taint enforce: file access backstops

[exim.git] / src / src / functions.h

diff --git a/src/src/functions.h b/src/src/functions.h
index ea3cf257c5f6869043b38a2959b08683c4953520..fe15cc573251b6ca2fa3a21bce8b77a2608d3a5e 100644 (file)
--- a/src/src/functions.h
+++ b/src/src/functions.h
@@ -906,9 +906,18 @@ return string_sprintf("%s/%s/%s/%s/%s%s",
 
 static inline uschar *
 spool_fname(const uschar * purpose, const uschar * subdir, const uschar * fname,
-               const uschar * suffix)
+       const uschar * suffix)
 {
+#ifdef COMPILE_UTILITY         /* version avoiding string-extension */
+int len = Ustrlen(spool_directory) + 1 + Ustrlen(queue_name) + 1 + Ustrlen(purpose) + 1
+       + Ustrlen(subdir) + 1 + Ustrlen(fname) + Ustrlen(suffix) + 1;
+uschar * buf = store_get(len, FALSE);
+string_format(buf, len, "%s/%s/%s/%s/%s%s",
+       spool_directory, queue_name, purpose, subdir, fname, suffix);
+return buf;
+#else
 return spool_q_fname(purpose, queue_name, subdir, fname, suffix);
+#endif
 }
 
 static inline void
@@ -921,8 +930,10 @@ subdir_str[1] = '\0';
 }
 
 /******************************************************************************/
+/* Time calculations */
+
 static inline void
-timesince(struct timeval * diff, struct timeval * then)
+timesince(struct timeval * diff, const struct timeval * then)
 {
 gettimeofday(diff, NULL);
 diff->tv_sec -= then->tv_sec;
@@ -934,7 +945,7 @@ if ((diff->tv_usec -= then->tv_usec) < 0)
 }
 
 static inline uschar *
-string_timediff(struct timeval * diff)
+string_timediff(const struct timeval * diff)
 {
 static uschar buf[sizeof("0.000s")];
 
@@ -947,7 +958,7 @@ return buf;
 
 
 static inline uschar *
-string_timesince(struct timeval * then)
+string_timesince(const struct timeval * then)
 {
 struct timeval diff;
 timesince(&diff, then);
@@ -955,7 +966,7 @@ return string_timediff(&diff);
 }
 
 static inline void
-report_time_since(struct timeval * t0, uschar * where)
+report_time_since(const struct timeval * t0, const uschar * where)
 {
 # ifdef MEASURE_TIMING
 struct timeval diff;
@@ -974,6 +985,51 @@ if (f.running_in_test_harness) millisleep(millisec);
 #endif
 }
 
+/******************************************************************************/
+/* Taint-checked file opens */
+
+static inline int
+exim_open2(const char *pathname, int flags)
+{
+if (!is_tainted(pathname)) return open(pathname, flags);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+static inline int
+exim_open(const char *pathname, int flags, mode_t mode)
+{
+if (!is_tainted(pathname)) return open(pathname, flags, mode);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+static inline int
+exim_openat(int dirfd, const char *pathname, int flags)
+{
+if (!is_tainted(pathname)) return openat(dirfd, pathname, flags);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+static inline int
+exim_openat4(int dirfd, const char *pathname, int flags, mode_t mode)
+{
+if (!is_tainted(pathname)) return openat(dirfd, pathname, flags, mode);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return -1;
+}
+
+static inline FILE *
+exim_fopen(const char *pathname, const char *mode)
+{
+if (!is_tainted(pathname)) return fopen(pathname, mode);
+log_write(0, LOG_MAIN|LOG_PANIC, "Tainted filename '%s'\n", pathname);
+errno = EACCES;
+return NULL;
+}
+
 #endif /* !MACRO_PREDEF */
 
 #endif  /* _FUNCTIONS_H_ */