Fix CVE-2016-1531

[exim.git] / src / src / readconf.c

diff --git a/src/src/readconf.c b/src/src/readconf.c
index 6b0f3aaf755a6deb8040f835ca11f2514cee61b9..d64721248b7b32e898d8b4011dbd5ca0f317a62d 100644 (file)
--- a/src/src/readconf.c
+++ b/src/src/readconf.c
@@ -162,6 +162,7 @@ static optionlist optionlist_config[] = {
   { "acl_smtp_starttls",        opt_stringptr,   &acl_smtp_starttls },
 #endif
   { "acl_smtp_vrfy",            opt_stringptr,   &acl_smtp_vrfy },
+  { "add_environment",          opt_stringptr,   &add_environment },
   { "admin_groups",             opt_gidlist,     &admin_groups },
   { "allow_domain_literals",    opt_bool,        &allow_domain_literals },
   { "allow_mx_to_ip",           opt_bool,        &allow_mx_to_ip },
@@ -243,8 +244,8 @@ static optionlist optionlist_config[] = {
   { "gecos_name",               opt_stringptr,   &gecos_name },
   { "gecos_pattern",            opt_stringptr,   &gecos_pattern },
 #ifdef SUPPORT_TLS
+  { "gnutls_allow_auto_pkcs11", opt_bool,        &gnutls_allow_auto_pkcs11 },
   { "gnutls_compat_mode",       opt_bool,        &gnutls_compat_mode },
-  { "gnutls_enable_pkcs11",     opt_bool,        &gnutls_enable_pkcs11 },
   /* These three gnutls_require_* options stopped working in Exim 4.80 */
   { "gnutls_require_kx",        opt_stringptr,   &gnutls_require_kx },
   { "gnutls_require_mac",       opt_stringptr,   &gnutls_require_mac },
@@ -270,6 +271,7 @@ static optionlist optionlist_config[] = {
   { "ignore_bounce_errors_after", opt_time,      &ignore_bounce_errors_after },
   { "ignore_fromline_hosts",    opt_stringptr,   &ignore_fromline_hosts },
   { "ignore_fromline_local",    opt_bool,        &ignore_fromline_local },
+  { "keep_environment",         opt_stringptr,   &keep_environment },
   { "keep_malformed",           opt_time,        &keep_malformed },
 #ifdef LOOKUP_LDAP
   { "ldap_ca_cert_dir",         opt_stringptr,   &eldap_ca_cert_dir },
@@ -2473,6 +2475,7 @@ second argument is NULL. There are some special values:
   macro_list         print a list of macro names
   +name              print a named list item
   local_scan         print the local_scan options
+  environment        print the used execution environment
 
 If the second argument is not NULL, it must be one of "router", "transport",
 "authenticator" or "macro" in which case the first argument identifies the
@@ -2614,6 +2617,25 @@ if (type == NULL)
     names_only = TRUE;
     }
 
+  else if (Ustrcmp(name, "environment") == 0)
+    {
+    if (environ)
+      {
+      uschar **p;
+      size_t n;
+      for (p = USS environ; *p; p++) ;
+      n = p - USS environ;
+      qsort(environ, p - USS environ, sizeof(*p), (__compar_fn_t) string_compare_by_pointer);
+
+      for (p = USS environ; *p; p++)
+        {
+        if (no_labels) *(Ustrchr(*p, '=')) = '\0';
+        puts(*p);
+        }
+      }
+    return;
+    }
+
   else
     {
     print_ol(find_option(name, optionlist_config, optionlist_config_size),
@@ -2927,6 +2949,15 @@ uschar *list = config_main_filelist;
 while((filename = string_nextinlist(&list, &sep, big_buffer, big_buffer_size))
        != NULL)
   {
+
+  /* To avoid confusion: Exim changes to / at the very beginning and
+   * and to $spool_directory later. */
+  if (filename[0] != '/')
+    {
+    fprintf(stderr, "-C %s: only absolute names are allowed\n", filename);
+    exit(EXIT_FAILURE);
+  }
+
   /* Cut out all the fancy processing unless specifically wanted */
 
   #if defined(CONFIGURE_FILE_USE_NODE) || defined(CONFIGURE_FILE_USE_EUID)
@@ -3362,6 +3393,11 @@ if (openssl_options != NULL)
 # endif
   }
 #endif
+
+if ((!add_environment || *add_environment == '\0') && !keep_environment)
+  log_write(0, LOG_MAIN,
+      "WARNING: purging the environment.\n"
+      " Suggested action: use keep_environment and add_environment.\n");
 }