SPDX: Mass-update to GPL-2.0-or-later

[exim.git] / src / src / bmi_spam.c

diff --git a/src/src/bmi_spam.c b/src/src/bmi_spam.c
index 378514939f1598ab82ab901ac9b94557c159c779..03e8defa6919fe405407a3fe65b054776b45a43d 100644 (file)
--- a/src/src/bmi_spam.c
+++ b/src/src/bmi_spam.c
@@ -5,6 +5,8 @@
 /* Code for calling Brightmail AntiSpam.
    Copyright (c) Tom Kistner <tom@duncanthrax.net> 2004
    License: GPL */
+/* Copyright (c) The Exim Maintainers 2021 - 2022 */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
 
 #include "exim.h"
 #ifdef EXPERIMENTAL_BRIGHTMAIL
@@ -27,7 +29,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) {
   uschar *verdicts = NULL;
   int i,j;
 
-  err = bmiInitSystem(BMI_VERSION, (char *)bmi_config_file, &system);
+  err = bmiInitSystem(BMI_VERSION, CS bmi_config_file, &system);
   if (bmiErrorIsFatal(err) == BMI_TRUE) {
     err_loc = bmiErrorGetLocation(err);
     err_type = bmiErrorGetType(err);
@@ -51,24 +53,24 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) {
     host_address = localhost;
   else
     host_address = sender_host_address;
-  err = bmiProcessConnection((char *)host_address, message);
+  err = bmiProcessConnection(CS host_address, message);
   if (bmiErrorIsFatal(err) == BMI_TRUE) {
     err_loc = bmiErrorGetLocation(err);
     err_type = bmiErrorGetType(err);
     log_write(0, LOG_PANIC,
-               "bmi error [loc %d type %d]: bmiProcessConnection() failed (IP %s).", (int)err_loc, (int)err_type, (char *)host_address);
+               "bmi error [loc %d type %d]: bmiProcessConnection() failed (IP %s).", (int)err_loc, (int)err_type, CS host_address);
     bmiFreeMessage(message);
     bmiFreeSystem(system);
     return NULL;
   };
 
   /* Send envelope sender address */
-  err = bmiProcessFROM((char *)sender_address, message);
+  err = bmiProcessFROM(CS sender_address, message);
   if (bmiErrorIsFatal(err) == BMI_TRUE) {
     err_loc = bmiErrorGetLocation(err);
     err_type = bmiErrorGetType(err);
     log_write(0, LOG_PANIC,
-               "bmi error [loc %d type %d]: bmiProcessFROM() failed (address %s).", (int)err_loc, (int)err_type, (char *)sender_address);
+               "bmi error [loc %d type %d]: bmiProcessFROM() failed (address %s).", (int)err_loc, (int)err_type, CS sender_address);
     bmiFreeMessage(message);
     bmiFreeSystem(system);
     return NULL;
@@ -86,14 +88,14 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) {
       err = bmiOptinMset(optin, r->bmi_optin, ':');
       if (bmiErrorIsFatal(err) == BMI_TRUE) {
         log_write(0, LOG_PANIC|LOG_MAIN,
-                   "bmi warning: [loc %d type %d]: bmiOptinMSet() failed (address '%s', string '%s').", (int)err_loc, (int)err_type, (char *)r->address, (char *)r->bmi_optin);
+                   "bmi warning: [loc %d type %d]: bmiOptinMSet() failed (address '%s', string '%s').", (int)err_loc, (int)err_type, CS r->address, CS r->bmi_optin);
         if (optin != NULL)
           bmiOptinFree(optin);
         optin = NULL;
       };
     };
 
-    err = bmiAccumulateTO((char *)r->address, optin, message);
+    err = bmiAccumulateTO(CS r->address, optin, message);
 
     if (optin != NULL)
       bmiOptinFree(optin);
@@ -102,7 +104,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) {
       err_loc = bmiErrorGetLocation(err);
       err_type = bmiErrorGetType(err);
       log_write(0, LOG_PANIC,
-                 "bmi error [loc %d type %d]: bmiAccumulateTO() failed (address %s).", (int)err_loc, (int)err_type, (char *)r->address);
+                 "bmi error [loc %d type %d]: bmiAccumulateTO() failed (address %s).", (int)err_loc, (int)err_type, CS r->address);
       bmiFreeMessage(message);
       bmiFreeSystem(system);
       return NULL;
@@ -126,7 +128,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) {
       header_list = header_list->next;
       continue;
     };
-    err = bmiAccumulateHeaders((const char *)header_list->text, header_list->slen, message);
+    err = bmiAccumulateHeaders(CCS header_list->text, header_list->slen, message);
     if (bmiErrorIsFatal(err) == BMI_TRUE) {
       err_loc = bmiErrorGetLocation(err);
       err_type = bmiErrorGetType(err);
@@ -154,7 +156,7 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) {
   do {
     j = fread(data_buffer, 1, sizeof(data_buffer), data_file);
     if (j > 0) {
-      err = bmiAccumulateBody((const char *)data_buffer, j, message);
+      err = bmiAccumulateBody(CCS data_buffer, j, message);
       if (bmiErrorIsFatal(err) == BMI_TRUE) {
         err_loc = bmiErrorGetLocation(err);
         err_type = bmiErrorGetType(err);
@@ -190,17 +192,20 @@ uschar *bmi_process_message(header_line *header_list, int data_fd) {
     return NULL;
   };
 
-  /* get store for the verdict string */
-  verdicts = store_get(1);
+  /* Get store for the verdict string.  Since we are processing message data, assume that
+  the verdict is tainted.  XXX this should use a growable-string  */
+
+  verdicts = store_get(1, GET_TAINTED);
   *verdicts = '\0';
 
   for ( err = bmiAccessFirstVerdict(message, &verdict);
-        verdict != NULL;
+        verdict;
         err = bmiAccessNextVerdict(message, verdict, &verdict) ) {
     char *verdict_str;
 
     err = bmiCreateStrFromVerdict(verdict,&verdict_str);
-    if (!store_extend(verdicts, Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) {
+    if (!store_extend(verdicts,
+         Ustrlen(verdicts)+1, Ustrlen(verdicts)+1+strlen(verdict_str)+1)) {
       /* can't allocate more store */
       return NULL;
     };
@@ -299,7 +304,7 @@ uschar *bmi_get_alt_location(uschar *base64_verdict) {
   }
   else {
     /* deliver to alternate location */
-    rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1);
+    rc = store_get(strlen(bmiVerdictAccessDestination(verdict))+1, GET_TAINTED);
     Ustrcpy(rc, bmiVerdictAccessDestination(verdict));
     rc[strlen(bmiVerdictAccessDestination(verdict))] = '\0';
   };
@@ -324,11 +329,11 @@ uschar *bmi_get_base64_verdict(uschar *bmi_local_part, uschar *bmi_domain) {
     return NULL;
 
   /* allocate room for the b64 verdict string */
-  verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1);
+  verdict_buffer = store_get(Ustrlen(bmi_verdicts)+1, GET_TAINTED);
 
   /* loop through verdicts */
   verdict_ptr = bmi_verdicts;
-  while ((verdict_str = (const char *)string_nextinlist(&verdict_ptr, &sep,
+  while ((verdict_str = CCS string_nextinlist(&verdict_ptr, &sep,
                                           verdict_buffer,
                                           Ustrlen(bmi_verdicts)+1)) != NULL) {
 
@@ -350,7 +355,7 @@ uschar *bmi_get_base64_verdict(uschar *bmi_local_part, uschar *bmi_domain) {
       uschar *rcpt_domain;
 
       /* compare address against our subject */
-      rcpt_local_part = (unsigned char *)bmiRecipientAccessAddress(recipient);
+      rcpt_local_part = US bmiRecipientAccessAddress(recipient);
       rcpt_domain = Ustrchr(rcpt_local_part,'@');
       if (rcpt_domain == NULL) {
         rcpt_domain = US"";
@@ -364,7 +369,7 @@ uschar *bmi_get_base64_verdict(uschar *bmi_local_part, uschar *bmi_domain) {
            (strcmpic(rcpt_domain, bmi_domain) == 0) ) {
         /* found verdict */
         bmiFreeVerdict(verdict);
-        return (uschar *)verdict_str;
+        return US verdict_str;
       };
     };
 
@@ -445,9 +450,11 @@ int bmi_check_rule(uschar *base64_verdict, uschar *option_list) {
   }
 
   /* loop through numbers */
+  /* option_list doesn't seem to be expanded so cannot be tainted.  If it ever is we
+  will trap here */
   rule_ptr = option_list;
   while ((rule_num = string_nextinlist(&rule_ptr, &sep,
-                                       rule_buffer, 32)) != NULL) {
+                                       rule_buffer, sizeof(rule_buffer)))) {
     int rule_int = -1;
 
     /* try to translate to int */