 @@ BEGINinterface(netstrm) /* name must also be changed in ENDinterface macro! */
 	 * this interface. -- rgerhards, 2008-05-05
 	 */
 	rsRetVal (*GetSock)(netstrm_t *pThis, int *pSock);
+	rsRetVal (*GetRemAddr)(netstrm_t *pThis, struct sockaddr_storage **ppAddr);
+	/* getRemAddr() is an aid needed by the legacy ACL system. It exposes the remote
+	 * peer's socket addr structure, so that the legacy matching functions can work on
+	 * it. Note that this ties netstream drivers to things that can be implemented over
+	 * sockets - not really desirable, but not the end of the world... TODO: should be
+	 * reconsidered when a new ACL system is build. -- rgerhards, 2008-12-01
+	 */
 ENDinterface(netstrm)
-#define netstrmCURR_IF_VERSION 2 /* increment whenever you change the interface structure! */
+#define netstrmCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */
+/* interface version 3 added GetRemAddr() */
 
 /* prototypes */
 PROTOTYPEObj(netstrm);
diff --git a/runtime/netstrms.c b/runtime/netstrms.c
index 2b754ecc..6b28e7ea 100644
--- a/runtime/netstrms.c
+++ b/runtime/netstrms.c
@@ -104,6 +104,10 @@ CODESTARTobjDestruct(netstrms)
 		obj.ReleaseObj(__FILE__, pThis->pDrvrName+2, pThis->pDrvrName, (void*) &pThis->Drvr);
 		free(pThis->pDrvrName);
 	}
+	if(pThis->pszDrvrAuthMode != NULL) {
+		free(pThis->pszDrvrAuthMode);
+		pThis->pszDrvrAuthMode = NULL;
+	}
 	if(pThis->pBaseDrvrName != NULL) {
 		free(pThis->pBaseDrvrName);
 		pThis->pBaseDrvrName = NULL;
diff --git a/runtime/nsd.h b/runtime/nsd.h
index 1811f078..f0c9b9b6 100644
--- a/runtime/nsd.h
+++ b/runtime/nsd.h
@@ -27,6 +27,8 @@
 #ifndef INCLUDED_NSD_H
 #define INCLUDED_NSD_H
 
+#include <sys/socket.h>
+
 enum nsdsel_waitOp_e {
 	NSDSEL_RD = 1,
 	NSDSEL_WR = 2,
@@ -60,8 +62,16 @@ BEGINinterface(nsd) /* name must also be changed in ENDinterface macro! */
 	 * OS sockets. This interface is primarily meant as an internal aid for
 	 * those drivers that utilize the nsd_ptcp to do some of their work.
 	 */
+	rsRetVal (*GetRemAddr)(nsd_t *pThis, struct sockaddr_storage **ppAddr);
+	/* getRemAddr() is an aid needed by the legacy ACL system. It exposes the remote
+	 * peer's socket addr structure, so that the legacy matching functions can work on
+	 * it. Note that this ties netstream drivers to things that can be implemented over
+	 * sockets - not really desirable, but not the end of the world... TODO: should be
+	 * reconsidered when a new ACL system is build. -- rgerhards, 2008-12-01
+	 */
 ENDinterface(nsd)
-#define nsdCURR_IF_VERSION 3 /* increment whenever you change the interface structure! */
+#define nsdCURR_IF_VERSION 4 /* increment whenever you change the interface structure! */
+/* interface version 4 added GetRemAddr() */
 
 /* interface  for the select call */
 BEGINinterface(nsdsel) /* name must also be changed in ENDinterface macro! */
diff --git a/runtime/nsd_gtls.c b/runtime/nsd_gtls.c
index 08623da8..3a79a015 100644
--- a/runtime/nsd_gtls.c
+++ b/runtime/nsd_gtls.c
@@ -1229,7 +1229,6 @@ SetAuthMode(nsd_t *pNsd, uchar *mode)
 /* TODO: clear stored IDs! */
 
 finalize_it:
-dbgprintf("gtls auth mode %d set\n", pThis->authMode);
 	RETiRet;
 }
 
@@ -1342,6 +1341,20 @@ GetRemoteHName(nsd_t *pNsd, uchar **ppszHName)
 }
 
 
+/* Provide access to the sockaddr_storage of the remote peer. This
+ * is needed by the legacy ACL system. --- gerhards, 2008-12-01
+ */
+static rsRetVal
+GetRemAddr(nsd_t *pNsd, struct sockaddr_storage **ppAddr)
+{
+	DEFiRet;
+	nsd_gtls_t *pThis = (nsd_gtls_t*) pNsd;
+	ISOBJ_TYPE_assert(pThis, nsd_gtls);
+	iRet = nsd_ptcp.GetRemAddr(pThis->pTcp, ppAddr);
+	RETiRet;
+}
+
+
 /* get the remote host's IP address. The returned string must be freed by the
  * caller. -- rgerhards, 2008-04-25
  */
@@ -1477,6 +1490,13 @@ Rcv(nsd_t *pNsd, uchar *pBuf, ssize_t *pLenBuf)
 
 	if(pThis->lenRcvBuf == 0) { /* EOS */
 		*pLenBuf = 0;
+		/* in this case, we also need to free the receive buffer, if we
+		 * allocated one. -- rgerhards, 2008-12-03
+		 */
+		if(pThis->pszRcvBuf != NULL) {
+			free(pThis->pszRcvBuf);
+			pThis->pszRcvBuf = NULL;
+		}
 		ABORT_FINALIZE(RS_RET_CLOSED);
 	}
 
@@ -1646,6 +1666,7 @@ CODESTARTobjQueryInterface(nsd_gtls)
 	pIf->CheckConnection = CheckConnection;
 	pIf->GetRemoteHName = GetRemoteHName;
 	pIf->GetRemoteIP = GetRemoteIP;
+	pIf->GetRemAddr = GetRemAddr;
 finalize_it:
 ENDobjQueryInterface(nsd_gtls)
 
diff --git a/runtime/nsd_ptcp.c b/runtime/nsd_ptcp.c
index 4cb46380..cc531ca0 100644
--- a/runtime/nsd_ptcp.c
+++ b/runtime/nsd_ptcp.c
@@ -91,6 +91,24 @@ CODESTARTobjDestruct(nsd_ptcp)
 ENDobjDestruct(nsd_ptcp)
 
 
+/* Provide access to the sockaddr_storage of the remote peer. This
+ * is needed by the legacy ACL system. --- gerhards, 2008-12-01
+ */
+static rsRetVal
+GetRemAddr(nsd_t *pNsd, struct sockaddr_storage **ppAddr)
+{
+	nsd_ptcp_t *pThis = (nsd_ptcp_t*) pNsd;
+	DEFiRet;
+
+	ISOBJ_TYPE_assert((pThis), nsd_ptcp);
+	assert(ppAddr != NULL);
+
+	*ppAddr = &(pThis->remAddr);
+
+	RETiRet;
+}
+
+
 /* Provide access to the underlying OS socket. This is primarily
  * useful for other drivers (like nsd_gtls) who utilize ourselfs
  * for some of their functionality. -- rgerhards, 2008-04-18
@@ -320,6 +338,12 @@ AcceptConnReq(nsd_t *pNsd, nsd_t **ppNew)
 	/* construct our object so that we can use it... */
 	CHKiRet(nsd_ptcpConstruct(&pNew));
 
+	/* for the legacy ACL code, we need to preserve addr. While this is far from
+	 * begin perfect (from an abstract design perspective), we need this to prevent
+	 * breaking everything. TODO: we need to implement a new ACL module to get rid
+	 * of this function. -- rgerhards, 2008-12-01
+	 */
+	memcpy(&pNew->remAddr, &addr, sizeof(struct sockaddr_storage));
 	CHKiRet(FillRemHost(pNew, (struct sockaddr*) &addr));
 
 	/* set the new socket to non-blocking IO -TODO:do we really need to do this here? Do we always want it? */
@@ -716,6 +740,7 @@ CODESTARTobjQueryInterface(nsd_ptcp)
 	pIf->Construct = (rsRetVal(*)(nsd_t**)) nsd_ptcpConstruct;
 	pIf->Destruct = (rsRetVal(*)(nsd_t**)) nsd_ptcpDestruct;
 	pIf->Abort = Abort;
+	pIf->GetRemAddr = GetRemAddr;
 	pIf->GetSock = GetSock;
 	pIf->SetSock = SetSock;
 	pIf->SetMode = SetMode;
diff --git a/runtime/nsd_ptcp.h b/runtime/nsd_ptcp.h
index efd3ed05..b94cc018 100644
--- a/runtime/nsd_ptcp.h
+++ b/runtime/nsd_ptcp.h
@@ -24,6 +24,8 @@
 #ifndef INCLUDED_NSD_PTCP_H
 #define INCLUDED_NSD_PTCP_H
 
+#include <sys/socket.h>
+
 #include "nsd.h"
 typedef nsd_if_t nsd_ptcp_if_t; /* we just *implement* this interface */
 
@@ -32,6 +34,7 @@ struct nsd_ptcp_s {
 	BEGINobjInstance; /* Data to implement generic object - MUST be the first data element! */
 	uchar *pRemHostIP; /**< IP address of remote peer (currently used in server mode, only) */
 	uchar *pRemHostName; /**< host name of remote peer (currently used in server mode, only) */
+	struct sockaddr_storage remAddr; /**< remote addr as sockaddr - used for legacy ACL code */
 	int sock;	/**< the socket we use for regular, single-socket, operations */
 };
 
diff --git a/runtime/rsyslog.h b/runtime/rsyslog.h
index 619343bd..00290ee5 100644
--- a/runtime/rsyslog.h
+++ b/runtime/rsyslog.h
@@ -253,6 +253,7 @@ enum rsRetVal_				/** return value. All methods return this if not specified oth
 	RS_RET_ACCEPT_ERR = -2106, /**< error during accept() system call */
 	RS_RET_INVLD_TIME = -2107, /**< invalid timestamp (e.g. could not be parsed) */
 	RS_RET_NO_ZIP = -2108, /**< ZIP functionality is not present */
+	RS_RET_CODE_ERR = -2109, /**< program code (internal) error */
 
 	/* RainerScript error messages (range 1000.. 1999) */
 	RS_RET_SYSVAR_NOT_FOUND = 1001, /**< system variable could not be found (maybe misspelled) */
diff --git a/tcpsrv.c b/tcpsrv.c
index 17fd58d3..885edba3 100644
--- a/tcpsrv.c
+++ b/tcpsrv.c
@@ -308,10 +308,10 @@ static rsRetVal
 SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm)
 {
 	DEFiRet;
-	tcps_sess_t *pSess;
+	tcps_sess_t *pSess = NULL;
 	netstrm_t *pNewStrm = NULL;
 	int iSess = -1;
-	struct sockaddr_storage addr;
+	struct sockaddr_storage *addr;
 	uchar *fromHostFQDN = NULL;
 	uchar *fromHostIP = NULL;
 
@@ -335,13 +335,14 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm)
 	/* get the host name */
 	CHKiRet(netstrm.GetRemoteHName(pNewStrm, &fromHostFQDN));
 	CHKiRet(netstrm.GetRemoteIP(pNewStrm, &fromHostIP));
+	CHKiRet(netstrm.GetRemAddr(pNewStrm, &addr));
 	/* TODO: check if we need to strip the domain name here -- rgerhards, 2008-04-24 */
 
 	/* Here we check if a host is permitted to send us messages. If it isn't, we do not further
 	 * process the message but log a warning (if we are configured to do this).
 	 * rgerhards, 2005-09-26
 	 */
-	if(!pThis->pIsPermittedHost((struct sockaddr*) &addr, (char*) fromHostFQDN, pThis->pUsr, pSess->pUsr)) {
+	if(!pThis->pIsPermittedHost((struct sockaddr*) addr, (char*) fromHostFQDN, pThis->pUsr, pSess->pUsr)) {
 		dbgprintf("%s is not an allowed sender\n", fromHostFQDN);
 		if(glbl.GetOption_DisallowWarning()) {
 			errno = 0;
@@ -354,7 +355,9 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm)
 	 * means we can finally fill in the session object.
 	 */
 	CHKiRet(tcps_sess.SetHost(pSess, fromHostFQDN));
+	fromHostFQDN = NULL; /* we handed this string over */
 	CHKiRet(tcps_sess.SetHostIP(pSess, fromHostIP));
+	fromHostIP = NULL; /* we handed this string over */
 	CHKiRet(tcps_sess.SetStrm(pSess, pNewStrm));
 	pNewStrm = NULL; /* prevent it from being freed in error handler, now done in tcps_sess! */
 	CHKiRet(tcps_sess.SetMsgIdx(pSess, 0));
@@ -367,14 +370,16 @@ SessAccept(tcpsrv_t *pThis, tcps_sess_t **ppSess, netstrm_t *pStrm)
 
 	*ppSess = pSess;
 	pThis->pSessions[iSess] = pSess;
+	pSess = NULL; /* this is now also handed over */
 
 finalize_it:
 	if(iRet != RS_RET_OK) {
-		if(iSess != -1) {
-			if(pThis->pSessions[iSess] != NULL)
-				tcps_sess.Destruct(&pThis->pSessions[iSess]);
-		}
-		iSess = -1; // TODO: change this to be fully iRet compliant ;)
+		if(pSess != NULL)
+			tcps_sess.Destruct(&pSess);
+		if(fromHostFQDN != NULL)
+			free(fromHostFQDN);
+		if(fromHostIP != NULL)
+			free(fromHostIP);
 		if(pNewStrm != NULL)
 			netstrm.Destruct(&pNewStrm);
 	}