* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim maintainers 2020 */
+/* Copyright (c) The Exim maintainers 2020 - 2022 */
+/* Copyright (c) University of Cambridge 1995 - 2020 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
#include "../exim.h"
order (note that "_" comes before the lower case letters). Some of them are
stored in the publicly visible instance block - these are flagged with the
opt_public flag. */
+#define LOFF(field) OPT_OFF(appendfile_transport_options_block, field)
optionlist appendfile_transport_options[] = {
#ifdef SUPPORT_MAILDIR
- { "*expand_maildir_use_size_file", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, expand_maildir_use_size_file) },
+ { "*expand_maildir_use_size_file", opt_stringptr, LOFF(expand_maildir_use_size_file) },
#endif
- { "*set_use_fcntl_lock",opt_bool | opt_hidden,
- (void *)offsetof(appendfile_transport_options_block, set_use_fcntl) },
- { "*set_use_flock_lock",opt_bool | opt_hidden,
- (void *)offsetof(appendfile_transport_options_block, set_use_flock) },
- { "*set_use_lockfile", opt_bool | opt_hidden,
- (void *)offsetof(appendfile_transport_options_block, set_use_lockfile) },
+ { "*set_use_fcntl_lock",opt_bool | opt_hidden, LOFF(set_use_fcntl) },
+ { "*set_use_flock_lock",opt_bool | opt_hidden, LOFF(set_use_flock) },
+ { "*set_use_lockfile", opt_bool | opt_hidden, LOFF(set_use_lockfile) },
#ifdef SUPPORT_MBX
- { "*set_use_mbx_lock", opt_bool | opt_hidden,
- (void *)offsetof(appendfile_transport_options_block, set_use_mbx_lock) },
+ { "*set_use_mbx_lock", opt_bool | opt_hidden, LOFF(set_use_mbx_lock) },
#endif
- { "allow_fifo", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, allow_fifo) },
- { "allow_symlink", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, allow_symlink) },
- { "batch_id", opt_stringptr | opt_public,
- (void *)offsetof(transport_instance, batch_id) },
- { "batch_max", opt_int | opt_public,
- (void *)offsetof(transport_instance, batch_max) },
- { "check_group", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, check_group) },
- { "check_owner", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, check_owner) },
- { "check_string", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, check_string) },
- { "create_directory", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, create_directory) },
- { "create_file", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, create_file_string) },
- { "directory", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, dirname) },
- { "directory_file", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, dirfilename) },
- { "directory_mode", opt_octint,
- (void *)offsetof(appendfile_transport_options_block, dirmode) },
- { "escape_string", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, escape_string) },
- { "file", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, filename) },
- { "file_format", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, file_format) },
- { "file_must_exist", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, file_must_exist) },
- { "lock_fcntl_timeout", opt_time,
- (void *)offsetof(appendfile_transport_options_block, lock_fcntl_timeout) },
- { "lock_flock_timeout", opt_time,
- (void *)offsetof(appendfile_transport_options_block, lock_flock_timeout) },
- { "lock_interval", opt_time,
- (void *)offsetof(appendfile_transport_options_block, lock_interval) },
- { "lock_retries", opt_int,
- (void *)offsetof(appendfile_transport_options_block, lock_retries) },
- { "lockfile_mode", opt_octint,
- (void *)offsetof(appendfile_transport_options_block, lockfile_mode) },
- { "lockfile_timeout", opt_time,
- (void *)offsetof(appendfile_transport_options_block, lockfile_timeout) },
- { "mailbox_filecount", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, mailbox_filecount_string) },
- { "mailbox_size", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, mailbox_size_string) },
+ { "allow_fifo", opt_bool, LOFF(allow_fifo) },
+ { "allow_symlink", opt_bool, LOFF(allow_symlink) },
+ { "batch_id", opt_stringptr | opt_public, OPT_OFF(transport_instance, batch_id) },
+ { "batch_max", opt_int | opt_public, OPT_OFF(transport_instance, batch_max) },
+ { "check_group", opt_bool, LOFF(check_group) },
+ { "check_owner", opt_bool, LOFF(check_owner) },
+ { "check_string", opt_stringptr, LOFF(check_string) },
+ { "create_directory", opt_bool, LOFF(create_directory) },
+ { "create_file", opt_stringptr, LOFF(create_file_string) },
+ { "directory", opt_stringptr, LOFF(dirname) },
+ { "directory_file", opt_stringptr, LOFF(dirfilename) },
+ { "directory_mode", opt_octint, LOFF(dirmode) },
+ { "escape_string", opt_stringptr, LOFF(escape_string) },
+ { "file", opt_stringptr, LOFF(filename) },
+ { "file_format", opt_stringptr, LOFF(file_format) },
+ { "file_must_exist", opt_bool, LOFF(file_must_exist) },
+ { "lock_fcntl_timeout", opt_time, LOFF(lock_fcntl_timeout) },
+ { "lock_flock_timeout", opt_time, LOFF(lock_flock_timeout) },
+ { "lock_interval", opt_time, LOFF(lock_interval) },
+ { "lock_retries", opt_int, LOFF(lock_retries) },
+ { "lockfile_mode", opt_octint, LOFF(lockfile_mode) },
+ { "lockfile_timeout", opt_time, LOFF(lockfile_timeout) },
+ { "mailbox_filecount", opt_stringptr, LOFF(mailbox_filecount_string) },
+ { "mailbox_size", opt_stringptr, LOFF(mailbox_size_string) },
#ifdef SUPPORT_MAILDIR
- { "maildir_format", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, maildir_format ) } ,
- { "maildir_quota_directory_regex", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, maildir_dir_regex) },
- { "maildir_retries", opt_int,
- (void *)offsetof(appendfile_transport_options_block, maildir_retries) },
- { "maildir_tag", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, maildir_tag) },
- { "maildir_use_size_file", opt_expand_bool,
- (void *)offsetof(appendfile_transport_options_block, maildir_use_size_file ) } ,
- { "maildirfolder_create_regex", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, maildirfolder_create_regex ) },
+ { "maildir_format", opt_bool, LOFF(maildir_format ) } ,
+ { "maildir_quota_directory_regex", opt_stringptr, LOFF(maildir_dir_regex) },
+ { "maildir_retries", opt_int, LOFF(maildir_retries) },
+ { "maildir_tag", opt_stringptr, LOFF(maildir_tag) },
+ { "maildir_use_size_file", opt_expand_bool, LOFF(maildir_use_size_file ) } ,
+ { "maildirfolder_create_regex", opt_stringptr, LOFF(maildirfolder_create_regex ) },
#endif /* SUPPORT_MAILDIR */
#ifdef SUPPORT_MAILSTORE
- { "mailstore_format", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, mailstore_format ) },
- { "mailstore_prefix", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, mailstore_prefix ) },
- { "mailstore_suffix", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, mailstore_suffix ) },
+ { "mailstore_format", opt_bool, LOFF(mailstore_format ) },
+ { "mailstore_prefix", opt_stringptr, LOFF(mailstore_prefix ) },
+ { "mailstore_suffix", opt_stringptr, LOFF(mailstore_suffix ) },
#endif /* SUPPORT_MAILSTORE */
#ifdef SUPPORT_MBX
- { "mbx_format", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, mbx_format ) } ,
+ { "mbx_format", opt_bool, LOFF(mbx_format ) } ,
#endif /* SUPPORT_MBX */
- { "message_prefix", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, message_prefix) },
- { "message_suffix", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, message_suffix) },
- { "mode", opt_octint,
- (void *)offsetof(appendfile_transport_options_block, mode) },
- { "mode_fail_narrower",opt_bool,
- (void *)offsetof(appendfile_transport_options_block, mode_fail_narrower) },
- { "notify_comsat", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, notify_comsat) },
- { "quota", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, quota) },
- { "quota_directory", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, quota_directory) },
- { "quota_filecount", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, quota_filecount) },
- { "quota_is_inclusive", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, quota_is_inclusive) },
- { "quota_size_regex", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, quota_size_regex) },
- { "quota_warn_message", opt_stringptr | opt_public,
- (void *)offsetof(transport_instance, warn_message) },
- { "quota_warn_threshold", opt_stringptr,
- (void *)offsetof(appendfile_transport_options_block, quota_warn_threshold) },
- { "use_bsmtp", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, use_bsmtp) },
- { "use_crlf", opt_bool,
- (void *)offsetof(appendfile_transport_options_block, use_crlf) },
- { "use_fcntl_lock", opt_bool_set,
- (void *)offsetof(appendfile_transport_options_block, use_fcntl) },
- { "use_flock_lock", opt_bool_set,
- (void *)offsetof(appendfile_transport_options_block, use_flock) },
- { "use_lockfile", opt_bool_set,
- (void *)offsetof(appendfile_transport_options_block, use_lockfile) },
+ { "message_prefix", opt_stringptr, LOFF(message_prefix) },
+ { "message_suffix", opt_stringptr, LOFF(message_suffix) },
+ { "mode", opt_octint, LOFF(mode) },
+ { "mode_fail_narrower",opt_bool, LOFF(mode_fail_narrower) },
+ { "notify_comsat", opt_bool, LOFF(notify_comsat) },
+ { "quota", opt_stringptr, LOFF(quota) },
+ { "quota_directory", opt_stringptr, LOFF(quota_directory) },
+ { "quota_filecount", opt_stringptr, LOFF(quota_filecount) },
+ { "quota_is_inclusive", opt_bool, LOFF(quota_is_inclusive) },
+ { "quota_size_regex", opt_stringptr, LOFF(quota_size_regex) },
+ { "quota_warn_message", opt_stringptr | opt_public, OPT_OFF(transport_instance, warn_message) },
+ { "quota_warn_threshold", opt_stringptr, LOFF(quota_warn_threshold) },
+ { "use_bsmtp", opt_bool, LOFF(use_bsmtp) },
+ { "use_crlf", opt_bool, LOFF(use_crlf) },
+ { "use_fcntl_lock", opt_bool_set, LOFF(use_fcntl) },
+ { "use_flock_lock", opt_bool_set, LOFF(use_flock) },
+ { "use_lockfile", opt_bool_set, LOFF(use_lockfile) },
#ifdef SUPPORT_MBX
- { "use_mbx_lock", opt_bool_set,
- (void *)offsetof(appendfile_transport_options_block, use_mbx_lock) },
+ { "use_mbx_lock", opt_bool_set, LOFF(use_mbx_lock) },
#endif /* SUPPORT_MBX */
};
/* Default private options block for the appendfile transport. */
appendfile_transport_options_block appendfile_transport_option_defaults = {
- NULL, /* filename */
- NULL, /* dirname */
- US"q${base62:$tod_epoch}-$inode", /* dirfilename */
- NULL, /* message_prefix (default reset in init if not bsmtp) */
- NULL, /* message_suffix (ditto) */
- US"anywhere", /* create_file_string (string value for create_file) */
- NULL, /* quota */
- NULL, /* quota_directory */
- NULL, /* quota_filecount */
- NULL, /* quota_size_regex */
- NULL, /* quota_warn_threshold */
- NULL, /* mailbox_size_string */
- NULL, /* mailbox_filecount_string */
- NULL, /* expand_maildir_use_size_file */
- US"^(?:cur|new|\\..*)$", /* maildir_dir_regex */
- NULL, /* maildir_tag */
- NULL, /* maildirfolder_create_regex */
- NULL, /* mailstore_prefix */
- NULL, /* mailstore_suffix */
- NULL, /* check_string (default changed for non-bsmtp file)*/
- NULL, /* escape_string (ditto) */
- NULL, /* file_format */
- 0, /* quota_value */
- 0, /* quota_warn_threshold_value */
- -1, /* mailbox_size_value */
- -1, /* mailbox_filecount_value */
- 0, /* quota_filecount_value */
- APPENDFILE_MODE, /* mode */
- APPENDFILE_DIRECTORY_MODE, /* dirmode */
- APPENDFILE_LOCKFILE_MODE, /* lockfile_mode */
- 30*60, /* lockfile_timeout */
- 0, /* lock_fcntl_timeout */
- 0, /* lock_flock_timeout */
- 10, /* lock_retries */
- 3, /* lock_interval */
- 10, /* maildir_retries */
- create_anywhere,/* create_file */
- 0, /* options */
- FALSE, /* allow_fifo */
- FALSE, /* allow_symlink */
- FALSE, /* check_group */
- TRUE, /* check_owner */
- TRUE, /* create_directory */
- FALSE, /* notify_comsat */
- TRUE, /* use_lockfile */
- FALSE, /* set_use_lockfile */
- TRUE, /* use_fcntl */
- FALSE, /* set_use_fcntl */
- FALSE, /* use_flock */
- FALSE, /* set_use_flock */
- FALSE, /* use_mbx_lock */
- FALSE, /* set_use_mbx_lock */
- FALSE, /* use_bsmtp */
- FALSE, /* use_crlf */
- FALSE, /* file_must_exist */
- TRUE, /* mode_fail_narrower */
- FALSE, /* maildir_format */
- FALSE, /* maildir_use_size_file */
- FALSE, /* mailstore_format */
- FALSE, /* mbx_format */
- FALSE, /* quota_warn_threshold_is_percent */
- TRUE, /* quota_is_inclusive */
- FALSE, /* quota_no_check */
- FALSE /* quota_filecount_no_check */
+ /* all non-mentioned members zero/null/false */
+ .dirfilename = US"q${base62:$tod_epoch}-$inode",
+ .create_file_string = US"anywhere",
+ .maildir_dir_regex = US"^(?:cur|new|\\..*)$",
+ .mailbox_size_value = -1,
+ .mailbox_filecount_value = -1,
+ .mode = APPENDFILE_MODE,
+ .dirmode = APPENDFILE_DIRECTORY_MODE,
+ .lockfile_mode = APPENDFILE_LOCKFILE_MODE,
+ .lockfile_timeout = 30*60,
+ .lock_retries = 10,
+ .lock_interval = 3,
+ .maildir_retries = 10,
+ .create_file = create_anywhere,
+ .check_owner = TRUE,
+ .create_directory = TRUE,
+ .notify_comsat = FALSE,
+ .use_lockfile = TRUE,
+ .use_fcntl = TRUE,
+ .mode_fail_narrower = TRUE,
+ .quota_is_inclusive = TRUE,
};
uschar *q = ob->quota;
double default_value = 0.0;
-addrlist = addrlist; /* Keep picky compilers happy */
-dummy = dummy;
-uid = uid;
-gid = gid;
-
if (ob->expand_maildir_use_size_file)
ob->maildir_use_size_file = expand_check_condition(ob->expand_maildir_use_size_file,
US"`maildir_use_size_file` in transport", tblock->name);
for (int i = 0; i < 5; i++)
{
- double d;
+ double d = default_value;
int no_check = 0;
uschar *which = NULL;
- if (q == NULL) d = default_value;
- else
+ if (q)
{
- uschar *rest;
- uschar *s = expand_string(q);
+ uschar * rest, * s;
- if (!s)
+ if (!(s = expand_string(q)))
{
*errmsg = string_sprintf("Expansion of \"%s\" in %s transport failed: "
"%s", q, tblock->name, expand_string_message);
rest += sizeof("/no_check") - 1;
}
- while (isspace(*rest)) rest++;
+ Uskip_whitespace(&rest);
- if (*rest != 0)
+ if (*rest)
{
*errmsg = string_sprintf("Malformed value \"%s\" (expansion of \"%s\") "
"in %s transport", s, q, tblock->name);
break;
case 2:
- if (d >= 2.0*1024.0*1024.0*1024.0 && sizeof(off_t) <= 4)
- which = US"quota_warn_threshold";
+ if (d >= 2.0*1024.0*1024.0*1024.0 && sizeof(off_t) <= 4)
+ which = US"quota_warn_threshold";
ob->quota_warn_threshold_value = (off_t)d;
q = ob->mailbox_size_string;
default_value = -1.0;
{
appendfile_transport_options_block *ob =
(appendfile_transport_options_block *)(tblock->options_block);
+uschar * s;
/* Set up the setup entry point, to be called in the privileged state */
/* If "create_file" is set, check that a valid option is given, and set the
integer variable. */
-if (ob->create_file_string)
+if ((s = ob->create_file_string ) && *s)
{
- int value = 0;
- if (Ustrcmp(ob->create_file_string, "anywhere") == 0)
- value = create_anywhere;
- else if (Ustrcmp(ob->create_file_string, "belowhome") == 0)
- value = create_belowhome;
- else if (Ustrcmp(ob->create_file_string, "inhome") == 0)
- value = create_inhome;
+ int val = 0;
+ if (Ustrcmp(s, "anywhere") == 0) val = create_anywhere;
+ else if (*s == '/' || Ustrcmp(s, "belowhome") == 0) val = create_belowhome;
+ else if (Ustrcmp(s, "inhome") == 0) val = create_inhome;
else
log_write(0, LOG_PANIC_DIE|LOG_CONFIG,
- "invalid value given for \"file_create\" for the %s transport: %s",
- tblock->name, ob->create_file_string);
- ob->create_file = value;
+ "invalid value given for \"create_file\" for the %s transport: '%s'",
+ tblock->name, s);
+ ob->create_file = val;
}
/* If quota_warn_threshold is set, set up default for warn_message. It may
/* Search the formats for a match */
-while ((s = string_nextinlist(&format,&sep,big_buffer,big_buffer_size)))
+/* not expanded so cannot be tainted */
+while ((s = string_nextinlist(&format, &sep, big_buffer, big_buffer_size)))
{
int slen = Ustrlen(s);
BOOL match = len >= slen && Ustrncmp(data, s, slen) == 0;
Arguments:
dirname the name of the directory
countptr where to add the file count (because this function recurses)
- regex a compiled regex to get the size from a name
+ re a compiled regex to get the size from a name
Returns: the sum of the sizes of the stattable files
zero if the directory cannot be opened
*/
off_t
-check_dir_size(const uschar * dirname, int *countptr, const pcre *regex)
+check_dir_size(const uschar * dirname, int * countptr, const pcre2_code * re)
{
DIR *dir;
off_t sum = 0;
int count = *countptr;
-struct dirent *ent;
-struct stat statbuf;
-if (!(dir = opendir(CS dirname))) return 0;
+if (!(dir = exim_opendir(dirname))) return 0;
-while ((ent = readdir(dir)))
+for (struct dirent *ent; ent = readdir(dir); )
{
uschar * path, * name = US ent->d_name;
+ struct stat statbuf;
if (Ustrcmp(name, ".") == 0 || Ustrcmp(name, "..") == 0) continue;
/* If there's a regex, try to find the size using it */
- if (regex)
+ if (re)
{
- int ovector[6];
- if (pcre_exec(regex, NULL, CS name, Ustrlen(name), 0, 0, ovector,6) >= 2)
+ pcre2_match_data * md = pcre2_match_data_create(2, pcre_gen_ctx);
+ int rc = pcre2_match(re, (PCRE2_SPTR)name, PCRE2_ZERO_TERMINATED,
+ 0, 0, md, pcre_gen_mtc_ctx);
+ PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
+ if ( rc >= 0
+ && (rc = pcre2_get_ovector_count(md)) >= 2)
{
uschar *endptr;
- off_t size = (off_t)Ustrtod(name + ovector[2], &endptr);
- if (endptr == name + ovector[3])
+ off_t size = (off_t)Ustrtod(name + ovec[2], &endptr);
+ if (endptr == name + ovec[3])
{
sum += size;
DEBUG(D_transport)
debug_printf("check_dir_size: size from %s is " OFF_T_FMT "\n", name,
size);
+ /* pcre2_match_data_free(md); gen ctx needs no free */
continue;
}
}
+ /* pcre2_match_data_free(md); gen ctx needs no free */
DEBUG(D_transport)
debug_printf("check_dir_size: regex did not match %s\n", name);
}
if ((statbuf.st_mode & S_IFMT) == S_IFREG)
sum += statbuf.st_size / statbuf.st_nlink;
else if ((statbuf.st_mode & S_IFMT) == S_IFDIR)
- sum += check_dir_size(path, &count, regex);
+ sum += check_dir_size(path, &count, re);
}
closedir(dir);
Arguments:
filename the file name
create_file the ob->create_file option
+ deliver_dir the delivery directory
Returns: TRUE if creation is permitted
*/
static BOOL
-check_creation(uschar *filename, int create_file)
+check_creation(uschar *filename, int create_file, const uschar * deliver_dir)
{
BOOL yield = TRUE;
-if (deliver_home && create_file != create_anywhere)
+if (deliver_dir && create_file != create_anywhere)
{
- int len = Ustrlen(deliver_home);
+ int len = Ustrlen(deliver_dir);
uschar *file = filename;
while (file[0] == '/' && file[1] == '/') file++;
- if (Ustrncmp(file, deliver_home, len) != 0 || file[len] != '/' ||
- ( Ustrchr(file+len+2, '/') != NULL &&
- (
- create_file != create_belowhome ||
- Ustrstr(file+len, "/../") != NULL
- )
- )
+ if ( Ustrncmp(file, deliver_dir, len) != 0
+ || file[len] != '/'
+ || Ustrchr(file+len+2, '/') != NULL
+ && ( create_file != create_belowhome
+ || Ustrstr(file+len, "/../") != NULL
+ )
) yield = FALSE;
/* If yield is TRUE, the file name starts with the home directory, and does
if (rp)
{
uschar hdbuffer[PATH_MAX+1];
- uschar *rph = deliver_home;
+ const uschar * rph = deliver_dir;
int rlen = Ustrlen(big_buffer);
- if ((rp = US realpath(CS deliver_home, CS hdbuffer)))
+ if ((rp = US realpath(CS deliver_dir, CS hdbuffer)))
{
rph = hdbuffer;
len = Ustrlen(rph);
{
yield = FALSE;
DEBUG(D_transport) debug_printf("Real path \"%s\" does not match \"%s\"\n",
- big_buffer, deliver_home);
+ big_buffer, deliver_dir);
}
}
}
appendfile_transport_options_block *ob =
(appendfile_transport_options_block *)(tblock->options_block);
struct stat statbuf;
+const uschar * deliver_dir;
uschar *fdname = NULL;
uschar *filename = NULL;
uschar *hitchname = NULL;
expand_string_message);
goto ret_panic;
}
-if (is_tainted(path))
- {
- addr->message = string_sprintf("Tainted '%s' (file or directory "
- "name for %s transport) not permitted", path, tblock->name);
- goto ret_panic;
- }
if (path[0] != '/')
{
return FALSE;
}
+/* If an absolute path was given for create_file the it overrides deliver_home
+(here) and de-taints the filename (below, after check_creation() */
+
+deliver_dir = *ob->create_file_string == '/'
+ ? ob->create_file_string : deliver_home;
+
/* Handle the case of a file name. If the file name is /dev/null, we can save
ourselves some effort and just give a success return right away. */
}
/* Set the name of the file to be opened, and the file to which the data
- is written, and find out if we are permitted to create a non-existent file. */
+ is written, and find out if we are permitted to create a non-existent file.
+ If the create_file option is an absolute path and the file was within it,
+ de-taint. Chaeck for a tainted path. */
+ if ( (allow_creation_here = check_creation(path, ob->create_file, deliver_dir))
+ && ob->create_file == create_belowhome)
+ if (is_tainted(path))
+ {
+ DEBUG(D_transport) debug_printf("de-tainting path '%s'\n", path);
+ path = string_copy_taint(path, GET_UNTAINTED);
+ }
+
+ if (is_tainted(path)) goto tainted_ret_panic;
dataname = filename = path;
- allow_creation_here = check_creation(filename, ob->create_file);
/* If ob->create_directory is set, attempt to create the directories in
which this mailbox lives, but only if we are permitted to create the file
if (ob->create_directory && allow_creation_here)
{
uschar *p = Ustrrchr(path, '/');
- *p = '\0';
- if (!directory_make(NULL, path, ob->dirmode, FALSE))
+ p = string_copyn(path, p - path);
+ if (!directory_make(NULL, p, ob->dirmode, FALSE))
{
addr->basic_errno = errno;
addr->message =
string_sprintf("failed to create directories for %s: %s", path,
- strerror(errno));
+ exim_errstr(errno));
DEBUG(D_transport) debug_printf("%s transport: %s\n", tblock->name, path);
return FALSE;
}
- *p = '/';
}
/* If file_format is set we must check that any existing file matches one of
if (statbuf.st_nlink != 1)
{
addr->basic_errno = ERRNO_NOTREGULAR;
- addr->message = string_sprintf("mailbox %s%s has too many links (%d)",
- filename, islink ? " (symlink)" : "", statbuf.st_nlink);
+ addr->message = string_sprintf("mailbox %s%s has too many links (%lu)",
+ filename, islink ? " (symlink)" : "", (unsigned long)statbuf.st_nlink);
goto RETURN;
}
else
{
- uschar *check_path = path; /* Default quota check path */
- const pcre *regex = NULL; /* Regex for file size from file name */
+ uschar *check_path; /* Default quota check path */
+ const pcre2_code * re = NULL; /* Regex for file size from file name */
- if (!check_creation(string_sprintf("%s/any", path), ob->create_file))
+ if (!check_creation(string_sprintf("%s/any", path),
+ ob->create_file, deliver_dir))
{
addr->basic_errno = ERRNO_BADCREATE;
addr->message = string_sprintf("tried to create file in %s, but "
goto RETURN;
}
+ /* If the create_file option is an absolute path and the file was within
+ it, de-taint. Otherwise check for taint. */
+
+ if (is_tainted(path))
+ if (ob->create_file == create_belowhome)
+ {
+ DEBUG(D_transport) debug_printf("de-tainting path '%s'\n", path);
+ path = string_copy_taint(path, GET_UNTAINTED);
+ }
+ else
+ goto tainted_ret_panic;
+
+ check_path = path;
+
#ifdef SUPPORT_MAILDIR
/* For a maildir delivery, ensure that all the relevant directories exist,
and a maildirfolder file if necessary. */
if (ob->quota_value > 0 || THRESHOLD_CHECK || ob->maildir_use_size_file)
{
- const uschar *error;
- int offset;
-
/* Compile the regex if there is one. */
if (ob->quota_size_regex)
{
- if (!(regex = pcre_compile(CS ob->quota_size_regex, PCRE_COPT,
- CCSS &error, &offset, NULL)))
- {
- addr->message = string_sprintf("appendfile: regular expression "
- "error: %s at offset %d while compiling %s", error, offset,
- ob->quota_size_regex);
+ if (!(re = regex_compile(ob->quota_size_regex,
+ MCS_NOFLAGS, &addr->message, pcre_gen_cmp_ctx)))
return FALSE;
- }
+
DEBUG(D_transport) debug_printf("using regex for file sizes: %s\n",
ob->quota_size_regex);
}
{
uschar *new_check_path = string_copy(check_path);
uschar *slash = Ustrrchr(new_check_path, '/');
- if (slash != NULL)
+ if (slash)
{
- if (slash[1] == 0)
+ if (!slash[1])
{
*slash = 0;
slash = Ustrrchr(new_check_path, '/');
}
- if (slash != NULL)
+ if (slash)
{
*slash = 0;
check_path = new_check_path;
#ifdef SUPPORT_MAILDIR
if (ob->maildir_use_size_file)
{
- const pcre *dir_regex = NULL;
- const uschar *error;
- int offset;
+ const pcre2_code * dir_regex = NULL;
if (ob->maildir_dir_regex)
{
int check_path_len = Ustrlen(check_path);
- if (!(dir_regex = pcre_compile(CS ob->maildir_dir_regex, PCRE_COPT,
- CCSS &error, &offset, NULL)))
- {
- addr->message = string_sprintf("appendfile: regular expression "
- "error: %s at offset %d while compiling %s", error, offset,
- ob->maildir_dir_regex);
+ if (!(dir_regex = regex_compile(ob->maildir_dir_regex,
+ MCS_NOFLAGS, &addr->message, pcre_gen_cmp_ctx)))
return FALSE;
- }
DEBUG(D_transport)
debug_printf("using regex for maildir directory selection: %s\n",
{
uschar *s = path + check_path_len;
while (*s == '/') s++;
- s = (*s == 0) ? US "new" : string_sprintf("%s/new", s);
- if (pcre_exec(dir_regex, NULL, CS s, Ustrlen(s), 0, 0, NULL, 0) < 0)
+ s = *s ? string_sprintf("%s/new", s) : US"new";
+ if (!regex_match(dir_regex, s, -1, NULL))
{
disable_quota = TRUE;
DEBUG(D_transport) debug_printf("delivery directory does not match "
off_t size;
int filecount;
- if ((maildirsize_fd = maildir_ensure_sizefile(check_path, ob, regex, dir_regex,
+ if ((maildirsize_fd = maildir_ensure_sizefile(check_path, ob, re, dir_regex,
&size, &filecount)) == -1)
{
addr->basic_errno = errno;
* (void)unlink(CS string_sprintf("%s/maildirsize", check_path));
* if (THRESHOLD_CHECK)
* mailbox_size = maildir_compute_size(check_path, &mailbox_filecount, &old_latest,
- * regex, dir_regex, FALSE);
+ * re, dir_regex, FALSE);
* }
*/
count. Note that ob->quota_filecount_value cannot be set without
ob->quota_value being set. */
- if (!disable_quota &&
- (ob->quota_value > 0 || THRESHOLD_CHECK) &&
- (mailbox_size < 0 ||
- (mailbox_filecount < 0 && ob->quota_filecount_value > 0)))
+ if ( !disable_quota
+ && (ob->quota_value > 0 || THRESHOLD_CHECK)
+ && ( mailbox_size < 0
+ || mailbox_filecount < 0 && ob->quota_filecount_value > 0
+ ) )
{
off_t size;
int filecount = 0;
DEBUG(D_transport)
debug_printf("quota checks on directory %s\n", check_path);
- size = check_dir_size(check_path, &filecount, regex);
+ size = check_dir_size(check_path, &filecount, re);
if (mailbox_size < 0) mailbox_size = size;
if (mailbox_filecount < 0) mailbox_filecount = filecount;
}
uschar *basename;
(void)gettimeofday(&msg_tv, NULL);
- basename = string_sprintf(TIME_T_FMT ".H%luP" PID_T_FMT ".%s",
+ basename = string_sprintf(TIME_T_FMT ".M%luP" PID_T_FMT ".%s",
msg_tv.tv_sec, msg_tv.tv_usec, getpid(), primary_hostname);
filename = dataname = string_sprintf("tmp/%s", basename);
dataname = string_sprintf("%s.msg", mailstore_basename);
fd = Uopen(filename, O_WRONLY|O_CREAT|O_EXCL, mode);
- if (fd < 0 && /* failed to open, and */
- (errno != ENOENT || /* either not non-exist */
- !ob->create_directory || /* or not allowed to make */
- !directory_make(NULL, path, ob->dirmode, FALSE) || /* or failed to create dir */
- (fd = Uopen(filename, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0)) /* or then failed to open */
+ if ( fd < 0 /* failed to open, and */
+ && ( errno != ENOENT /* either not non-exist */
+ || !ob->create_directory /* or not allowed to make */
+ || !directory_make(NULL, path, ob->dirmode, FALSE) /* or failed to create dir */
+ || (fd = Uopen(filename, O_WRONLY|O_CREAT|O_EXCL, mode)) < 0 /* or then failed to open */
+ ) )
{
addr->basic_errno = errno;
addr->message = string_sprintf("while creating file %s", filename);
}
+if (verify_mode)
+ {
+ addr->basic_errno = errno;
+ addr->message = US"Over quota";
+ addr->transport_return = yield;
+ DEBUG(D_transport)
+ debug_printf("appendfile (verify) yields %d with errno=%d more_errno=%d\n",
+ yield, addr->basic_errno, addr->more_errno);
+
+ goto RETURN;
+ }
+
/* If we are writing in MBX format, what we actually do is to write the message
to a temporary file, and then copy it to the real file once we know its size.
This is the most straightforward way of getting the correct length in the
uschar *iptr = expand_string(nametag);
if (iptr)
{
- uschar *etag = store_get(Ustrlen(iptr) + 2, is_tainted(iptr));
+ uschar *etag = store_get(Ustrlen(iptr) + 2, iptr);
uschar *optr = etag;
for ( ; *iptr; iptr++)
if (mac_isgraph(*iptr) && *iptr != '/')
return FALSE;
+tainted_ret_panic:
+ addr->message = string_sprintf("Tainted '%s' (file or directory "
+ "name for %s transport) not permitted", path, tblock->name);
ret_panic:
addr->transport_return = PANIC;
return FALSE;
git://git.exim.org / exim.git / blobdiff