Avoid exposing passwords in log, on failing ldap lookup expansion. Bug 165

[exim.git] / src / src / deliver.c

diff --git a/src/src/deliver.c b/src/src/deliver.c
index 5c6a983fefb51b2ceeecb12b182c76ad1269eec8..c6de1b901f81ae85db9adff8e11dbdf0a1bf6e22 100644 (file)
--- a/src/src/deliver.c
+++ b/src/src/deliver.c
@@ -1087,10 +1087,12 @@ if (addr->message)
        || Ustrstr(s, "redis")   != NULL
        || Ustrstr(s, "sqlite")  != NULL
        || Ustrstr(s, "ldap:")   != NULL
+       || Ustrstr(s, "ldaps:")  != NULL
+       || Ustrstr(s, "ldapi:")  != NULL
        || Ustrstr(s, "ldapdn:") != NULL
        || Ustrstr(s, "ldapm:")  != NULL
      )  )
-    addr->message = string_sprintf("Temporary internal error");
+    addr->message = US"Temporary internal error";
   }
 
 /* If we used a transport that has one of the "return_output" options set, and
@@ -5226,7 +5228,7 @@ Any failures cause messages to be written to the log, except for missing files
 while queue running - another process probably completed delivery. As part of
 opening the data file, message_subdir gets set. */
 
-if (!spool_open_datafile(id))
+if ((deliver_datafile = spool_open_datafile(id)) < 0)
   return continue_closedown();  /* yields DELIVER_NOT_ATTEMPTED */
 
 /* The value of message_size at this point has been set to the data length,
@@ -8091,8 +8093,17 @@ deliver_get_sender_address (uschar * id)
 int rc;
 uschar * new_sender_address,
        * save_sender_address;
+BOOL save_qr = queue_running;
 
-if (!spool_open_datafile(id))
+/* make spool_open_datafile non-noisy on fail */
+
+queue_running = TRUE;
+
+/* Side effect: message_subdir is set for the (possibly split) spool directory */
+
+deliver_datafile = spool_open_datafile(id);
+queue_running = save_qr;
+if (deliver_datafile < 0)
   return NULL;
 
 /* Save and restore the global sender_address.  I'm not sure if we should