Expansions: mask_n operator

[exim.git] / src / src / expand.c

diff --git a/src/src/expand.c b/src/src/expand.c
index 0ae2aea92568aa80569993a13c1d0d802d98e87d..83c0ad051f4daef1ea36e08d8db500922ed91bf7 100644 (file)
--- a/src/src/expand.c
+++ b/src/src/expand.c
@@ -4484,7 +4484,7 @@ f.expand_string_forcedfail = FALSE;
 expand_string_message = US"";
 
 { uschar *m;
-if (m = is_tainted2(string, LOG_MAIN|LOG_PANIC, "Tainted string '%s' in expansion", s))
+if ((m = is_tainted2(string, LOG_MAIN|LOG_PANIC, "Tainted string '%s' in expansion", s)))
   {
   expand_string_message = m;
   goto EXPAND_FAILED;
@@ -7333,11 +7333,11 @@ while (*s)
         int count;
         uschar *endptr;
         int binary[4];
-        int mask, maskoffset;
-        int type = string_is_ip_address(sub, &maskoffset);
+        int type, mask, maskoffset;
+       BOOL normalised;
         uschar buffer[64];
 
-        if (type == 0)
+        if ((type = string_is_ip_address(sub, &maskoffset)) == 0)
           {
           expand_string_message = string_sprintf("\"%s\" is not an IP address",
            sub);
@@ -7353,13 +7353,18 @@ while (*s)
 
         mask = Ustrtol(sub + maskoffset + 1, &endptr, 10);
 
-        if (*endptr != 0 || mask < 0 || mask > ((type == 4)? 32 : 128))
+        if (*endptr || mask < 0 || mask > (type == 4 ? 32 : 128))
           {
           expand_string_message = string_sprintf("mask value too big in \"%s\"",
             sub);
           goto EXPAND_FAILED;
           }
 
+       /* If an optional 'n' was given, ipv6 gets normalised output:
+       colons rather than dots, and zero-compressed. */
+
+       normalised = arg && *arg == 'n';
+
         /* Convert the address to binary integer(s) and apply the mask */
 
         sub[maskoffset] = 0;
@@ -7368,8 +7373,14 @@ while (*s)
 
         /* Convert to masked textual format and add to output. */
 
-        yield = string_catn(yield, buffer,
-          host_nmtoa(count, binary, mask, buffer, '.'));
+       if (type == 4 || !normalised)
+         yield = string_catn(yield, buffer,
+           host_nmtoa(count, binary, mask, buffer, '.'));
+       else
+         {
+         ipv6_nmtoa(binary, buffer);
+         yield = string_fmt_append(yield, "%s/%d", buffer, mask);
+         }
         continue;
         }
 
@@ -7645,10 +7656,12 @@ while (*s)
        /* Manually track tainting, as we deal in individual chars below */
 
        if (is_tainted(sub))
+          {
          if (yield->s && yield->ptr)
            gstring_rebuffer(yield);
          else
            yield->s = store_get(yield->size = Ustrlen(sub), TRUE);
+          }
 
        /* Check the UTF-8, byte-by-byte */
 
@@ -8209,6 +8222,7 @@ that is a bad idea, because expand_string_message is in dynamic store. */
 EXPAND_FAILED:
 if (left) *left = s;
 DEBUG(D_expand)
+  {
   DEBUG(D_noutf8)
     {
     debug_printf_indent("|failed to expand: %s\n", string);
@@ -8228,6 +8242,7 @@ DEBUG(D_expand)
     if (f.expand_string_forcedfail)
       debug_printf_indent(UTF8_UP_RIGHT "failure was forced\n");
     }
+  }
 if (resetok_p && !resetok) *resetok_p = FALSE;
 expand_level--;
 return NULL;