* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) The Exim Maintainers 2020 - 2022 */
+/* Copyright (c) The Exim Maintainers 2020 - 2023 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
/* SPDX-License-Identifier: GPL-2.0-or-later */
[ACLC_DELAY] = { US"delay", TRUE, TRUE, ACL_BIT_NOTQUIT },
#ifndef DISABLE_DKIM
[ACLC_DKIM_SIGNER] = { US"dkim_signers", TRUE, FALSE, (unsigned int) ~ACL_BIT_DKIM },
- [ACLC_DKIM_STATUS] = { US"dkim_status", TRUE, FALSE, (unsigned int) ~ACL_BIT_DKIM },
+ [ACLC_DKIM_STATUS] = { US"dkim_status", TRUE, FALSE,
+ (unsigned int)
+ ~(ACL_BIT_DKIM | ACL_BIT_DATA | ACL_BIT_MIME
+# ifndef DISABLE_PRDR
+ | ACL_BIT_PRDR
+# endif
+ ),
+ },
#endif
#ifdef SUPPORT_DMARC
[ACLC_DMARC_STATUS] = { US"dmarc_status", TRUE, FALSE, (unsigned int) ~ACL_BIT_DATA },
static BOOL
acl_data_to_cond(const uschar * s, acl_condition_block * cond,
- const uschar * name, uschar ** error)
+ const uschar * name, BOOL taint, uschar ** error)
{
if (*s++ != '=')
{
return FALSE;;
}
Uskip_whitespace(&s);
-cond->arg = string_copy(s);
+cond->arg = taint ? string_copy_taint(s, GET_TAINTED) : string_copy(s);
return TRUE;
}
"endpass" has no data */
if (c != ACLC_ENDPASS)
- if (!acl_data_to_cond(s, cond, name, error)) return NULL;
+ if (!acl_data_to_cond(s, cond, name, FALSE, error)) return NULL;
}
return yield;
*/
static void
-acl_warn(int where, uschar *user_message, uschar *log_message)
+acl_warn(int where, uschar * user_message, uschar * log_message)
{
-if (log_message != NULL && log_message != user_message)
+if (log_message && log_message != user_message)
{
uschar *text;
string_item *logged;
/* If a sender verification has failed, and the log message is "sender verify
failed", add the failure message. */
- if (sender_verified_failed != NULL &&
- sender_verified_failed->message != NULL &&
- strcmpic(log_message, US"sender verify failed") == 0)
+ if ( sender_verified_failed
+ && sender_verified_failed->message
+ && strcmpic(log_message, US"sender verify failed") == 0)
text = string_sprintf("%s: %s", text, sender_verified_failed->message);
/* Search previously logged warnings. They are kept in malloc
client's HELO domain. If the client has not said HELO, use its IP address
instead. If it's a local client (exim -bs), CSA isn't applicable. */
-while (isspace(*domain) && *domain != '\0') ++domain;
+while (isspace(*domain) && *domain) ++domain;
if (*domain == '\0') domain = sender_helo_name;
if (!domain) domain = sender_host_address;
if (!sender_host_address) return CSA_UNKNOWN;
/* Extract the numerical SRV fields (p is incremented) */
+ if (rr_bad_size(rr, 3 * sizeof(uint16_t))) continue;
GETSHORT(priority, p);
GETSHORT(weight, p);
GETSHORT(port, p);
BOOL success_on_redirect = FALSE;
BOOL quota = FALSE;
int quota_pos_cache = QUOTA_POS_DEFAULT, quota_neg_cache = QUOTA_NEG_DEFAULT;
-address_item *sender_vaddr = NULL;
-uschar *verify_sender_address = NULL;
-uschar *pm_mailfrom = NULL;
-uschar *se_mailfrom = NULL;
+address_item * sender_vaddr = NULL;
+const uschar * verify_sender_address = NULL;
+uschar * pm_mailfrom = NULL;
+uschar * se_mailfrom = NULL;
/* Some of the verify items have slash-separated options; some do not. Diagnose
an error if options are given for items that don't expect them.
verify_sender_address = sender_address;
else
{
- while (isspace(*s)) s++;
- if (*s++ != '=') goto BAD_VERIFY;
- while (isspace(*s)) s++;
+ if (Uskip_whitespace(&s) != '=')
+ goto BAD_VERIFY;
+ s++;
+ Uskip_whitespace(&s);
verify_sender_address = string_copy(s);
}
}
callout = CALLOUT_TIMEOUT_DEFAULT;
if (*(ss += 7))
{
- while (isspace(*ss)) ss++;
+ Uskip_whitespace(&ss);
if (*ss++ == '=')
{
const uschar * sublist = ss;
int optsep = ',';
- while (isspace(*sublist)) sublist++;
+ Uskip_whitespace(&sublist);
for (uschar * opt; opt = string_nextinlist(&sublist, &optsep, NULL, 0); )
{
callout_opt_t * op;
if (op->has_option)
{
opt += Ustrlen(op->name);
- while (isspace(*opt)) opt++;
+ Uskip_whitespace(&opt);
if (*opt++ != '=')
{
*log_msgptr = string_sprintf("'=' expected after "
"\"%s\" in ACL verify condition \"%s\"", op->name, arg);
return ERROR;
}
- while (isspace(*opt)) opt++;
+ Uskip_whitespace(&opt);
}
if (op->timeval && (period = v_period(opt, arg, log_msgptr)) < 0)
return ERROR;
quota = TRUE;
if (*(ss += 5))
{
- while (isspace(*ss)) ss++;
+ Uskip_whitespace(&ss);
if (*ss++ == '=')
{
const uschar * sublist = ss;
int optsep = ',';
int period;
- while (isspace(*sublist)) sublist++;
+ Uskip_whitespace(&sublist);
for (uschar * opt; opt = string_nextinlist(&sublist, &optsep, NULL, 0); )
if (Ustrncmp(opt, "cachepos=", 9) == 0)
if ((period = v_period(opt += 9, arg, log_msgptr)) < 0)
break;
case ACLC_DKIM_STATUS:
- rc = match_isinlist(dkim_verify_status,
- &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
+ { /* return good for any match */
+ const uschar * s = dkim_verify_status ? dkim_verify_status : US"none";
+ int sep = 0;
+ for (uschar * ss; ss = string_nextinlist(&s, &sep, NULL, 0); )
+ if ( (rc = match_isinlist(ss, &arg,
+ 0, NULL, NULL, MCL_STRING, TRUE, NULL))
+ == OK) break;
+ }
break;
#endif
}
s++;
}
- while (isspace(*s)) s++;
+ Uskip_whitespace(&s);
if (logbits == 0) logbits = LOG_MAIN;
log_write(0, logbits, "%s", string_printing(s));
CUSS &recipient_data);
break;
- #ifdef WITH_CONTENT_SCAN
+#ifdef WITH_CONTENT_SCAN
case ACLC_REGEX:
rc = regex(&arg, textonly);
break;
- #endif
+#endif
case ACLC_REMOVE_HEADER:
setup_remove_header(arg);
/* At top level, we expand the incoming string. At lower levels, it has already
been expanded as part of condition processing. */
-if (acl_level == 0)
+if (acl_level != 0)
+ ss = s;
+else if (!(ss = expand_string(s)))
{
- if (!(ss = expand_string(s)))
- {
- if (f.expand_string_forcedfail) return OK;
- *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", s,
- expand_string_message);
- return ERROR;
- }
+ if (f.expand_string_forcedfail) return OK;
+ *log_msgptr = string_sprintf("failed to expand ACL string \"%s\": %s", s,
+ expand_string_message);
+ return ERROR;
}
-else ss = s;
-while (isspace(*ss)) ss++;
+Uskip_whitespace(&ss);
/* If we can't find a named ACL, the default is to parse it as an inline one.
(Unless it begins with a slash; non-existent files give rise to an error.) */
for (i = 0; i < 9; i++)
{
- while (*s && isspace(*s)) s++;
- if (!*s) break;
+ if (!Uskip_whitespace(&s))
+ break;
if (!(tmp = string_dequote(&s)) || !(tmp_arg[i] = expand_string(tmp)))
{
tmp = name;
int acl_where = ACL_WHERE_UNKNOWN;
int
-acl_check(int where, uschar *recipient, uschar *s, uschar **user_msgptr,
- uschar **log_msgptr)
+acl_check(int where, const uschar * recipient, uschar * s,
+ uschar ** user_msgptr, uschar ** log_msgptr)
{
int rc;
address_item adb;
uschar *
-acl_standalone_setvar(const uschar * s)
+acl_standalone_setvar(const uschar * s, BOOL taint)
{
acl_condition_block * cond = store_get(sizeof(acl_condition_block), GET_UNTAINTED);
uschar * errstr = NULL, * log_msg = NULL;
cond->next = NULL;
cond->type = ACLC_SET;
if (!acl_varname_to_cond(&s, cond, &errstr)) return errstr;
-if (!acl_data_to_cond(s, cond, US"'-be'", &errstr)) return errstr;
+if (!acl_data_to_cond(s, cond, US"'-be'", taint, &errstr)) return errstr;
if (acl_check_condition(ACL_WARN, cond, ACL_WHERE_UNKNOWN,
NULL, 0, &endpass_seen, &errstr, &log_msg, &e) != OK)