* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
for store allocation via Exim's store manager. The normal calls are actually
macros that pass over location information to make tracing easier. These
functions just interface to the standard macro calls. A good compiler will
-optimize out the tail recursion and so not make them too expensive. There
-are two sets of functions; one for use when we want to retain the compiled
-regular expression for a long time; the other for short-term use. */
-
-static void *
-function_store_get(PCRE2_SIZE size, void * tag)
-{
-/* For now, regard all RE results as potentially tainted. We might need
-more intelligence on this point. */
-return store_get((int)size, TRUE);
-}
-
-static void
-function_dummy_free(void * block, void * tag) {}
+optimize out the tail recursion and so not make them too expensive. */
static void *
function_store_malloc(PCRE2_SIZE size, void * tag)
static void
function_store_free(void * block, void * tag)
{
-store_free(block);
+/* At least some version of pcre2 pass a null pointer */
+if (block) store_free(block);
}
uschar errbuf[128];
pcre2_get_error_message(err, errbuf, sizeof(errbuf));
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "regular expression error: "
- "%s at offset %d while compiling %s", errbuf, (long)offset, pattern);
+ "%s at offset %ld while compiling %s", errbuf, (long)offset, pattern);
}
if (use_malloc)
*************************************************/
/* This function runs a regular expression match, and sets up the pointers to
-the matched substrings. The matched strings are copied.
-
-We might consider tracing the uses of expand_nstring to see if consitification
-is viable, and save the copy cost by just using the pointers into the subject string.
-Pre-pcre2 we did that without noticing, so it might just work - or might have been
-a bug. It was certainly a risk in the implemenation.
+the matched substrings. The matched strings are copied so the lifetime of
+the subject is not a problem.
Arguments:
re the compiled expression
***********************************************/
static void
+#ifdef SA_SIGINFO
+segv_handler(int sig, siginfo_t * info, void * uctx)
+{
+log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (fault address: %p)", info->si_addr);
+# if defined(SEGV_MAPERR) && defined(SEGV_ACCERR) && defined(SEGV_BNDERR) && defined(SEGV_PKUERR)
+switch (info->si_code)
+ {
+ case SEGV_MAPERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_MAPERR"); break;
+ case SEGV_ACCERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_ACCERR"); break;
+ case SEGV_BNDERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_BNDERR"); break;
+ case SEGV_PKUERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_PKUERR"); break;
+ }
+# endif
+if (US info->si_addr < US 4096)
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (null pointer indirection)");
+else
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (maybe attempt to write to immutable memory)");
+if (process_info_len > 0)
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (%.*s)", process_info_len, process_info);
+signal(SIGSEGV, SIG_DFL);
+kill(getpid(), sig);
+}
+
+#else
segv_handler(int sig)
{
log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (maybe attempt to write to immutable memory)");
+if (process_info_len > 0)
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (%.*s)", process_info_len, process_info);
signal(SIGSEGV, SIG_DFL);
kill(getpid(), sig);
}
+#endif
/*************************************************
*/
void
-exim_setugid(uid_t uid, gid_t gid, BOOL igflag, uschar *msg)
+exim_setugid(uid_t uid, gid_t gid, BOOL igflag, const uschar * msg)
{
uid_t euid = geteuid();
gid_t egid = getegid();
int rc = verify_address(deliver_make_addr(address,TRUE), stdout, flags, -1,
-1, -1, NULL, NULL, NULL);
if (rc == FAIL) *exit_value = 2;
- else if (rc == DEFER && *exit_value == 0) *exit_value = 1;
+ else if (rc == DEFER && *exit_value == 0) *exit_value = 1;
}
}
*************************************************/
static void
-show_db_version(FILE * f)
+show_string(BOOL is_stdout, gstring * g)
+{
+const uschar * s = string_from_gstring(g);
+if (s)
+ if (is_stdout) fputs(CCS s, stdout);
+ else debug_printf("%s", s);
+}
+
+
+static gstring *
+show_db_version(gstring * g)
{
#ifdef DB_VERSION_STRING
DEBUG(D_any)
{
- fprintf(f, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING);
- fprintf(f, " Runtime: %s\n",
+ g = string_fmt_append(g, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING);
+ g = string_fmt_append(g, " Runtime: %s\n",
db_version(NULL, NULL, NULL));
}
else
- fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING);
+ g = string_fmt_append(g, "Berkeley DB: %s\n", DB_VERSION_STRING);
#elif defined(BTREEVERSION) && defined(HASHVERSION)
- #ifdef USE_DB
- fprintf(f, "Probably Berkeley DB version 1.8x (native mode)\n");
- #else
- fprintf(f, "Probably Berkeley DB version 1.8x (compatibility mode)\n");
- #endif
+# ifdef USE_DB
+ g = string_cat(g, US"Probably Berkeley DB version 1.8x (native mode)\n");
+# else
+ g = string_cat(g, US"Probably Berkeley DB version 1.8x (compatibility mode)\n");
+# endif
#elif defined(_DBM_RDONLY) || defined(dbm_dirfno)
-fprintf(f, "Probably ndbm\n");
+g = string_cat(g, US"Probably ndbm\n");
#elif defined(USE_TDB)
-fprintf(f, "Using tdb\n");
+g = string_cat(g, US"Using tdb\n");
#else
- #ifdef USE_GDBM
- fprintf(f, "Probably GDBM (native mode)\n");
- #else
- fprintf(f, "Probably GDBM (compatibility mode)\n");
- #endif
+# ifdef USE_GDBM
+ g = string_cat(g, US"Probably GDBM (native mode)\n");
+# else
+ g = string_cat(g, US"Probably GDBM (compatibility mode)\n");
+# endif
#endif
+return g;
}
/* This function is called for -bV/--version and for -d to output the optional
features of the current Exim binary.
-Arguments: a FILE for printing
+Arguments: BOOL, true for stdout else debug channel
Returns: nothing
*/
static void
-show_whats_supported(FILE * fp)
+show_whats_supported(BOOL is_stdout)
{
rmark reset_point = store_mark();
-gstring * g;
-DEBUG(D_any) {} else show_db_version(fp);
+gstring * g = NULL;
+
+DEBUG(D_any) {} else g = show_db_version(g);
-g = string_cat(NULL, US"Support for:");
+g = string_cat(g, US"Support for:");
#ifdef SUPPORT_CRYPTEQ
g = string_cat(g, US" crypteq");
#endif
g = string_cat(g, US" OCSP");
#endif
#ifndef DISABLE_PIPE_CONNECT
- g = string_cat(g, US" PIPE_CONNECT");
+ g = string_cat(g, US" PIPECONNECT");
#endif
#ifndef DISABLE_PRDR
g = string_cat(g, US" PRDR");
g = string_cat(g, US" PROXY");
#endif
#ifndef DISABLE_QUEUE_RAMP
- g = string_cat(g, US" Experimental_Queue_Ramp");
+ g = string_cat(g, US" Queue_Ramp");
#endif
#ifdef SUPPORT_SOCKS
g = string_cat(g, US" SOCKS");
#ifdef EXPERIMENTAL_QUEUEFILE
g = string_cat(g, US" Experimental_QUEUEFILE");
#endif
-#if defined(EXPERIMENTAL_SRS_ALT)
- g = string_cat(g, US" Experimental_SRS");
-#endif
g = string_cat(g, US"\n");
g = string_cat(g, US"Lookups (built-in):");
#ifdef WITH_CONTENT_SCAN
g = malware_show_supported(g);
#endif
+show_string(is_stdout, g); g = NULL;
if (fixed_never_users[0] > 0)
{
}
g = string_fmt_append(g, "Configure owner: %d:%d\n", config_uid, config_gid);
-fputs(CS string_from_gstring(g), fp);
-fprintf(fp, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));
+g = string_fmt_append(g, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));
/* Everything else is details which are only worth reporting when debugging.
Perhaps the tls_version_report should move into this too. */
-DEBUG(D_any) do {
+DEBUG(D_any)
+ {
/* clang defines __GNUC__ (at least, for me) so test for it first */
#if defined(__clang__)
- fprintf(fp, "Compiler: CLang [%s]\n", __clang_version__);
+ g = string_fmt_append(g, "Compiler: CLang [%s]\n", __clang_version__);
#elif defined(__GNUC__)
- fprintf(fp, "Compiler: GCC [%s]\n",
+ g = string_fmt_append(g, "Compiler: GCC [%s]\n",
# ifdef __VERSION__
__VERSION__
# else
# endif
);
#else
- fprintf(fp, "Compiler: <unknown>\n");
+ g = string_cat(g, US"Compiler: <unknown>\n");
#endif
#if defined(__GLIBC__) && !defined(__UCLIBC__)
- fprintf(fp, "Library version: Glibc: Compile: %d.%d\n",
+ g = string_fmt_append(g, "Library version: Glibc: Compile: %d.%d\n",
__GLIBC__, __GLIBC_MINOR__);
if (__GLIBC_PREREQ(2, 1))
- fprintf(fp, " Runtime: %s\n",
+ g = string_fmt_append(g, " Runtime: %s\n",
gnu_get_libc_version());
#endif
-show_db_version(fp);
+g = show_db_version(g);
#ifndef DISABLE_TLS
- tls_version_report(fp);
+ g = tls_version_report(g);
#endif
#ifdef SUPPORT_I18N
- utf8_version_report(fp);
+ g = utf8_version_report(g);
#endif
#ifdef SUPPORT_DMARC
- dmarc_version_report(fp);
+ g = dmarc_version_report(g);
#endif
#ifdef SUPPORT_SPF
- spf_lib_version_report(fp);
+ g = spf_lib_version_report(g);
#endif
- for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi)
- if (authi->version_report)
- (*authi->version_report)(fp);
+show_string(is_stdout, g);
+g = NULL;
+
+for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi)
+ if (authi->version_report)
+ g = (*authi->version_report)(g);
/* PCRE_PRERELEASE is either defined and empty or a bare sequence of
characters; unless it's an ancient version of PCRE in which case it
{
uschar buf[24];
pcre2_config(PCRE2_CONFIG_VERSION, buf);
- fprintf(fp, "Library version: PCRE2: Compile: %d.%d%s\n"
- " Runtime: %s\n",
+ g = string_fmt_append(g, "Library version: PCRE2: Compile: %d.%d%s\n"
+ " Runtime: %s\n",
PCRE2_MAJOR, PCRE2_MINOR,
EXPAND_AND_QUOTE(PCRE2_PRERELEASE) "",
buf);
#undef QUOTE
#undef EXPAND_AND_QUOTE
- init_lookup_list();
- for (int i = 0; i < lookup_list_count; i++)
- if (lookup_list[i]->version_report)
- lookup_list[i]->version_report(fp);
+show_string(is_stdout, g);
+g = NULL;
+
+init_lookup_list();
+for (int i = 0; i < lookup_list_count; i++)
+ if (lookup_list[i]->version_report)
+ g = lookup_list[i]->version_report(g);
+show_string(is_stdout, g);
+g = NULL;
#ifdef WHITELIST_D_MACROS
- fprintf(fp, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
+ g = string_fmt_append(g, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
#else
- fprintf(fp, "WHITELIST_D_MACROS unset\n");
+ g = string_cat(g, US"WHITELIST_D_MACROS unset\n");
#endif
#ifdef TRUSTED_CONFIG_LIST
- fprintf(fp, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
+ g = string_fmt_append(g, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
#else
- fprintf(fp, "TRUSTED_CONFIG_LIST unset\n");
+ g = string_cat(g, US"TRUSTED_CONFIG_LIST unset\n");
#endif
+ }
-} while (0);
+show_string(is_stdout, g);
store_reset(reset_point);
}
get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *))
{
gstring * g = NULL;
+BOOL had_input = FALSE;
if (!fn_readline) { printf("> "); fflush(stdout); }
for (int i = 0;; i++)
{
uschar buffer[1024];
- uschar *p, *ss;
+ uschar * p, * ss;
- #ifdef USE_READLINE
+#ifdef USE_READLINE
char *readline_line = NULL;
if (fn_readline)
{
if (!(readline_line = fn_readline((i > 0)? "":"> "))) break;
- if (*readline_line != 0 && fn_addhist) fn_addhist(readline_line);
+ if (*readline_line && fn_addhist) fn_addhist(readline_line);
p = US readline_line;
}
else
- #endif
+#endif
/* readline() not in use */
{
- if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break;
+ if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break; /*EOF*/
p = buffer;
}
/* Handle the line */
- ss = p + (int)Ustrlen(p);
- while (ss > p && isspace(ss[-1])) ss--;
+ had_input = TRUE;
+ ss = p + Ustrlen(p);
+ while (ss > p && isspace(ss[-1])) ss--; /* strip trailing newline (and spaces) */
if (i > 0)
- while (p < ss && isspace(*p)) p++; /* leading space after cont */
+ while (p < ss && isspace(*p)) p++; /* strip leading space after cont */
g = string_catn(g, p, ss - p);
- #ifdef USE_READLINE
+#ifdef USE_READLINE
if (fn_readline) free(readline_line);
- #endif
+#endif
/* g can only be NULL if ss==p */
- if (ss == p || g->s[g->ptr-1] != '\\')
+ if (ss == p || g->s[g->ptr-1] != '\\') /* not continuation; done */
break;
- --g->ptr;
- (void) string_from_gstring(g);
+ --g->ptr; /* drop the \ */
}
-if (!g) printf("\n");
-return string_from_gstring(g);
+if (had_input) return g ? string_from_gstring(g) : US"";
+printf("\n");
+return NULL;
}
int list_queue_option = 0;
int msg_action = 0;
int msg_action_arg = -1;
-int namelen = (argv[0] == NULL)? 0 : Ustrlen(argv[0]);
+int namelen = argv[0] ? Ustrlen(argv[0]) : 0;
int queue_only_reason = 0;
#ifdef EXIM_PERL
int perl_start_option = 0;
debug_store = TRUE;
/* Protect against abusive argv[0] */
+if (!argv[0] || !argc) exim_fail("exim: executable name required\n");
exim_str_fail_toolong(argv[0], PATH_MAX, "argv[0]");
/* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed
/* Set up the handler for the data request signal, and set the initial
descriptive text. */
-process_info = store_get(PROCESS_INFO_SIZE, TRUE); /* tainted */
+process_info = store_get(PROCESS_INFO_SIZE, GET_TAINTED);
set_process_info("initializing");
os_restarting_signal(SIGUSR1, usr1_handler); /* exiwhat */
+#ifdef SA_SIGINFO
+ {
+ struct sigaction act = { .sa_sigaction = segv_handler, .sa_flags = SA_RESETHAND | SA_SIGINFO };
+ sigaction(SIGSEGV, &act, NULL);
+ }
+#else
signal(SIGSEGV, segv_handler); /* log faults */
+#endif
/* If running in a dockerized environment, the TERM signal is only
delegated to the PID 1 if we request it by setting an signal handler */
if (!*argrest || Ustrcmp(argrest, "c") == 0)
{
if (++i >= argc) { badarg = TRUE; break; }
- sender_host_address = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-bh"), TRUE);
+ sender_host_address = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-bh"),
+ GET_TAINTED);
host_checking = checking = f.log_testing_mode = TRUE;
f.host_checking_callout = *argrest == 'c';
message_logs = FALSE;
version_cnumber, version_date);
printf("%s\n", CS version_copyright);
version_printed = TRUE;
- show_whats_supported(stdout);
+ show_whats_supported(TRUE);
f.log_testing_mode = TRUE;
}
else badarg = TRUE;
#endif
break;
- /* -d: Set debug level (see also -v below) or set the drop_cr option.
- The latter is now a no-op, retained for compatibility only. If -dd is used,
- debugging subprocesses of the daemon is disabled. */
-
case 'd':
+
+ /* -dropcr: Set this option. Now a no-op, retained for compatibility only. */
+
if (Ustrcmp(argrest, "ropcr") == 0)
{
/* drop_cr = TRUE; */
}
- /* Use an intermediate variable so that we don't set debugging while
- decoding the debugging bits. */
+ /* -dp: Set up a debug pretrigger buffer with given size. */
+
+ else if (Ustrcmp(argrest, "p") == 0)
+ if (++i >= argc)
+ badarg = TRUE;
+ else
+ debug_pretrigger_setup(argv[i]);
+
+ /* -dt: Set a debug trigger selector */
+
+ else if (Ustrncmp(argrest, "t=", 2) == 0)
+ dtrigger_selector = (unsigned int) Ustrtol(argrest + 2, NULL, 0);
+
+ /* -d: Set debug level (see also -v below).
+ If -dd is used, debugging subprocesses of the daemon is disabled. */
else
{
+ /* Use an intermediate variable so that we don't set debugging while
+ decoding the debugging bits. */
+
unsigned int selector = D_default;
debug_selector = 0;
debug_file = NULL;
case 'F':
if (!*argrest)
if (++i < argc) argrest = argv[i]; else { badarg = TRUE; break; }
- originator_name = string_copy_taint(exim_str_fail_toolong(argrest, EXIM_HUMANNAME_MAX, "-F"), TRUE);
+ originator_name = string_copy_taint(
+ exim_str_fail_toolong(argrest, EXIM_HUMANNAME_MAX, "-F"),
+ GET_TAINTED);
f.sender_name_forced = TRUE;
break;
if (i+1 < argc) argrest = argv[++i]; else { badarg = TRUE; break; }
(void) exim_str_fail_toolong(argrest, EXIM_DISPLAYMAIL_MAX, "-f");
if (!*argrest)
- *(sender_address = store_get(1, FALSE)) = '\0'; /* Ensure writeable memory */
+ *(sender_address = store_get(1, GET_UNTAINTED)) = '\0'; /* Ensure writeable memory */
else
{
uschar * temp = argrest + Ustrlen(argrest) - 1;
&dummy_start, &dummy_end, &sender_address_domain, TRUE)))
exim_fail("exim: bad -f address \"%s\": %s\n", argrest, errmess);
- sender_address = string_copy_taint(sender_address, TRUE);
+ sender_address = string_copy_taint(sender_address, GET_TAINTED);
#ifdef SUPPORT_I18N
message_smtputf8 = string_is_utf8(sender_address);
allow_utf8_domains = FALSE;
exim_fail("exim: the -L syslog name is too long: \"%s\"\n", argrest);
if (sz < 1)
exim_fail("exim: the -L syslog name is too short\n");
- cmdline_syslog_name = string_copy_taint(argrest, TRUE);
+ cmdline_syslog_name = string_copy_taint(argrest, GET_TAINTED);
break;
case 'M':
if (msg_action_arg >= 0)
exim_fail("exim: incompatible arguments\n");
- continue_transport = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-C internal transport"), TRUE);
- continue_hostname = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-C internal hostname"), TRUE);
- continue_host_address = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-C internal hostaddr"), TRUE);
+ continue_transport = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-C internal transport"),
+ GET_TAINTED);
+ continue_hostname = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-C internal hostname"),
+ GET_TAINTED);
+ continue_host_address = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-C internal hostaddr"),
+ GET_TAINTED);
continue_sequence = Uatoi(argv[++i]);
msg_action = MSG_DELIVER;
msg_action_arg = ++i;
/* -MCd: for debug, set a process-purpose string */
case 'd': if (++i < argc)
- process_purpose = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCd"), TRUE);
+ process_purpose = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCd"),
+ GET_TAINTED);
else badarg = TRUE;
break;
from the commandline should be tainted - but we will need an untainted
value for the spoolfile when doing a -odi delivery process. */
- case 'G': if (++i < argc) queue_name = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCG"), FALSE);
+ case 'G': if (++i < argc) queue_name = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCG"),
+ GET_UNTAINTED);
else badarg = TRUE;
break;
case 'p': proxy_session = TRUE;
if (++i < argc)
{
- proxy_local_address = string_copy_taint(argv[i], TRUE);
+ proxy_local_address = string_copy_taint(argv[i], GET_TAINTED);
if (++i < argc)
{
proxy_local_port = Uatoi(argv[i]);
if (++i < argc)
{
- proxy_external_address = string_copy_taint(argv[i], TRUE);
+ proxy_external_address = string_copy_taint(argv[i], GET_TAINTED);
if (++i < argc)
{
proxy_external_port = Uatoi(argv[i]);
case 'r':
case 's': if (++i < argc)
{
- continue_proxy_sni = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_HOSTNAME_MAX, "-MCr/-MCs"), TRUE);
+ continue_proxy_sni = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_HOSTNAME_MAX, "-MCr/-MCs"),
+ GET_TAINTED);
if (argrest[1] == 'r') continue_proxy_dane = TRUE;
}
else badarg = TRUE;
and the TLS cipher. */
case 't': if (++i < argc)
- sending_ip_address = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-MCt IP"), TRUE);
+ sending_ip_address = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-MCt IP"),
+ GET_TAINTED);
else badarg = TRUE;
if (++i < argc)
sending_port = (int)(Uatol(argv[i]));
else badarg = TRUE;
if (++i < argc)
- continue_proxy_cipher = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_CIPHERNAME_MAX, "-MCt cipher"), TRUE);
+ continue_proxy_cipher = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_CIPHERNAME_MAX, "-MCt cipher"),
+ GET_TAINTED);
else badarg = TRUE;
/*FALLTHROUGH*/
else if (Ustrcmp(argrest, "G") == 0)
{
msg_action = MSG_SETQUEUE;
- queue_name_dest = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-MG"), TRUE);
- }
- else if (Ustrcmp(argrest, "mad") == 0)
- {
- msg_action = MSG_MARK_ALL_DELIVERED;
+ queue_name_dest = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-MG"),
+ GET_TAINTED);
}
+ else if (Ustrcmp(argrest, "mad") == 0) msg_action = MSG_MARK_ALL_DELIVERED;
else if (Ustrcmp(argrest, "md") == 0)
{
msg_action = MSG_MARK_DELIVERED;
/* -oMa: Set sender host address */
if (Ustrcmp(argrest, "a") == 0)
- sender_host_address = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMa"), TRUE);
+ sender_host_address = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMa"),
+ GET_TAINTED);
/* -oMaa: Set authenticator name */
else if (Ustrcmp(argrest, "aa") == 0)
- sender_host_authenticated = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMaa"), TRUE);
+ sender_host_authenticated = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMaa"),
+ GET_TAINTED);
/* -oMas: setting authenticated sender */
else if (Ustrcmp(argrest, "as") == 0)
- authenticated_sender = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"), TRUE);
+ authenticated_sender = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"),
+ GET_TAINTED);
/* -oMai: setting authenticated id */
else if (Ustrcmp(argrest, "ai") == 0)
- authenticated_id = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"), TRUE);
+ authenticated_id = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"),
+ GET_TAINTED);
/* -oMi: Set incoming interface address */
else if (Ustrcmp(argrest, "i") == 0)
- interface_address = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMi"), TRUE);
+ interface_address = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMi"),
+ GET_TAINTED);
/* -oMm: Message reference */
if (received_protocol)
exim_fail("received_protocol is set already\n");
else
- received_protocol = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMr"), TRUE);
+ received_protocol = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMr"),
+ GET_TAINTED);
/* -oMs: Set sender host name */
else if (Ustrcmp(argrest, "s") == 0)
- sender_host_name = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-oMs"), TRUE);
+ sender_host_name = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-oMs"),
+ GET_TAINTED);
/* -oMt: Set sender ident */
else if (Ustrcmp(argrest, "t") == 0)
{
sender_ident_set = TRUE;
- sender_ident = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IDENTUSER_MAX, "-oMt"), TRUE);
+ sender_ident = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IDENTUSER_MAX, "-oMt"),
+ GET_TAINTED);
}
/* Else a bad argument */
case 'X':
if (*argrest) badarg = TRUE;
- else override_local_interfaces = string_copy_taint(exim_str_fail_toolong(argv[++i], 1024, "-oX"), TRUE);
+ else override_local_interfaces = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], 1024, "-oX"),
+ GET_TAINTED);
break;
/* -oY: Override creation of daemon notifier socket */
exim_fail("received_protocol is set already\n");
if (!hn)
- received_protocol = string_copy_taint(exim_str_fail_toolong(argrest, EXIM_DRIVERNAME_MAX, "-p<protocol>"), TRUE);
+ received_protocol = string_copy_taint(
+ exim_str_fail_toolong(argrest, EXIM_DRIVERNAME_MAX, "-p<protocol>"),
+ GET_TAINTED);
else
{
(void) exim_str_fail_toolong(argrest, (EXIM_DRIVERNAME_MAX+1+EXIM_HOSTNAME_MAX), "-p<protocol>:<host>");
- received_protocol = string_copyn_taint(argrest, hn - argrest, TRUE);
- sender_host_name = string_copy_taint(hn + 1, TRUE);
+ received_protocol = string_copyn_taint(argrest, hn - argrest, GET_TAINTED);
+ sender_host_name = string_copy_taint(hn + 1, GET_TAINTED);
}
}
break;
{
queue_interval = 0;
if (i+1 < argc && mac_ismsgid(argv[i+1]))
- start_queue_run_id = string_copy_taint(argv[++i], TRUE);
+ start_queue_run_id = string_copy_taint(argv[++i], GET_TAINTED);
if (i+1 < argc && mac_ismsgid(argv[i+1]))
- stop_queue_run_id = string_copy_taint(argv[++i], TRUE);
+ stop_queue_run_id = string_copy_taint(argv[++i], GET_TAINTED);
}
/* -q[f][f][l][G<name>/]<n>: Run the queue at regular intervals, optionally
tainted_selectstr = argv[++i];
else
exim_fail("exim: string expected after -R\n");
- deliver_selectstring = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-R"), TRUE);
+ deliver_selectstring = string_copy_taint(
+ exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-R"),
+ GET_TAINTED);
}
break;
tainted_selectstr = argv[++i];
else
exim_fail("exim: string expected after -S\n");
- deliver_selectstring_sender = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-S"), TRUE);
+ deliver_selectstring_sender = string_copy_taint(
+ exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-S"),
+ GET_TAINTED);
}
break;
case 'T':
if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0)
- fudged_queue_times = string_copy_taint(argv[++i], TRUE);
+ fudged_queue_times = string_copy_taint(argv[++i], GET_TAINTED);
else badarg = TRUE;
break;
case 'z':
if (!*argrest)
if (++i < argc)
- log_oneline = string_copy_taint(exim_str_fail_toolong(argv[i], 2048, "-z logtext"), TRUE);
+ log_oneline = string_copy_taint(
+ exim_str_fail_toolong(argv[i], 2048, "-z logtext"),
+ GET_TAINTED);
else
exim_fail("exim: file name expected after %s\n", argv[i-1]);
break;
version_string, (long int)real_uid, (long int)real_gid, (int)getpid(),
debug_selector);
if (!version_printed)
- show_whats_supported(stderr);
+ show_whats_supported(FALSE);
}
}
{
int i = 0;
uschar *argv[3];
- argv[i++] = bi_command;
+ argv[i++] = bi_command; /* nonexpanded option so assume untainted */
if (alias_arg) argv[i++] = alias_arg;
argv[i++] = NULL;
store_pool = POOL_CONFIG;
readconf_rest();
store_pool = old_pool;
- store_writeprotect(POOL_CONFIG);
+
+ /* -be can add macro definitions, needing to link to the macro structure
+ chain. Otherwise, make the memory used for config data readonly. */
+
+ if (!expansion_test)
+ store_writeprotect(POOL_CONFIG);
#ifdef MEASURE_TIMING
report_time_since(&t0, US"readconf_rest (delta)");
while (recipients_arg < argc)
{
/* Supplied addresses are tainted since they come from a user */
- uschar * s = string_copy_taint(exim_str_fail_toolong(argv[recipients_arg++], EXIM_DISPLAYMAIL_MAX, "address verification"), TRUE);
+ uschar * s = string_copy_taint(
+ exim_str_fail_toolong(argv[recipients_arg++], EXIM_DISPLAYMAIL_MAX, "address verification"),
+ GET_TAINTED);
while (*s)
{
BOOL finished = FALSE;
{
uschar * s = get_stdinput(NULL, NULL);
if (!s) break;
- test_address(string_copy_taint(exim_str_fail_toolong(s, EXIM_DISPLAYMAIL_MAX, "address verification (stdin)"), TRUE), flags, &exit_value);
+ test_address(string_copy_taint(
+ exim_str_fail_toolong(s, EXIM_DISPLAYMAIL_MAX, "address verification (stdin)"),
+ GET_TAINTED),
+ flags, &exit_value);
}
route_tidyup();
message_id = US exim_str_fail_toolong(argv[msg_action_arg], MESSAGE_ID_LENGTH, "message-id");
/* Checking the length of the ID is sufficient to validate it.
Get an untainted version so file opens can be done. */
- message_id = string_copy_taint(message_id, FALSE);
+ message_id = string_copy_taint(message_id, GET_UNTAINTED);
spoolname = string_sprintf("%s-H", message_id);
if ((deliver_datafile = spool_open_datafile(message_id)) < 0)
it. The code works for both IPv4 and IPv6, as it happens. */
size = host_aton(sender_host_address, x);
- sender_host_address = store_get(48, FALSE); /* large enough for full IPv6 */
+ sender_host_address = store_get(48, GET_UNTAINTED); /* large enough for full IPv6 */
(void)host_nmtoa(size, x, -1, sender_host_address, ':');
/* Now set up for testing */
{
if (!f.is_inetd) set_process_info("accepting a local %sSMTP message from <%s>",
smtp_batched_input? "batched " : "",
- (sender_address!= NULL)? sender_address : originator_login);
+ sender_address ? sender_address : originator_login);
}
else
{
}
}
-/* Otherwise, set up the input size limit here. */
+/* Otherwise, set up the input size limit here and set no stdin stdio buffer
+(we handle buferring so as to have visibility of fill level). */
else
{
else
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "invalid value for "
"message_size_limit: %s", expand_string_message);
+
+ setvbuf(stdin, NULL, _IONBF, 0);
}
/* Loop for several messages when reading SMTP input. If we fork any child
uschar * errmess;
/* There can be multiple addresses, so EXIM_DISPLAYMAIL_MAX (tuned for 1) is too short.
* We'll still want to cap it to something, just in case. */
- uschar * s = string_copy_taint(exim_str_fail_toolong(list[i], BIG_BUFFER_SIZE, "address argument"), TRUE);
+ uschar * s = string_copy_taint(
+ exim_str_fail_toolong(list[i], BIG_BUFFER_SIZE, "address argument"),
+ GET_TAINTED);
/* Loop for each comma-separated address */
- while (*s != 0)
+ while (*s)
{
BOOL finished = FALSE;
uschar *recipient;
errors_sender_rc : EXIT_FAILURE;
}
- receive_add_recipient(string_copy_taint(recipient, TRUE), -1);
+ receive_add_recipient(string_copy_taint(recipient, GET_TAINTED), -1);
s = ss;
if (!finished)
while (*(++s) != 0 && (*s == ',' || isspace(*s)));
the file copy. */
if (!receive_timeout)
- {
- struct timeval t = { .tv_sec = 30*60, .tv_usec = 0 }; /* 30 minutes */
- fd_set r;
-
- FD_ZERO(&r); FD_SET(0, &r);
- if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close();
- }
+ if (poll_one_fd(0, POLLIN, 30*60*1000) == 0) /* 30 minutes */
+ mainlog_close();
/* Read the data for the message. If filter_test is not FTEST_NONE, this
will just read the headers for the message, and not write anything onto the
git://git.exim.org / exim.git / blobdiff