* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) The Exim Maintainers 2020 - 2022 */
+/* Copyright (c) The Exim Maintainers 2020 - 2023 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
/* SPDX-License-Identifier: GPL-2.0-or-later */
/* fail if a length is too long */
static inline void
-exim_len_fail_toolong(int itemlen, int maxlen, const char *description)
+exim_len_fail_toolong(int itemlen, int maxlen, const char * description)
{
if (itemlen <= maxlen)
return;
/* only pass through the string item back to the caller if it's short enough */
static inline const uschar *
-exim_str_fail_toolong(const uschar *item, int maxlen, const char *description)
+exim_str_fail_toolong(const uschar * item, int maxlen, const char * description)
{
+if (!item)
+ exim_fail("exim: bad item for: %s\n", description);
exim_len_fail_toolong(Ustrlen(item), maxlen, description);
return item;
}
struct stat buf;
if (0 == (fd < 0 ? stat(name, &buf) : fstat(fd, &buf)))
-{
+ {
if (buf.st_uid == owner && buf.st_gid == group) return 0;
log_write(0, LOG_MAIN|LOG_PANIC, "Wrong ownership on %s", name);
-}
+ }
else log_write(0, LOG_MAIN|LOG_PANIC, "Stat failed on %s: %s", name, strerror(errno));
#endif
}
+/* Bump the index for argv, checking for overflow,
+and return the argument. */
+
+static const uschar *
+next_argv(const uschar ** argv, int * pi, int argc, const uschar * where)
+{
+int i = *pi;
+if (++i >= argc) exim_fail("exim: bad item for: %s\n", where);
+return argv[*pi = i];
+}
+
+
/*************************************************
* Extract port from host address *
*************************************************/
DEBUG(D_any) {} else g = show_db_version(g);
g = string_cat(g, US"Support for:");
+#ifdef WITH_CONTENT_SCAN
+ g = string_cat(g, US" Content_Scanning");
+#endif
#ifdef SUPPORT_CRYPTEQ
g = string_cat(g, US" crypteq");
#endif
+#ifdef EXPAND_DLFUNC
+ g = string_cat(g, US" Expand_dlfunc");
+#endif
#if HAVE_ICONV
g = string_cat(g, US" iconv()");
#endif
#if HAVE_IPV6
g = string_cat(g, US" IPv6");
#endif
-#ifdef HAVE_SETCLASSRESOURCES
- g = string_cat(g, US" use_setclassresources");
-#endif
#ifdef SUPPORT_PAM
g = string_cat(g, US" PAM");
#endif
#ifdef EXIM_PERL
g = string_cat(g, US" Perl");
#endif
-#ifdef EXPAND_DLFUNC
- g = string_cat(g, US" Expand_dlfunc");
-#endif
-#ifdef USE_TCP_WRAPPERS
- g = string_cat(g, US" TCPwrappers");
-#endif
#ifdef USE_GNUTLS
g = string_cat(g, US" GnuTLS");
#endif
+#ifdef SUPPORT_MOVE_FROZEN_MESSAGES
+ g = string_cat(g, US" move_frozen_messages");
+#endif
#ifdef USE_OPENSSL
g = string_cat(g, US" OpenSSL");
#endif
+#if defined(CYRUS_PWCHECK_SOCKET)
+ g = string_cat(g, US" pwcheck");
+#endif
+#if defined(RADIUS_CONFIG_FILE)
+ g = string_cat(g, US" radius");
+#endif
#ifndef DISABLE_TLS_RESUME
g = string_cat(g, US" TLS_resume");
#endif
#ifdef SUPPORT_TRANSLATE_IP_ADDRESS
g = string_cat(g, US" translate_ip_address");
#endif
-#ifdef SUPPORT_MOVE_FROZEN_MESSAGES
- g = string_cat(g, US" move_frozen_messages");
+#ifdef USE_TCP_WRAPPERS
+ g = string_cat(g, US" TCPwrappers");
#endif
-#ifdef WITH_CONTENT_SCAN
- g = string_cat(g, US" Content_Scanning");
+#ifdef HAVE_SETCLASSRESOURCES
+ g = string_cat(g, US" use_setclassresources");
#endif
#ifdef SUPPORT_DANE
g = string_cat(g, US" DANE");
Returns: the local part, quoted if necessary
*/
-uschar *
-local_part_quote(uschar *lpart)
+const uschar *
+local_part_quote(const uschar * lpart)
{
BOOL needs_quote = FALSE;
gstring * g;
-for (uschar * t = lpart; !needs_quote && *t != 0; t++)
- {
+for (const uschar * t = lpart; !needs_quote && *t; t++)
needs_quote = !isalnum(*t) && strchr("!#$%&'*+-/=?^_`{|}~", *t) == NULL &&
(*t != '.' || t == lpart || t[1] == 0);
- }
if (!needs_quote) return lpart;
for (;;)
{
- uschar *nq = US Ustrpbrk(lpart, "\\\"");
- if (nq == NULL)
+ uschar * nq = US Ustrpbrk(lpart, "\\\"");
+ if (!nq)
{
g = string_cat(g, lpart);
break;
*/
static void
-exim_usage(uschar *progname)
+exim_usage(const uschar * progname)
{
/* Handle specific program invocation variants */
*/
int
-main(int argc, char **cargv)
+main(int argc, char ** cargv)
{
-uschar **argv = USS cargv;
+const uschar ** argv = CUSS cargv;
int arg_receive_timeout = -1;
int arg_smtp_receive_timeout = -1;
int arg_error_handling = error_handling;
BOOL verify_as_sender = FALSE;
BOOL rcpt_verify_quota = FALSE;
BOOL version_printed = FALSE;
-uschar *alias_arg = NULL;
-uschar *called_as = US"";
-uschar *cmdline_syslog_name = NULL;
-uschar *start_queue_run_id = NULL;
-uschar *stop_queue_run_id = NULL;
-uschar *expansion_test_message = NULL;
-const uschar *ftest_domain = NULL;
-const uschar *ftest_localpart = NULL;
-const uschar *ftest_prefix = NULL;
-const uschar *ftest_suffix = NULL;
-uschar *log_oneline = NULL;
-uschar *malware_test_file = NULL;
-uschar *real_sender_address;
-uschar *originator_home = US"/";
+const uschar * alias_arg = NULL;
+const uschar * called_as = US"";
+const uschar * cmdline_syslog_name = NULL;
+const uschar * start_queue_run_id = NULL;
+const uschar * stop_queue_run_id = NULL;
+const uschar * expansion_test_message = NULL;
+const uschar * ftest_domain = NULL;
+const uschar * ftest_localpart = NULL;
+const uschar * ftest_prefix = NULL;
+const uschar * ftest_suffix = NULL;
+uschar * log_oneline = NULL;
+const uschar * malware_test_file = NULL;
+const uschar * real_sender_address;
+uschar * originator_home = US"/";
size_t sz;
struct passwd *pw;
for (i = 1; i < argc; i++)
{
BOOL badarg = FALSE;
- uschar * arg = argv[i];
- uschar * argrest;
+ const uschar * arg = argv[i];
+ const uschar * argrest;
uschar switchchar;
/* An argument not starting with '-' is the start of a recipients list;
case 'I':
if (Ustrlen(argrest) >= 1 && *argrest == ':')
{
- uschar *p = argrest+1;
+ const uschar * p = argrest+1;
info_flag = CMDINFO_HELP;
if (Ustrlen(p))
if (strcmpic(p, CUS"sieve") == 0)
#else
{
int ptr = 0;
- macro_item *m;
+ macro_item * m;
uschar name[24];
- uschar *s = argrest;
+ const uschar * s = argrest;
opt_D_used = TRUE;
while (isspace(*s)) s++;
if (i+1 < argc) argrest = argv[++i]; else { badarg = TRUE; break; }
(void) exim_str_fail_toolong(argrest, EXIM_DISPLAYMAIL_MAX, "-f");
if (!*argrest)
- *(sender_address = store_get(1, GET_UNTAINTED)) = '\0'; /* Ensure writeable memory */
+ {
+ uschar * s = store_get(1, GET_UNTAINTED); /* Ensure writeable memory */
+ *s = '\0';
+ sender_address = s;
+ }
else
{
- uschar * temp = argrest + Ustrlen(argrest) - 1;
+ const uschar * temp = argrest + Ustrlen(argrest) - 1;
while (temp >= argrest && isspace(*temp)) temp--;
if (temp >= argrest && *temp == '.') f_end_dot = TRUE;
allow_domain_literals = TRUE;
{
msg_action = MSG_SETQUEUE;
queue_name_dest = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-MG"),
+ exim_str_fail_toolong(next_argv(argv, &i, argc, arg),
+ EXIM_DRIVERNAME_MAX, "-MG"),
GET_TAINTED);
}
else if (Ustrcmp(argrest, "mad") == 0) msg_action = MSG_MARK_ALL_DELIVERED;
/* -oB: Set a connection message max value for remote deliveries */
case 'B':
{
- uschar * p = argrest;
+ const uschar * p = argrest;
if (!*p)
if (i+1 < argc && isdigit((argv[i+1][0])))
p = argv[++i];
if (Ustrcmp(argrest, "a") == 0)
sender_host_address = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMa"),
- GET_TAINTED);
+ exim_str_fail_toolong(next_argv(argv, &i, argc, arg),
+ EXIM_IPADDR_MAX, "-oMa"), GET_TAINTED);
/* -oMaa: Set authenticator name */
else if (Ustrcmp(argrest, "aa") == 0)
sender_host_authenticated = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMaa"),
- GET_TAINTED);
+ exim_str_fail_toolong(next_argv(argv, &i, argc, arg),
+ EXIM_DRIVERNAME_MAX, "-oMaa"), GET_TAINTED);
/* -oMas: setting authenticated sender */
else if (Ustrcmp(argrest, "as") == 0)
authenticated_sender = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"),
- GET_TAINTED);
+ exim_str_fail_toolong(next_argv(argv, &i, argc, arg),
+ EXIM_EMAILADDR_MAX, "-oMas"), GET_TAINTED);
/* -oMai: setting authenticated id */
else if (Ustrcmp(argrest, "ai") == 0)
authenticated_id = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMai"),
- GET_TAINTED);
+ exim_str_fail_toolong(next_argv(argv, &i, argc, arg),
+ EXIM_EMAILADDR_MAX, "-oMai"), GET_TAINTED);
/* -oMi: Set incoming interface address */
else if (Ustrcmp(argrest, "i") == 0)
interface_address = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMi"),
- GET_TAINTED);
+ exim_str_fail_toolong(next_argv(argv, &i, argc, arg),
+ EXIM_IPADDR_MAX, "-oMi"), GET_TAINTED);
/* -oMm: Message reference */
exim_fail("-oMm must be a valid message ID\n");
if (!f.trusted_config)
exim_fail("-oMm must be called by a trusted user/config\n");
- message_reference = argv[++i];
+ message_reference = next_argv(argv, &i, argc, arg);
}
/* -oMr: Received protocol */
if (received_protocol)
exim_fail("received_protocol is set already\n");
else
- received_protocol = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMr"),
- GET_TAINTED);
+ if (++i >= argc) badarg = TRUE;
+ else
+ received_protocol = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-oMr"),
+ GET_TAINTED);
/* -oMs: Set sender host name */
else if (Ustrcmp(argrest, "s") == 0)
- sender_host_name = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-oMs"),
- GET_TAINTED);
+ if (++i >= argc) badarg = TRUE;
+ else
+ sender_host_name = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_HOSTNAME_MAX, "-oMs"),
+ GET_TAINTED);
/* -oMt: Set sender ident */
else if (Ustrcmp(argrest, "t") == 0)
- {
- sender_ident_set = TRUE;
- sender_ident = string_copy_taint(
- exim_str_fail_toolong(argv[++i], EXIM_IDENTUSER_MAX, "-oMt"),
- GET_TAINTED);
- }
+ if (++i >= argc) badarg = TRUE;
+ else
+ {
+ sender_ident_set = TRUE;
+ sender_ident = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_IDENTUSER_MAX, "-oMt"),
+ GET_TAINTED);
+ }
/* Else a bad argument */
exim_fail("exim: only uid=%d or uid=%d can use -oP and -oPX "
"(uid=%d euid=%d | %d)\n",
root_uid, exim_uid, getuid(), geteuid(), real_uid);
- if (!*argrest) override_pid_file_path = argv[++i];
+ if (!*argrest)
+ if (++i < argc) override_pid_file_path = argv[i];
+ else badarg = TRUE;
else if (Ustrcmp(argrest, "X") == 0) delete_pid_file();
else badarg = TRUE;
break;
/* Limits: Is there a real limit we want here? 1024 is very arbitrary. */
case 'X':
- if (*argrest) badarg = TRUE;
+ if (*argrest || ++i >= argc) badarg = TRUE;
else override_local_interfaces = string_copy_taint(
- exim_str_fail_toolong(argv[++i], 1024, "-oX"),
- GET_TAINTED);
+ exim_str_fail_toolong(argv[i], 1024, "-oX"), GET_TAINTED);
break;
/* -oY: Override creation of daemon notifier socket */
which sets the host protocol and host name */
if (!*argrest)
- if (i+1 < argc) argrest = argv[++i]; else { badarg = TRUE; break; }
+ argrest = next_argv(argv, &i, argc, arg);
if (*argrest)
{
else
{
- int intvl = readconf_readtime(*argrest ? argrest : argv[++i], 0, FALSE);
- if (intvl <= 0)
+ int intvl;
+ const uschar * s;
+
+ if (*argrest) s = argrest;
+ else if (++i < argc) { badarg = TRUE; break; }
+ else s = argv[i];
+
+ if ((intvl = readconf_readtime(s, 0, FALSE)) <= 0)
exim_fail("exim: bad time value %s: abandoned\n", argv[i]);
for (qrunner * qq = qrunners; qq; qq = qq->next)
tested. Otherwise variability of clock ticks etc. cause problems. */
case 'T':
- if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0)
- fudged_queue_times = string_copy_taint(argv[++i], GET_TAINTED);
+ if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0 && ++i < argc)
+ fudged_queue_times = string_copy_taint(argv[i], GET_TAINTED);
else badarg = TRUE;
break;
if (bi_command && *bi_command)
{
int i = 0;
- uschar *argv[3];
+ const uschar * argv[3];
argv[i++] = bi_command; /* nonexpanded option so assume untainted */
if (alias_arg) argv[i++] = alias_arg;
argv[i++] = NULL;
|| queue_name_dest && prod_requires_admin
|| debugset && !f.running_in_test_harness
)
- exim_fail("exim:%s permission denied\n", debugset ? " debugging" : "");
+ exim_fail("exim:%s permission denied; not admin\n",
+ debugset ? " debugging" : "");
}
/* If the real user is not root or the exim uid, the argument for passing
) )
&& !f.running_in_test_harness
)
- exim_fail("exim: Permission denied\n");
+ exim_fail("exim: Permission denied; not exim user or root\n");
/* If the caller is not trusted, certain arguments are ignored when running for
real, but are permitted when checking things (-be, -bv, -bt, -bh, -bf, -bF).
exim_fail("exim: missing recipient for quota check\n");
else
{
- verify_quota(argv[recipients_arg]);
+ verify_quota(US argv[recipients_arg]); /*XXX we lose track of const here */
exim_exit(EXIT_SUCCESS);
}
"**** This is not for real!\n\n",
sender_host_address);
+ connection_id = getpid();
memset(sender_host_cache, 0, sizeof(sender_host_cache));
if (verify_check_host(&hosts_connection_nolog) == OK)
{
(usually "connection refused: <reason>") and writing another one is
unnecessary clutter. */
+connection_id = getpid();
if (smtp_input)
{
smtp_in = stdin;
{
int rcount = 0;
int count = argc - recipients_arg;
- uschar **list = argv + recipients_arg;
+ const uschar ** list = argv + recipients_arg;
/* These options cannot be changed dynamically for non-SMTP messages */
int start, end, domain;
uschar * errmess;
/* There can be multiple addresses, so EXIM_DISPLAYMAIL_MAX (tuned for 1) is too short.
- * We'll still want to cap it to something, just in case. */
+ We'll still want to cap it to something, just in case. */
uschar * s = string_copy_taint(
exim_str_fail_toolong(list[i], BIG_BUFFER_SIZE, "address argument"),
GET_TAINTED);
deliver_localpart_data = deliver_domain_data =
recipient_data = sender_data = NULL;
acl_var_m = NULL;
+ lookup_value = NULL; /* Can be set by ACL */
store_reset(reset_point);
}