From ce336ea1afd8d5f6b79d36fc7ec4313f3d80146b Mon Sep 17 00:00:00 2001
From: Jeremy Harris <jgh146exb@wizmail.org>
Date: Thu, 7 Dec 2023 19:59:35 +0000
Subject: [PATCH] Handle expansion fails in router "set" options.  Bug 3058

---
 doc/doc-docbook/spec.xfpt    |  1 +
 doc/doc-txt/ChangeLog        |  4 ++++
 src/src/route.c              | 18 +++++++++++-------
 test/confs/0606              | 15 +++++++++++++++
 test/log/0606                |  4 ++++
 test/mail/0606.b             |  3 +--
 test/scripts/0000-Basic/0606 |  2 +-
 7 files changed, 37 insertions(+), 10 deletions(-)

diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index dc8f5cc4d..0007d255e 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -25918,6 +25918,7 @@ permits this.
 .cindex "line length" limit
 This option sets the maximum line length, in bytes, that the transport
 will send.  Any messages with lines exceeding the given value
+(before a transport filter, if any)
 will fail and a failure-DSN ("bounce") message will if possible be returned
 to the sender.
 The default value is that defined by the SMTP standards.
diff --git a/doc/doc-txt/ChangeLog b/doc/doc-txt/ChangeLog
index 2d82df43d..85064cc8d 100644
--- a/doc/doc-txt/ChangeLog
+++ b/doc/doc-txt/ChangeLog
@@ -49,6 +49,10 @@ JH/09 Bug 3057: Add heuristic for spotting mistyped IPv6 addresses in lists
       documentation, the error results by default in a no-match result for the
       list.  It is logged if the unknown_in_list log_selector is used.
 
+JH/10 Bug 3058: Ensure that a failing expansion in a router "set" option defers
+      the routing operation.  Previously it would silently stop routing the
+      message.
+
 
 
 Exim version 4.97
diff --git a/src/src/route.c b/src/src/route.c
index 0bd87b837..3401f15b4 100644
--- a/src/src/route.c
+++ b/src/src/route.c
@@ -1492,7 +1492,11 @@ for (uschar * ele; (ele = string_nextinlist(&varlist, &sep, NULL, 0)); )
       {
       addr->message = string_sprintf("expansion of \"%s\" failed "
 	"in %s router: %s", ele, r->name, expand_string_message);
-      return DEFER;
+      /* Caller will replace that for logging, if a DB lookup, to avoid exposing
+      passwords */
+      DEBUG(D_route) debug_printf("%s\n", addr->message);
+      if (!f.search_find_defer)
+      return f.search_find_defer ? DEFER : FAIL;
       }
 
   if (!(node = tree_search(*root, name)))
@@ -1546,8 +1550,8 @@ route_address(address_item *addr, address_item **paddr_local,
 {
 int yield = OK;
 BOOL unseen;
-router_instance *r, *nextr;
-const uschar *old_domain = addr->domain;
+router_instance * r, * nextr;
+const uschar * old_domain = addr->domain;
 
 HDEBUG(D_route)
   {
@@ -1561,8 +1565,8 @@ instead of at the first router. */
 
 for (r = addr->start_router ? addr->start_router : routers; r; r = nextr)
   {
-  uschar *error;
-  struct passwd *pw = NULL;
+  uschar * error;
+  struct passwd * pw = NULL;
   struct passwd pwcopy;
   BOOL loop_detected = FALSE;
   BOOL more;
@@ -1736,11 +1740,11 @@ for (r = addr->start_router ? addr->start_router : routers; r; r = nextr)
   router traversal.  On the addr string they are held as a variable tree, so
   as to maintain the post-expansion taints separate. */
 
-  switch (set_router_vars(addr, r))
+  switch (rc = set_router_vars(addr, r))
     {
     case OK:	break;
     case PASS:	continue;		/* with next router */
-    default:	 goto ROUTE_EXIT;
+    default: 	yield = rc; goto ROUTE_EXIT;
     }
 
   /* Finally, expand the address_data field in the router. Forced failure
diff --git a/test/confs/0606 b/test/confs/0606
index 6388962db..63aa94897 100644
--- a/test/confs/0606
+++ b/test/confs/0606
@@ -19,10 +19,21 @@ not_smtp:
 
 begin routers
 
+dump_bounce:
+  driver =	redirect
+  senders =	:
+  data =	:blackhole:
+
 hide_verifies:
   driver =	accept
   verify_only
 
+bad:
+  driver =	accept
+  local_parts =	bad
+  set =		r_srs_domain = ${lookup mysql{wrong things
+  transport =	local_delivery
+
 alias:
   driver =	redirect
   debug_print = DEBUG: $r_r1 $r_r2
@@ -66,4 +77,8 @@ local_delivery:
   headers_add =	X-r1: <$r_r1>\nX-r2: <$r_r2>\nX-r3: <$r_r3>
 
 
+# ----- Retry -----
+begin retry
+* * F,5d,10s
+
 # End
diff --git a/test/log/0606 b/test/log/0606
index 58d340f03..718c2d4ff 100644
--- a/test/log/0606
+++ b/test/log/0606
@@ -1,3 +1,7 @@
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 <= CALLER@test.ex U=CALLER P=local S=sss
+1999-03-02 09:44:33 10HmaX-000000005vi-0000 ** bad@test.ex R=bad: Temporary internal error
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 => b <a@test.ex> R=user T=local_delivery
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 <= <> R=10HmaX-000000005vi-0000 U=EXIMUSER P=local S=sss
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 => :blackhole: <CALLER@test.ex> R=dump_bounce
+1999-03-02 09:44:33 10HmaY-000000005vi-0000 Completed
 1999-03-02 09:44:33 10HmaX-000000005vi-0000 Completed
diff --git a/test/mail/0606.b b/test/mail/0606.b
index cd4125850..5f9ac43a9 100644
--- a/test/mail/0606.b
+++ b/test/mail/0606.b
@@ -2,8 +2,7 @@ From bad_check@test.ex Tue Mar 02 09:44:33 1999
 Envelope-to: a@test.ex
 Received: from CALLER by the.local.host.name with local (Exim x.yz)
 	(envelope-from <CALLER@test.ex>)
-	id 10HmaX-000000005vi-0000
-	for a@test.ex;
+	id 10HmaX-000000005vi-0000;
 	Tue, 2 Mar 1999 09:44:33 +0000
 Subject: foo
 Message-Id: <E10HmaX-000000005vi-0000@the.local.host.name>
diff --git a/test/scripts/0000-Basic/0606 b/test/scripts/0000-Basic/0606
index 96d598834..5bac064d3 100644
--- a/test/scripts/0000-Basic/0606
+++ b/test/scripts/0000-Basic/0606
@@ -1,5 +1,5 @@
 # router variables
-exim -odi a
+exim -odi a bad
 Subject: foo
 
 body
-- 
2.30.2