*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 - 2021 */
/* See the file NOTICE for conditions of use and distribution. */
/* Code for receiving a message and setting up spool files. */
the file. (When SMTP input is occurring, different functions are used by
changing the pointer variables.) */
-int
-stdin_getc(unsigned lim)
-{
-int c = getc(stdin);
+uschar stdin_buf[4096];
+uschar * stdin_inptr = stdin_buf;
+uschar * stdin_inend = stdin_buf;
-if (had_data_timeout)
- {
- fprintf(stderr, "exim: timed out while reading - message abandoned\n");
- log_write(L_lost_incoming_connection,
- LOG_MAIN, "timed out while reading local message");
- receive_bomb_out(US"data-timeout", NULL); /* Does not return */
- }
-if (had_data_sigint)
+static BOOL
+stdin_refill(void)
+{
+size_t rc = fread(stdin_buf, 1, sizeof(stdin_buf), stdin);
+if (rc <= 0)
{
- if (filter_test == FTEST_NONE)
+ if (had_data_timeout)
+ {
+ fprintf(stderr, "exim: timed out while reading - message abandoned\n");
+ log_write(L_lost_incoming_connection,
+ LOG_MAIN, "timed out while reading local message");
+ receive_bomb_out(US"data-timeout", NULL); /* Does not return */
+ }
+ if (had_data_sigint)
{
- fprintf(stderr, "\nexim: %s received - message abandoned\n",
- had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT");
- log_write(0, LOG_MAIN, "%s received while reading local message",
- had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT");
+ if (filter_test == FTEST_NONE)
+ {
+ fprintf(stderr, "\nexim: %s received - message abandoned\n",
+ had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT");
+ log_write(0, LOG_MAIN, "%s received while reading local message",
+ had_data_sigint == SIGTERM ? "SIGTERM" : "SIGINT");
+ }
+ receive_bomb_out(US"signal-exit", NULL); /* Does not return */
}
- receive_bomb_out(US"signal-exit", NULL); /* Does not return */
+ return FALSE;
}
-return c;
+stdin_inend = stdin_buf + rc;
+stdin_inptr = stdin_buf;
+return TRUE;
+}
+
+int
+stdin_getc(unsigned lim)
+{
+if (stdin_inptr >= stdin_inend)
+ if (!stdin_refill())
+ return EOF;
+return *stdin_inptr++;
+}
+
+
+BOOL
+stdin_hasc(void)
+{
+return stdin_inptr < stdin_inend;
}
int
stdin_ungetc(int c)
{
-return ungetc(c, stdin);
+if (stdin_inptr <= stdin_buf)
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "buffer underflow in stdin_ungetc");
+
+*--stdin_inptr = c;
+return c;
}
int
stdin_feof(void)
{
-return feof(stdin);
+return stdin_hasc() ? FALSE : feof(stdin);
}
int
empty item in a list. */
if (*p == 0) p = US":";
+ /* should never be a tainted list */
while ((path = string_nextinlist(&p, &sep, buffer, sizeof(buffer))))
if (Ustrcmp(path, "syslog") != 0)
break;
log_write(0, LOG_MAIN|LOG_PANIC, "cannot accept message: failed to stat "
"%s directory %s: %s", name, path, strerror(errno));
smtp_closedown(US"spool or log directory problem");
- exim_exit(EXIT_FAILURE, NULL);
+ exim_exit(EXIT_FAILURE);
}
*inodeptr = (statbuf.F_FILES > 0)? statbuf.F_FAVAIL : -1;
"check_space = " PR_EXIM_ARITH "K inodes = %d msg_size = %d\n",
space, inodes, check_spool_space, check_spool_inodes, msg_size);
- if ((space >= 0 && space < check_spool_space) ||
- (inodes >= 0 && inodes < check_spool_inodes))
+ if ( space >= 0 && space + msg_size / 1024 < check_spool_space
+ || inodes >= 0 && inodes < check_spool_inodes)
{
log_write(0, LOG_MAIN, "spool directory space check failed: space="
PR_EXIM_ARITH " inodes=%d", space, inodes);
/* Exit from the program (non-BSMTP cases) */
-exim_exit(EXIT_FAILURE, NULL);
+exim_exit(EXIT_FAILURE);
}
{
recipient_item *oldlist = recipients_list;
int oldmax = recipients_list_max;
+
+ const int safe_recipients_limit = INT_MAX / 2 / sizeof(recipient_item);
+ if (recipients_list_max < 0 || recipients_list_max >= safe_recipients_limit)
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "Too many recipients: %d", recipients_list_max);
+ }
+
recipients_list_max = recipients_list_max ? 2*recipients_list_max : 50;
recipients_list = store_get(recipients_list_max * sizeof(recipient_item), FALSE);
- if (oldlist != NULL)
+ if (oldlist)
memcpy(recipients_list, oldlist, oldmax * sizeof(recipient_item));
}
static void
log_close_chk(void)
{
-if (!receive_timeout)
+if (!receive_timeout && !receive_hasc())
{
struct timeval t;
timesince(&t, &received_time);
if (t.tv_sec > 30*60)
mainlog_close();
else
- {
- fd_set r;
- FD_ZERO(&r); FD_SET(0, &r);
- t.tv_sec = 30*60 - t.tv_sec; t.tv_usec = 0;
- if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close();
- }
+ if (poll_one_fd(0, POLLIN, (30*60 - t.tv_sec) * 1000) == 0)
+ mainlog_close();
}
}
{
int last_ch = '\n';
-/*XXX we do a gettimeofday before checking for every received char,
-which is hardly clever. The function-indirection doesn't help, but
-an additional function to check for nonempty read buffer would help.
-See stdin_getc() / smtp_getc() / tls_getc() / bdat_getc(). */
-
for ( ;
log_close_chk(), (ch = (receive_getc)(GETC_BUFFER_UNLIMITED)) != EOF;
last_ch = ch)
else
fprintf(stderr, "exim: %s%s\n", text2, text1); /* Sic */
(void)fclose(f);
-exim_exit(error_rc, US"");
+exim_exit(error_rc);
}
const uschar * list = acl_removed_headers;
int sep = ':'; /* This is specified as a colon-separated list */
uschar *s;
- uschar buffer[128];
- while ((s = string_nextinlist(&list, &sep, buffer, sizeof(buffer))))
+ while ((s = string_nextinlist(&list, &sep, NULL, 0)))
if (header_testname(h, s, Ustrlen(s), FALSE))
{
h->type = htype_old;
struct dirent * entry;
DIR * tempdir;
- for (tempdir = opendir(CS scandir); entry = readdir(tempdir); )
+ for (tempdir = exim_opendir(scandir); entry = readdir(tempdir); )
if (strncmpic(US entry->d_name, US"__rfc822_", 9) == 0)
{
rfc822_file_path = string_sprintf("%s/%s", scandir, entry->d_name);
void
received_header_gen(void)
{
-uschar *received;
-uschar *timestamp;
-header_line *received_header= header_list;
+uschar * received;
+uschar * timestamp = expand_string(US"${tod_full}");
+header_line * received_header= header_list;
-timestamp = expand_string(US"${tod_full}");
if (recipients_count == 1) received_for = recipients_list[0].address;
received = expand_string(received_header_text);
received_for = NULL;
the result of the expansion is an empty string, we leave the header marked as
"old" so as to refrain from adding a Received header. */
-if (received[0] == 0)
+if (!received[0])
{
received_header->text = string_sprintf("Received: ; %s\n", timestamp);
received_header->type = htype_old;
}
else
{
- received_header->text = string_sprintf("%s; %s\n", received, timestamp);
+ received_header->text = string_sprintf("%s;\n\t%s\n", received, timestamp);
received_header->type = htype_received;
}
int error_rc = error_handling == ERRORS_SENDER
? errors_sender_rc : EXIT_FAILURE;
int header_size = 256;
-int start, end, domain;
-int id_resolution = 0;
int had_zero = 0;
int prevlines_length = 0;
+const int id_resolution = BASE_62 == 62 ? 5000 : 10000;
int ptr = 0;
uschar *timestamp;
int tslen;
+/* Time of creation of message_id */
+
+static struct timeval message_id_tv = { 0, 0 };
+
/* Release any open files that might have been cached while preparing to
accept the message - e.g. by verifying addresses - because reading a message
if (sender_host_address) dmarc_init(); /* initialize libopendmarc */
#endif
+/* In SMTP sessions we may receive several messages in one connection. Before
+each subsequent one, we wait for the clock to tick at the level of message-id
+granularity.
+This is so that the combination of time+pid is unique, even on systems where the
+pid can be re-used within our time interval. We can't shorten the interval
+without re-designing the message-id. See comments above where the message id is
+created. This is Something For The Future.
+Do this wait any time we have previously created a message-id, even if we
+rejected the message. This gives unique IDs for logging done by ACLs.
+The initial timestamp must have been obtained via exim_gettime() to avoid
+issues on Linux with suspend/resume. */
+
+if (message_id_tv.tv_sec)
+ {
+ message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
+ exim_wait_tick(&message_id_tv, id_resolution);
+ }
+
/* Remember the time of reception. Exim uses time+pid for uniqueness of message
ids, and fractions of a second are required. See the comments that precede the
-message id creation below. */
+message id creation below.
+We use a routine that if possible uses a monotonic clock, and can be used again
+after reception for the tick-wait even under the Linux non-Posix behaviour. */
-(void)gettimeofday(&message_id_tv, NULL);
+else
+ exim_gettime(&message_id_tv);
/* For other uses of the received time we can operate with granularity of one
second, and for that we use the global variable received_time. This is for
-things like ultimate message timeouts. */
+things like ultimate message timeouts.
+For this we do not care about the Linux suspend/resume problem, so rather than
+use exim_gettime() everywhere we use a plain gettimeofday() here. */
-received_time = message_id_tv;
+gettimeofday(&received_time, NULL);
/* If SMTP input, set the special handler for timeouts. The alarm() calls
happen in the smtp_getc() function when it refills its buffer. */
if (newsender)
{
if (domain == 0 && newsender[0] != 0)
- newsender = rewrite_address_qualify(newsender, FALSE);
+ /* deconst ok as newsender was not const */
+ newsender = US rewrite_address_qualify(newsender, FALSE);
if (filter_test != FTEST_NONE || receive_check_set_sender(newsender))
{
{
while (recipients_count-- > 0)
{
- uschar *s = rewrite_address(recipients_list[recipients_count].address,
+ const uschar * s = rewrite_address(recipients_list[recipients_count].address,
TRUE, TRUE, global_rewrite_rules, rewrite_existflags);
tree_add_nonrecipient(s);
}
&domain, FALSE);
#ifdef SUPPORT_I18N
- if (string_is_utf8(recipient))
- message_smtputf8 = TRUE;
- else
- allow_utf8_domains = b;
+ if (recipient)
+ if (string_is_utf8(recipient)) message_smtputf8 = TRUE;
+ else allow_utf8_domains = b;
}
+#else
+ ;
#endif
/* Keep a list of all the bad addresses so we can send a single
If there are no recipients at all, an error will occur later. */
- if (recipient == NULL && Ustrcmp(errmess, "empty address") != 0)
+ if (!recipient && Ustrcmp(errmess, "empty address") != 0)
{
int len = Ustrlen(s);
error_block *b = store_get(sizeof(error_block), FALSE);
Ustrncpy(message_id + 7, string_base62((long int)getpid()), 6);
/* Deal with the case where the host number is set. The value of the number was
-checked when it was read, to ensure it isn't too big. The timing granularity is
-left in id_resolution so that an appropriate wait can be done after receiving
-the message, if necessary (we hope it won't be). */
+checked when it was read, to ensure it isn't too big. */
if (host_number_string)
- {
- id_resolution = BASE_62 == 62 ? 5000 : 10000;
sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
string_base62((long int)(
host_number * (1000000/id_resolution) +
message_id_tv.tv_usec/id_resolution)) + 4);
- }
/* Host number not set: final field is just the fractional time at an
appropriate resolution. */
else
- {
- id_resolution = BASE_62 == 62 ? 500 : 1000;
sprintf(CS(message_id + MESSAGE_ID_LENGTH - 3), "-%2s",
string_base62((long int)(message_id_tv.tv_usec/id_resolution)) + 4);
- }
/* Add the current message id onto the current process info string if
it will fit. */
recipient is TRUE). */
for (int i = 0; i < recipients_count; i++)
- recipients_list[i].address =
- rewrite_address(recipients_list[i].address, TRUE, TRUE,
+ recipients_list[i].address = /* deconst ok as src was not cont */
+ US rewrite_address(recipients_list[i].address, TRUE, TRUE,
global_rewrite_rules, rewrite_existflags);
/* If there is no From: header, generate one for local (without
if ( !from_header
&& ((!sender_host_address && !f.suppress_local_fixups) || f.submission_mode))
{
- uschar *oname = US"";
+ const uschar * oname = US"";
/* Use the originator_name if this is a locally submitted message and the
caller is not trusted. For trusted callers, use it only if -F was used to
if (global_rewrite_rules && !sender_address_unrewritten && *sender_address)
{
- sender_address = rewrite_address(sender_address, FALSE, TRUE,
+ /* deconst ok as src was not const */
+ sender_address = US rewrite_address(sender_address, FALSE, TRUE,
global_rewrite_rules, rewrite_existflags);
DEBUG(D_receive|D_rewrite)
debug_printf("rewritten sender = %s\n", sender_address);
/* No I/O errors were encountered while writing the data file. */
DEBUG(D_receive) debug_printf("Data file written for message %s\n", message_id);
-if (LOGGING(receive_time)) timesince(&received_time_taken, &received_time);
+gettimeofday(&received_time_complete, NULL);
/* If there were any bad addresses extracted by -t, or there were no recipients
{
Uunlink(spool_name);
(void)fclose(spool_data_file);
- exim_exit(error_rc, US"receiving");
+ exim_exit(error_rc);
}
}
if (LOGGING(tls_cipher) && tls_in.cipher)
{
g = string_append(g, 2, US" X=", tls_in.cipher);
-# ifdef EXPERIMENTAL_TLS_RESUME
+# ifndef DISABLE_TLS_RESUME
if (LOGGING(tls_resumption) && tls_in.resumption & RESUME_USED)
g = string_catn(g, US"*", 1);
# endif
if (LOGGING(tls_peerdn) && tls_in.peerdn)
g = string_append(g, 3, US" DN=\"", string_printing(tls_in.peerdn), US"\"");
if (LOGGING(tls_sni) && tls_in.sni)
- g = string_append(g, 3, US" SNI=\"", string_printing(tls_in.sni), US"\"");
+ g = string_append(g, 2, US" SNI=", string_printing2(tls_in.sni, SP_TAB|SP_SPACE));
#endif
if (sender_host_authenticated)
#endif
if (LOGGING(receive_time))
- g = string_append(g, 2, US" RT=", string_timediff(&received_time_taken));
+ {
+ struct timeval diff = received_time_complete;
+ timediff(&diff, &received_time);
+ g = string_append(g, 2, US" RT=", string_timediff(&diff));
+ }
if (*queue_name)
g = string_append(g, 2, US" Q=", queue_name);
uschar * old_id;
BOOL save_allow_domain_literals = allow_domain_literals;
allow_domain_literals = TRUE;
+ int start, end, domain;
+
old_id = parse_extract_address(Ustrchr(msgid_header->text, ':') + 1,
&errmsg, &start, &end, &domain, FALSE);
allow_domain_literals = save_allow_domain_literals;
/* Before sending an SMTP response in a TCP/IP session, we check to see if the
connection has gone away. This can only be done if there is no unconsumed input
waiting in the local input buffer. We can test for this by calling
-receive_smtp_buffered(). RFC 2920 (pipelining) explicitly allows for additional
+receive_hasc(). RFC 2920 (pipelining) explicitly allows for additional
input to be sent following the final dot, so the presence of following input is
not an error.
connection will vanish between the time of this test and the sending of the
response, but the chance of this happening should be small. */
-if (smtp_input && sender_host_address && !f.sender_host_notsocket &&
- !receive_smtp_buffered())
+if ( smtp_input && sender_host_address && !f.sender_host_notsocket
+ && !receive_hasc())
{
- struct timeval tv;
- fd_set select_check;
- FD_ZERO(&select_check);
- FD_SET(fileno(smtp_in), &select_check);
- tv.tv_sec = 0;
- tv.tv_usec = 0;
-
- if (select(fileno(smtp_in) + 1, &select_check, NULL, NULL, &tv) != 0)
+ if (poll_one_fd(fileno(smtp_in), POLLIN, 0) != 0)
{
int c = (receive_getc)(GETC_BUFFER_UNLIMITED);
if (c != EOF) (receive_ungetc)(c); else
TIDYUP:
-/* In SMTP sessions we may receive several messages in one connection. After
-each one, we wait for the clock to tick at the level of message-id granularity.
-This is so that the combination of time+pid is unique, even on systems where the
-pid can be re-used within our time interval. We can't shorten the interval
-without re-designing the message-id. See comments above where the message id is
-created. This is Something For The Future.
-Do this wait any time we have created a message-id, even if we rejected the
-message. This gives unique IDs for logging done by ACLs. */
-
-if (id_resolution != 0)
- {
- message_id_tv.tv_usec = (message_id_tv.tv_usec/id_resolution) * id_resolution;
- exim_wait_tick(&message_id_tv, id_resolution);
- id_resolution = 0;
- }
-
-
process_info[process_info_len] = 0; /* Remove message id */
if (spool_data_file && cutthrough_done == NOT_TRIED)
{
else if (chunking_state > CHUNKING_OFFERED)
{
- smtp_printf("250- %u byte chunk, total %d\r\n250 OK id=%s\r\n", FALSE,
+ /* If there is more input waiting, no need to flush (probably the client
+ pipelined QUIT after data). We check only the in-process buffer, not
+ the socket. */
+
+ smtp_printf("250- %u byte chunk, total %d\r\n250 OK id=%s\r\n",
+ receive_hasc(),
chunking_datasize, message_size+message_linecount, message_id);
chunking_state = CHUNKING_OFFERED;
}
else
- smtp_printf("250 OK id=%s\r\n", FALSE, message_id);
+ smtp_printf("250 OK id=%s\r\n", receive_hasc(), message_id);
if (host_checking)
fprintf(stdout,
git://git.exim.org / exim.git / blobdiff