(standard crypt does 25 rounds). It then crypts the next 8 characters,
or an empty block if the password is less than 9 characters, using a
20-round version of crypt and the same salt as was used for the first
-block. Charaters after the first 16 are ignored. It always generates
+block. Characters after the first 16 are ignored. It always generates
a 16-byte hash, which is expressed together with the salt as a string
of 24 base 64 digits. Here are some links to peruse:
static uschar *op_table_main[] = {
US"address",
US"addresses",
+ US"base32",
+ US"base32d",
US"base62",
US"base62d",
US"base64",
US"base64d",
US"domain",
US"escape",
+ US"escape8bit",
US"eval",
US"eval10",
US"expand",
US"s",
US"sha1",
US"sha256",
+ US"sha3",
US"stat",
US"str2b64",
US"strlen",
enum {
EOP_ADDRESS = nelem(op_table_underscore),
EOP_ADDRESSES,
+ EOP_BASE32,
+ EOP_BASE32D,
EOP_BASE62,
EOP_BASE62D,
EOP_BASE64,
EOP_BASE64D,
EOP_DOMAIN,
EOP_ESCAPE,
+ EOP_ESCAPE8BIT,
EOP_EVAL,
EOP_EVAL10,
EOP_EXPAND,
EOP_S,
EOP_SHA1,
EOP_SHA256,
+ EOP_SHA3,
EOP_STAT,
EOP_STR2B64,
EOP_STRLEN,
{ "dcc_header", vtype_stringptr, &dcc_header },
{ "dcc_result", vtype_stringptr, &dcc_result },
#endif
-#ifdef WITH_OLD_DEMIME
- { "demime_errorlevel", vtype_int, &demime_errorlevel },
- { "demime_reason", vtype_stringptr, &demime_reason },
-#endif
#ifndef DISABLE_DKIM
{ "dkim_algo", vtype_dkim, (void *)DKIM_ALGO },
{ "dkim_bodylength", vtype_dkim, (void *)DKIM_BODYLENGTH },
{ "exim_path", vtype_stringptr, &exim_path },
{ "exim_uid", vtype_uid, &exim_uid },
{ "exim_version", vtype_stringptr, &version_string },
-#ifdef WITH_OLD_DEMIME
- { "found_extension", vtype_stringptr, &found_extension },
-#endif
{ "headers_added", vtype_string_func, &fn_hdrs_added },
{ "home", vtype_stringptr, &deliver_home },
{ "host", vtype_stringptr, &deliver_host },
{ "prvscheck_result", vtype_stringptr, &prvscheck_result },
{ "qualify_domain", vtype_stringptr, &qualify_domain_sender },
{ "qualify_recipient", vtype_stringptr, &qualify_domain_recipient },
+ { "queue_name", vtype_stringptr, &queue_name },
{ "rcpt_count", vtype_int, &rcpt_count },
{ "rcpt_defer_count", vtype_int, &rcpt_defer_count },
{ "rcpt_fail_count", vtype_int, &rcpt_fail_count },
}
+
+static uschar * base32_chars = US"abcdefghijklmnopqrstuvwxyz234567";
+
/*************************************************
* Binary chop search on a table *
*************************************************/
size += ilen + comma + 1; /* +1 for the newline */
- /* Second pass - concatentate the data, up to a maximum. Note that
+ /* Second pass - concatenate the data, up to a maximum. Note that
the loop stops when size hits the limit. */
if (i != 0)
uschar * s = store_get(size);
for (i = 0; i < recipients_count; i++)
{
- if (i != 0) s = string_cat(s, &size, &ptr, US", ", 2);
- s = string_cat(s, &size, &ptr, recipients_list[i].address,
- Ustrlen(recipients_list[i].address));
+ if (i != 0) s = string_catn(s, &size, &ptr, US", ", 2);
+ s = string_cat(s, &size, &ptr, recipients_list[i].address);
}
s[ptr] = 0; /* string_cat() leaves room */
return s;
{
if (*s != '{')
{
- if (i < m) return 1;
+ if (i < m)
+ {
+ expand_string_message = string_sprintf("Not enough arguments for '%s' "
+ "(min is %d)", name, m);
+ return 1;
+ }
sub[i] = NULL;
break;
}
- sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok);
- if (sub[i] == NULL) return 3;
+ if (!(sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, resetok)))
+ return 3;
if (*s++ != '}') return 1;
while (isspace(*s)) s++;
}
{
if (s[-1] == '{')
{
- expand_string_message = string_sprintf("Too many arguments for \"%s\" "
+ expand_string_message = string_sprintf("Too many arguments for '%s' "
"(max is %d)", name, n);
return 2;
}
+ expand_string_message = string_sprintf("missing '}' after '%s'", name);
return 1;
}
lookup_value = NULL;
if (user_msg)
{
- lookup_value = string_cat(NULL, &size, &ptr, user_msg, Ustrlen(user_msg));
+ lookup_value = string_cat(NULL, &size, &ptr, user_msg);
lookup_value[ptr] = '\0';
}
*yield = cond == testfor;
checking for them individually. */
if (!isalpha(name[0]) && yield != NULL)
- {
if (sub[i][0] == 0)
{
num[i] = 0;
num[i] = expanded_string_integer(sub[i], FALSE);
if (expand_string_message != NULL) return NULL;
}
- }
}
/* Result not required */
uschar digest[16];
md5_start(&base);
- md5_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
+ md5_end(&base, sub[0], Ustrlen(sub[0]), digest);
/* If the length that we are comparing against is 24, the MD5 digest
is expressed as a base64 string. This is the way LDAP does it. However,
if (sublen == 24)
{
- uschar *coded = b64encode((uschar *)digest, 16);
+ uschar *coded = b64encode(digest, 16);
DEBUG(D_auth) debug_printf("crypteq: using MD5+B64 hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+5);
tempcond = (Ustrcmp(coded, sub[1]+5) == 0);
else if (strncmpic(sub[1], US"{sha1}", 6) == 0)
{
int sublen = Ustrlen(sub[1]+6);
- sha1 base;
+ hctx h;
uschar digest[20];
- sha1_start(&base);
- sha1_end(&base, (uschar *)sub[0], Ustrlen(sub[0]), digest);
+ sha1_start(&h);
+ sha1_end(&h, sub[0], Ustrlen(sub[0]), digest);
/* If the length that we are comparing against is 28, assume the SHA1
digest is expressed as a base64 string. If the length is 40, assume a
if (sublen == 28)
{
- uschar *coded = b64encode((uschar *)digest, 20);
+ uschar *coded = b64encode(digest, 20);
DEBUG(D_auth) debug_printf("crypteq: using SHA1+B64 hashing\n"
" subject=%s\n crypted=%s\n", coded, sub[1]+6);
tempcond = (Ustrcmp(coded, sub[1]+6) == 0);
"value \"%s\"", t);
return NULL;
}
+ DEBUG(D_expand) debug_printf("%s: condition evaluated to %s\n", ourname,
+ boolvalue? "true":"false");
if (yield != NULL) *yield = (boolvalue == testfor);
return s;
}
int rc = 0;
const uschar *s = *sptr; /* Local value */
uschar *sub1, *sub2;
+const uschar * errwhere;
/* If there are no following strings, we substitute the contents of $value for
lookups and for extractions in the success case. For the ${if item, the string
while (isspace(*s)) s++;
if (*s == '}')
{
- if (type[0] == 'i')
- {
- if (yes) *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, US"true", 4);
- }
- else
- {
- if (yes && lookup_value)
- *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value,
- Ustrlen(lookup_value));
- lookup_value = save_lookup;
- }
+ if (!skipping)
+ if (type[0] == 'i')
+ {
+ if (yes) *yieldptr = string_catn(*yieldptr, sizeptr, ptrptr, US"true", 4);
+ }
+ else
+ {
+ if (yes && lookup_value)
+ *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, lookup_value);
+ lookup_value = save_lookup;
+ }
s++;
goto RETURN;
}
/* The first following string must be braced. */
-if (*s++ != '{') goto FAILED_CURLY;
+if (*s++ != '{')
+ {
+ errwhere = US"'yes' part did not start with '{'";
+ goto FAILED_CURLY;
+ }
/* Expand the first substring. Forced failures are noticed only if we actually
want this string. Set skipping in the call in the fail case (this will always
sub1 = expand_string_internal(s, TRUE, &s, !yes, TRUE, resetok);
if (sub1 == NULL && (yes || !expand_string_forcedfail)) goto FAILED;
expand_string_forcedfail = FALSE;
-if (*s++ != '}') goto FAILED_CURLY;
+if (*s++ != '}')
+ {
+ errwhere = US"'yes' part did not end with '}'";
+ goto FAILED_CURLY;
+ }
/* If we want the first string, add it to the output */
if (yes)
- *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1, Ustrlen(sub1));
+ *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub1);
/* If this is called from a lookup/env or a (cert)extract, we want to restore
$value to what it was at the start of the item, so that it has this value
sub2 = expand_string_internal(s+1, TRUE, &s, yes || skipping, TRUE, resetok);
if (sub2 == NULL && (!yes || !expand_string_forcedfail)) goto FAILED;
expand_string_forcedfail = FALSE;
- if (*s++ != '}') goto FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ errwhere = US"'no' part did not start with '{'";
+ goto FAILED_CURLY;
+ }
/* If we want the second string, add it to the output */
if (!yes)
- *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2, Ustrlen(sub2));
+ *yieldptr = string_cat(*yieldptr, sizeptr, ptrptr, sub2);
}
/* If there is no second string, but the word "fail" is present when the use of
if (!yes && !skipping)
{
while (isspace(*s)) s++;
- if (*s++ != '}') goto FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ errwhere = US"did not close with '}' after forcedfail";
+ goto FAILED_CURLY;
+ }
expand_string_message =
string_sprintf("\"%s\" failed and \"fail\" requested", type);
expand_string_forcedfail = TRUE;
/* All we have to do now is to check on the final closing brace. */
while (isspace(*s)) s++;
-if (*s++ == '}') goto RETURN;
-
-/* Get here if there is a bracketing failure */
-
-FAILED_CURLY:
-rc++;
-
-/* Get here for other failures */
-
-FAILED:
-rc++;
+if (*s++ != '}')
+ {
+ errwhere = US"did not close with '}'";
+ goto FAILED_CURLY;
+ }
-/* Update the input pointer value before returning */
RETURN:
+/* Update the input pointer value before returning */
*sptr = s;
return rc;
+
+FAILED_CURLY:
+ /* Get here if there is a bracketing failure */
+ expand_string_message = string_sprintf(
+ "curly-bracket problem in conditional yes/no parsing: %s\n"
+ " remaining string is '%s'", errwhere, --s);
+ rc = 2;
+ goto RETURN;
+
+FAILED:
+ /* Get here for other failures */
+ rc = 1;
+ goto RETURN;
}
if (type == HMAC_MD5)
md5_start((md5 *)base);
else
- sha1_start((sha1 *)base);
+ sha1_start((hctx *)base);
}
static void
if (type == HMAC_MD5)
md5_mid((md5 *)base, string);
else
- sha1_mid((sha1 *)base, string);
+ sha1_mid((hctx *)base, string);
}
static void
if (type == HMAC_MD5)
md5_end((md5 *)base, string, length, digest);
else
- sha1_end((sha1 *)base, string, length, digest);
+ sha1_end((hctx *)base, string, length, digest);
}
{
uschar *hash_source, *p;
int size = 0,offset = 0,i;
-sha1 sha1_base;
-void *use_base = &sha1_base;
+hctx h;
uschar innerhash[20];
uschar finalhash[20];
uschar innerkey[64];
if (Ustrlen(key) > 64)
return NULL;
-hash_source = string_cat(NULL,&size,&offset,key_num,1);
-hash_source = string_cat(hash_source,&size,&offset,daystamp,3);
-hash_source = string_cat(hash_source,&size,&offset,address,Ustrlen(address));
+hash_source = string_catn(NULL, &size, &offset, key_num, 1);
+hash_source = string_catn(hash_source, &size, &offset, daystamp, 3);
+hash_source = string_cat(hash_source, &size, &offset, address);
hash_source[offset] = '\0';
DEBUG(D_expand) debug_printf("prvs: hash source is '%s'\n", hash_source);
outerkey[i] ^= key[i];
}
-chash_start(HMAC_SHA1, use_base);
-chash_mid(HMAC_SHA1, use_base, innerkey);
-chash_end(HMAC_SHA1, use_base, hash_source, offset, innerhash);
+chash_start(HMAC_SHA1, &h);
+chash_mid(HMAC_SHA1, &h, innerkey);
+chash_end(HMAC_SHA1, &h, hash_source, offset, innerhash);
-chash_start(HMAC_SHA1, use_base);
-chash_mid(HMAC_SHA1, use_base, outerkey);
-chash_end(HMAC_SHA1, use_base, innerhash, 20, finalhash);
+chash_start(HMAC_SHA1, &h);
+chash_mid(HMAC_SHA1, &h, outerkey);
+chash_end(HMAC_SHA1, &h, innerhash, 20, finalhash);
p = finalhash_hex;
for (i = 0; i < 3; i++)
static uschar *
cat_file(FILE *f, uschar *yield, int *sizep, int *ptrp, uschar *eol)
{
-int eollen = eol ? Ustrlen(eol) : 0;
uschar buffer[1024];
while (Ufgets(buffer, sizeof(buffer), f))
{
int len = Ustrlen(buffer);
if (eol && buffer[len-1] == '\n') len--;
- yield = string_cat(yield, sizep, ptrp, buffer, len);
- if (buffer[len] != 0)
- yield = string_cat(yield, sizep, ptrp, eol, eollen);
+ yield = string_catn(yield, sizep, ptrp, buffer, len);
+ if (eol && buffer[len])
+ yield = string_cat(yield, sizep, ptrp, eol);
}
if (yield) yield[*ptrp] = 0;
/* SIGFPE both on div/mod by zero and on INT_MIN / -1, which would give
* a value of INT_MAX+1. Note that INT_MIN * -1 gives INT_MIN for me, which
* is a bug somewhere in [gcc 4.2.1, FreeBSD, amd64]. In fact, -N*-M where
- * -N*M is INT_MIN will yielf INT_MIN.
+ * -N*M is INT_MIN will yield INT_MIN.
* Since we don't support floating point, this is somewhat simpler.
* Ideally, we'd return an error, but since we overflow for all other
* arithmetic, consistency suggests otherwise, but what's the correct value
We use an internal routine recursively to handle embedded substrings. The
external function follows. The yield is NULL if the expansion failed, and there
are two cases: if something collapsed syntactically, or if "fail" was given
-as the action on a lookup failure. These can be distinguised by looking at the
+as the action on a lookup failure. These can be distinguished by looking at the
variable expand_string_forcedfail, which is TRUE in the latter case.
The skipping flag is set true when expanding a substring that isn't actually
{
int ptr = 0;
int size = Ustrlen(string)+ 64;
-int item_type;
uschar *yield = store_get(size);
+int item_type;
const uschar *s = string;
uschar *save_expand_nstring[EXPAND_MAXN+1];
int save_expand_nlength[EXPAND_MAXN+1];
BOOL resetok = TRUE;
+DEBUG(D_expand)
+ debug_printf("%s: %s\n", skipping ? " scanning" : "considering", string);
+
expand_string_forcedfail = FALSE;
expand_string_message = US"";
{
const uschar * t = s + 2;
for (s = t; *s != 0; s++) if (*s == '\\' && s[1] == 'N') break;
- yield = string_cat(yield, &size, &ptr, t, s - t);
+ yield = string_catn(yield, &size, &ptr, t, s - t);
if (*s != 0) s += 2;
}
uschar ch[1];
ch[0] = string_interpret_escape(&s);
s++;
- yield = string_cat(yield, &size, &ptr, ch, 1);
+ yield = string_catn(yield, &size, &ptr, ch, 1);
}
continue;
if (*s != '$' || !honour_dollar)
{
- yield = string_cat(yield, &size, &ptr, s++, 1);
+ yield = string_catn(yield, &size, &ptr, s++, 1);
continue;
}
size = newsize;
ptr = len;
}
- else yield = string_cat(yield, &size, &ptr, value, len);
+ else yield = string_catn(yield, &size, &ptr, value, len);
continue;
}
int n;
s = read_cnumber(&n, s);
if (n >= 0 && n <= expand_nmax)
- yield = string_cat(yield, &size, &ptr, expand_nstring[n],
+ yield = string_catn(yield, &size, &ptr, expand_nstring[n],
expand_nlength[n]);
continue;
}
goto EXPAND_FAILED;
}
if (n >= 0 && n <= expand_nmax)
- yield = string_cat(yield, &size, &ptr, expand_nstring[n],
+ yield = string_catn(yield, &size, &ptr, expand_nstring[n],
expand_nlength[n]);
continue;
}
DEBUG(D_expand)
debug_printf("acl expansion yield: %s\n", user_msg);
if (user_msg)
- yield = string_cat(yield, &size, &ptr, user_msg, Ustrlen(user_msg));
+ yield = string_cat(yield, &size, &ptr, user_msg);
continue;
case DEFER:
save_expand_strings(save_expand_nstring, save_expand_nlength);
while (isspace(*s)) s++;
- next_s = eval_condition(s, &resetok, skipping? NULL : &cond);
+ next_s = eval_condition(s, &resetok, skipping ? NULL : &cond);
if (next_s == NULL) goto EXPAND_FAILED; /* message already set */
DEBUG(D_expand)
- debug_printf("condition: %.*s\n result: %s\n", (int)(next_s - s), s,
- cond? "true" : "false");
+ debug_printf(" condition: %.*s\n result: %s\n",
+ (int)(next_s - s), s,
+ cond ? "true" : "false");
s = next_s;
goto EXPAND_FAILED;
}
- if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset,
- sub_arg[1][0], sub_arg[2], &expand_string_message)))
- goto EXPAND_FAILED;
if (!skipping)
- yield = string_cat(yield, &size, &ptr, encoded, Ustrlen(encoded));
+ {
+ if (!(encoded = imap_utf7_encode(sub_arg[0], headers_charset,
+ sub_arg[1][0], sub_arg[2], &expand_string_message)))
+ goto EXPAND_FAILED;
+ yield = string_cat(yield, &size, &ptr, encoded);
+ }
continue;
}
#endif
if (*s == '{') /*}*/
{
key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
- if (key == NULL) goto EXPAND_FAILED; /*{*/
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (!key) goto EXPAND_FAILED; /*{{*/
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' after lookup key";
+ goto EXPAND_FAILED_CURLY;
+ }
while (isspace(*s)) s++;
}
else key = NULL;
queries that also require a file name (e.g. sqlite), the file name comes
first. */
- if (*s != '{') goto EXPAND_FAILED_CURLY;
+ if (*s != '{')
+ {
+ expand_string_message = US"missing '{' for lookup file-or-query arg";
+ goto EXPAND_FAILED_CURLY;
+ }
filename = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
if (filename == NULL) goto EXPAND_FAILED;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing lookup file-or-query arg";
+ goto EXPAND_FAILED_CURLY;
+ }
while (isspace(*s)) s++;
/* If this isn't a single-key+file lookup, re-arrange the variables
there is just a "key", and no file name. For the special query-style +
file types, the query (i.e. "key") starts with a file name. */
- if (key == NULL)
+ if (!key)
{
while (isspace(*filename)) filename++;
key = filename;
if (mac_islookup(stype, lookup_querystyle))
- {
filename = NULL;
- }
else
{
if (*filename != '/')
/* Now separate the domain from the local part */
*domain++ = '\0';
- yield = string_cat(yield,&size,&ptr,US"prvs=",5);
- string_cat(yield,&size,&ptr,(sub_arg[2] != NULL) ? sub_arg[2] : US"0", 1);
- string_cat(yield,&size,&ptr,prvs_daystamp(7),3);
- string_cat(yield,&size,&ptr,p,6);
- string_cat(yield,&size,&ptr,US"=",1);
- string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
- string_cat(yield,&size,&ptr,US"@",1);
- string_cat(yield,&size,&ptr,domain,Ustrlen(domain));
+ yield = string_catn(yield, &size, &ptr, US"prvs=", 5);
+ yield = string_catn(yield, &size, &ptr, sub_arg[2] ? sub_arg[2] : US"0", 1);
+ yield = string_catn(yield, &size, &ptr, prvs_daystamp(7), 3);
+ yield = string_catn(yield, &size, &ptr, p, 6);
+ yield = string_catn(yield, &size, &ptr, US"=", 1);
+ yield = string_cat (yield, &size, &ptr, sub_arg[0]);
+ yield = string_catn(yield, &size, &ptr, US"@", 1);
+ yield = string_cat (yield, &size, &ptr, domain);
continue;
}
DEBUG(D_expand) debug_printf("prvscheck domain: %s\n", domain);
/* Set up expansion variables */
- prvscheck_address = string_cat(NULL, &mysize, &myptr, local_part, Ustrlen(local_part));
- string_cat(prvscheck_address,&mysize,&myptr,US"@",1);
- string_cat(prvscheck_address,&mysize,&myptr,domain,Ustrlen(domain));
+ prvscheck_address = string_cat (NULL, &mysize, &myptr, local_part);
+ prvscheck_address = string_catn(prvscheck_address, &mysize, &myptr, US"@", 1);
+ prvscheck_address = string_cat (prvscheck_address, &mysize, &myptr, domain);
prvscheck_address[myptr] = '\0';
prvscheck_keynum = string_copy(key_num);
case 3: goto EXPAND_FAILED;
}
- if (sub_arg[0] == NULL || *sub_arg[0] == '\0')
- yield = string_cat(yield,&size,&ptr,prvscheck_address,Ustrlen(prvscheck_address));
- else
- yield = string_cat(yield,&size,&ptr,sub_arg[0],Ustrlen(sub_arg[0]));
+ yield = string_cat(yield, &size, &ptr,
+ !sub_arg[0] || !*sub_arg[0] ? prvscheck_address : sub_arg[0]);
/* Reset the "internal" variables afterwards, because they are in
dynamic store that will be reclaimed if the expansion succeeded. */
prvscheck_keynum = NULL;
}
else
- {
/* Does not look like a prvs encoded address, return the empty string.
We need to make sure all subs are expanded first, so as to skip over
the entire item. */
case 2:
case 3: goto EXPAND_FAILED;
}
- }
continue;
}
{
if (expand_string_internal(s+1, TRUE, &s, TRUE, TRUE, &resetok) == NULL)
goto EXPAND_FAILED;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing failstring for readsocket";
+ goto EXPAND_FAILED_CURLY;
+ }
while (isspace(*s)) s++;
}
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+
+ readsock_done:
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing readsocket";
+ goto EXPAND_FAILED_CURLY;
+ }
continue;
/* Come here on failure to create socket, connect socket, write to the
SOCK_FAIL:
if (*s != '{') goto EXPAND_FAILED;
DEBUG(D_any) debug_printf("%s\n", expand_string_message);
- arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok);
- if (arg == NULL) goto EXPAND_FAILED;
- yield = string_cat(yield, &size, &ptr, arg, Ustrlen(arg));
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (!(arg = expand_string_internal(s+1, TRUE, &s, FALSE, TRUE, &resetok)))
+ goto EXPAND_FAILED;
+ yield = string_cat(yield, &size, &ptr, arg);
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing failstring for readsocket";
+ goto EXPAND_FAILED_CURLY;
+ }
while (isspace(*s)) s++;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
- continue;
+ goto readsock_done;
}
/* Handle "run" to execute a program. */
}
while (isspace(*s)) s++;
- if (*s != '{') goto EXPAND_FAILED_CURLY;
+ if (*s != '{')
+ {
+ expand_string_message = US"missing '{' for command arg of run";
+ goto EXPAND_FAILED_CURLY;
+ }
arg = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
if (arg == NULL) goto EXPAND_FAILED;
while (isspace(*s)) s++;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing command arg of run";
+ goto EXPAND_FAILED_CURLY;
+ }
if (skipping) /* Just pretend it worked when we're skipping */
- {
+ {
runrc = 0;
- }
+ lookup_value = NULL;
+ }
else
{
if (!transport_set_up_command(&argv, /* anchor for arg list */
return code for serious disasters. Simple non-zero returns are passed on.
*/
- if (sigalrm_seen == TRUE || (runrc = child_close(pid, 30)) < 0)
+ if (sigalrm_seen || (runrc = child_close(pid, 30)) < 0)
{
- if (sigalrm_seen == TRUE || runrc == -256)
+ if (sigalrm_seen || runrc == -256)
{
expand_string_message = string_sprintf("command timed out");
killpg(pid, SIGKILL); /* Kill the whole process group */
case 3: goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, sub[0], Ustrlen(sub[0]));
+ yield = string_cat(yield, &size, &ptr, sub[0]);
o2m = Ustrlen(sub[2]) - 1;
if (o2m >= 0) for (; oldptr < ptr; oldptr++)
extract_substr(sub[2], val[0], val[1], &len);
if (ret == NULL) goto EXPAND_FAILED;
- yield = string_cat(yield, &size, &ptr, ret, len);
+ yield = string_catn(yield, &size, &ptr, ret, len);
continue;
}
{
uschar *sub[3];
md5 md5_base;
- sha1 sha1_base;
+ hctx sha1_ctx;
void *use_base;
int type, i;
int hashlen; /* Number of octets for the hash algorithm's output */
case 3: goto EXPAND_FAILED;
}
- if (Ustrcmp(sub[0], "md5") == 0)
- {
- type = HMAC_MD5;
- use_base = &md5_base;
- hashlen = 16;
- hashblocklen = 64;
- }
- else if (Ustrcmp(sub[0], "sha1") == 0)
- {
- type = HMAC_SHA1;
- use_base = &sha1_base;
- hashlen = 20;
- hashblocklen = 64;
- }
- else
- {
- expand_string_message =
- string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
- goto EXPAND_FAILED;
- }
+ if (!skipping)
+ {
+ if (Ustrcmp(sub[0], "md5") == 0)
+ {
+ type = HMAC_MD5;
+ use_base = &md5_base;
+ hashlen = 16;
+ hashblocklen = 64;
+ }
+ else if (Ustrcmp(sub[0], "sha1") == 0)
+ {
+ type = HMAC_SHA1;
+ use_base = &sha1_ctx;
+ hashlen = 20;
+ hashblocklen = 64;
+ }
+ else
+ {
+ expand_string_message =
+ string_sprintf("hmac algorithm \"%s\" is not recognised", sub[0]);
+ goto EXPAND_FAILED;
+ }
- keyptr = sub[1];
- keylen = Ustrlen(keyptr);
+ keyptr = sub[1];
+ keylen = Ustrlen(keyptr);
- /* If the key is longer than the hash block length, then hash the key
- first */
+ /* If the key is longer than the hash block length, then hash the key
+ first */
- if (keylen > hashblocklen)
- {
- chash_start(type, use_base);
- chash_end(type, use_base, keyptr, keylen, keyhash);
- keyptr = keyhash;
- keylen = hashlen;
- }
+ if (keylen > hashblocklen)
+ {
+ chash_start(type, use_base);
+ chash_end(type, use_base, keyptr, keylen, keyhash);
+ keyptr = keyhash;
+ keylen = hashlen;
+ }
- /* Now make the inner and outer key values */
+ /* Now make the inner and outer key values */
- memset(innerkey, 0x36, hashblocklen);
- memset(outerkey, 0x5c, hashblocklen);
+ memset(innerkey, 0x36, hashblocklen);
+ memset(outerkey, 0x5c, hashblocklen);
- for (i = 0; i < keylen; i++)
- {
- innerkey[i] ^= keyptr[i];
- outerkey[i] ^= keyptr[i];
- }
+ for (i = 0; i < keylen; i++)
+ {
+ innerkey[i] ^= keyptr[i];
+ outerkey[i] ^= keyptr[i];
+ }
- /* Now do the hashes */
+ /* Now do the hashes */
- chash_start(type, use_base);
- chash_mid(type, use_base, innerkey);
- chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
+ chash_start(type, use_base);
+ chash_mid(type, use_base, innerkey);
+ chash_end(type, use_base, sub[2], Ustrlen(sub[2]), innerhash);
- chash_start(type, use_base);
- chash_mid(type, use_base, outerkey);
- chash_end(type, use_base, innerhash, hashlen, finalhash);
+ chash_start(type, use_base);
+ chash_mid(type, use_base, outerkey);
+ chash_end(type, use_base, innerhash, hashlen, finalhash);
- /* Encode the final hash as a hex string */
+ /* Encode the final hash as a hex string */
- p = finalhash_hex;
- for (i = 0; i < hashlen; i++)
- {
- *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
- *p++ = hex_digits[finalhash[i] & 0x0f];
- }
+ p = finalhash_hex;
+ for (i = 0; i < hashlen; i++)
+ {
+ *p++ = hex_digits[(finalhash[i] & 0xf0) >> 4];
+ *p++ = hex_digits[finalhash[i] & 0x0f];
+ }
- DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%.*s)=%.*s\n", sub[0],
- (int)keylen, keyptr, Ustrlen(sub[2]), sub[2], hashlen*2, finalhash_hex);
+ DEBUG(D_any) debug_printf("HMAC[%s](%.*s,%s)=%.*s\n",
+ sub[0], (int)keylen, keyptr, sub[2], hashlen*2, finalhash_hex);
- yield = string_cat(yield, &size, &ptr, finalhash_hex, hashlen*2);
+ yield = string_catn(yield, &size, &ptr, finalhash_hex, hashlen*2);
+ }
+ continue;
}
- continue;
-
/* Handle global substitution for "sg" - like Perl's s/xxx/yyy/g operator.
We have to save the numerical variables and restore them afterwards. */
emptyopt = 0;
continue;
}
- yield = string_cat(yield, &size, &ptr, subject+moffset, slen-moffset);
+ yield = string_catn(yield, &size, &ptr, subject+moffset, slen-moffset);
break;
}
/* Copy the characters before the match, plus the expanded insertion. */
- yield = string_cat(yield, &size, &ptr, subject + moffset,
+ yield = string_catn(yield, &size, &ptr, subject + moffset,
ovector[0] - moffset);
insert = expand_string(sub[2]);
if (insert == NULL) goto EXPAND_FAILED;
- yield = string_cat(yield, &size, &ptr, insert, Ustrlen(insert));
+ yield = string_cat(yield, &size, &ptr, insert);
moffset = ovector[1];
moffsetextra = 0;
case EITEM_EXTRACT:
{
int i;
- int j = 2;
+ int j;
int field_number = 1;
BOOL field_number_set = FALSE;
uschar *save_lookup_value = lookup_value;
/* While skipping we cannot rely on the data for expansions being
available (eg. $item) hence cannot decide on numeric vs. keyed.
- Just read as many arguments as there are. */
+ Read a maximum of 5 arguments (including the yes/no) */
if (skipping)
{
while (isspace(*s)) s++;
- while (*s == '{')
+ for (j = 5; j > 0 && *s == '{'; j--)
{
if (!expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok))
goto EXPAND_FAILED; /*{*/
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '{' for arg of extract";
+ goto EXPAND_FAILED_CURLY;
+ }
+ while (isspace(*s)) s++;
+ }
+ if ( Ustrncmp(s, "fail", 4) == 0
+ && (s[4] == '}' || s[4] == ' ' || s[4] == '\t' || !s[4])
+ )
+ {
+ s += 4;
while (isspace(*s)) s++;
}
if (*s != '}')
+ {
+ expand_string_message = US"missing '}' closing extract";
goto EXPAND_FAILED_CURLY;
+ }
}
- else for (i = 0; i < j; i++) /* Read the proper number of arguments */
+ else for (i = 0, j = 2; i < j; i++) /* Read the proper number of arguments */
{
while (isspace(*s)) s++;
if (*s == '{') /*}*/
{
sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
if (sub[i] == NULL) goto EXPAND_FAILED; /*{*/
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = string_sprintf(
+ "missing '}' closing arg %d of extract", i+1);
+ goto EXPAND_FAILED_CURLY;
+ }
/* After removal of leading and trailing white space, the first
argument must not be empty; if it consists entirely of digits
}
}
}
- else goto EXPAND_FAILED_CURLY;
+ else
+ {
+ expand_string_message = string_sprintf(
+ "missing '{' for arg %d of extract", i+1);
+ goto EXPAND_FAILED_CURLY;
+ }
}
/* Extract either the numbered or the keyed substring into $value. If
{
while (isspace(*s)) s++;
if (*s != '{') /*}*/
+ {
+ expand_string_message = string_sprintf(
+ "missing '{' for arg %d of listextract", i+1);
goto EXPAND_FAILED_CURLY;
+ }
sub[i] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
if (!sub[i]) goto EXPAND_FAILED; /*{*/
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = string_sprintf(
+ "missing '}' closing arg %d of listextract", i+1);
+ goto EXPAND_FAILED_CURLY;
+ }
/* After removal of leading and trailing white space, the first
argument must be numeric and nonempty. */
/* Read the field argument */
while (isspace(*s)) s++;
if (*s != '{') /*}*/
+ {
+ expand_string_message = US"missing '{' for field arg of certextract";
goto EXPAND_FAILED_CURLY;
+ }
sub[0] = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
if (!sub[0]) goto EXPAND_FAILED; /*{*/
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing field arg of certextract";
+ goto EXPAND_FAILED_CURLY;
+ }
/* strip spaces fore & aft */
{
int len;
/* inspect the cert argument */
while (isspace(*s)) s++;
if (*s != '{') /*}*/
+ {
+ expand_string_message = US"missing '{' for cert variable arg of certextract";
goto EXPAND_FAILED_CURLY;
+ }
if (*++s != '$')
{
expand_string_message = US"second argument of \"certextract\" must "
}
sub[1] = expand_string_internal(s+1, TRUE, &s, skipping, FALSE, &resetok);
if (!sub[1]) goto EXPAND_FAILED; /*{*/
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing cert variable arg of certextract";
+ goto EXPAND_FAILED_CURLY;
+ }
if (skipping)
lookup_value = NULL;
uschar *save_lookup_value = lookup_value;
while (isspace(*s)) s++;
- if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '{')
+ {
+ expand_string_message =
+ string_sprintf("missing '{' for first arg of %s", name);
+ goto EXPAND_FAILED_CURLY;
+ }
list = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
if (list == NULL) goto EXPAND_FAILED;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message =
+ string_sprintf("missing '}' closing first arg of %s", name);
+ goto EXPAND_FAILED_CURLY;
+ }
if (item_type == EITEM_REDUCE)
{
uschar * t;
while (isspace(*s)) s++;
- if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '{')
+ {
+ expand_string_message = US"missing '{' for second arg of reduce";
+ goto EXPAND_FAILED_CURLY;
+ }
t = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
if (!t) goto EXPAND_FAILED;
lookup_value = t;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing second arg of reduce";
+ goto EXPAND_FAILED_CURLY;
+ }
}
while (isspace(*s)) s++;
- if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '{')
+ {
+ expand_string_message =
+ string_sprintf("missing '{' for last arg of %s", name);
+ goto EXPAND_FAILED_CURLY;
+ }
expr = s;
separator character, or is an empty string. */
if (ptr != save_ptr && (temp[0] == *outsep || temp[0] == 0))
- yield = string_cat(yield, &size, &ptr, US" ", 1);
+ yield = string_catn(yield, &size, &ptr, US" ", 1);
/* Add the string in "temp" to the output list that we are building,
This is done in chunks by searching for the separator character. */
for (;;)
{
size_t seglen = Ustrcspn(temp, outsep);
- yield = string_cat(yield, &size, &ptr, temp, seglen + 1);
+
+ yield = string_catn(yield, &size, &ptr, temp, seglen + 1);
/* If we got to the end of the string we output one character
too many; backup and end the loop. Otherwise arrange to double the
separator. */
if (temp[seglen] == '\0') { ptr--; break; }
- yield = string_cat(yield, &size, &ptr, outsep, 1);
+ yield = string_catn(yield, &size, &ptr, outsep, 1);
temp += seglen + 1;
}
/* Output a separator after the string: we will remove the redundant
final one at the end. */
- yield = string_cat(yield, &size, &ptr, outsep, 1);
+ yield = string_catn(yield, &size, &ptr, outsep, 1);
} /* End of iteration over the list loop */
/* REDUCE has generated no output above: output the final value of
if (item_type == EITEM_REDUCE)
{
- yield = string_cat(yield, &size, &ptr, lookup_value,
- Ustrlen(lookup_value));
+ yield = string_cat(yield, &size, &ptr, lookup_value);
lookup_value = save_lookup_value; /* Restore $value */
}
uschar *save_iterate_item = iterate_item;
while (isspace(*s)) s++;
- if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '{')
+ {
+ expand_string_message = US"missing '{' for list arg of sort";
+ goto EXPAND_FAILED_CURLY;
+ }
srclist = expand_string_internal(s, TRUE, &s, skipping, TRUE, &resetok);
if (!srclist) goto EXPAND_FAILED;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing list arg of sort";
+ goto EXPAND_FAILED_CURLY;
+ }
while (isspace(*s)) s++;
- if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '{')
+ {
+ expand_string_message = US"missing '{' for comparator arg of sort";
+ goto EXPAND_FAILED_CURLY;
+ }
cmp = expand_string_internal(s, TRUE, &s, skipping, FALSE, &resetok);
if (!cmp) goto EXPAND_FAILED;
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing comparator arg of sort";
+ goto EXPAND_FAILED_CURLY;
+ }
while (isspace(*s)) s++;
- if (*s++ != '{') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '{')
+ {
+ expand_string_message = US"missing '{' for extractor arg of sort";
+ goto EXPAND_FAILED_CURLY;
+ }
xtract = s;
tmp = expand_string_internal(s, TRUE, &s, TRUE, TRUE, &resetok);
if (!tmp) goto EXPAND_FAILED;
xtract = string_copyn(xtract, s - xtract);
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '}' closing extractor arg of sort";
+ goto EXPAND_FAILED_CURLY;
+ }
/*{*/
if (*s++ != '}')
{ /*{*/
}
if (dstlist)
- yield = string_cat(yield, &size, &ptr, dstlist, Ustrlen(dstlist));
+ yield = string_cat(yield, &size, &ptr, dstlist);
/* Restore preserved $item */
iterate_item = save_iterate_item;
if(status == OK)
{
if (result == NULL) result = US"";
- yield = string_cat(yield, &size, &ptr, result, Ustrlen(result));
+ yield = string_cat(yield, &size, &ptr, result);
continue;
}
else
key = expand_string_internal(s+1, TRUE, &s, skipping, TRUE, &resetok);
if (!key) goto EXPAND_FAILED; /*{*/
- if (*s++ != '}') goto EXPAND_FAILED_CURLY;
+ if (*s++ != '}')
+ {
+ expand_string_message = US"missing '{' for name arg of env";
+ goto EXPAND_FAILED_CURLY;
+ }
lookup_value = US getenv(CS key);
sub = expand_string_internal(s+2, TRUE, &s1, skipping,
FALSE, &resetok);
if (!sub) goto EXPAND_FAILED; /*{*/
- if (*s1 != '}') goto EXPAND_FAILED_CURLY;
+ if (*s1 != '}')
+ {
+ expand_string_message =
+ string_sprintf("missing '}' closing cert arg of %s", name);
+ goto EXPAND_FAILED_CURLY;
+ }
if ((vp = find_var_ent(sub)) && vp->type == vtype_cert)
{
s = s1+1;
switch(c)
{
+ case EOP_BASE32:
+ {
+ uschar *t;
+ unsigned long int n = Ustrtoul(sub, &t, 10);
+ uschar * s = NULL;
+ int sz = 0, i = 0;
+
+ if (*t != 0)
+ {
+ expand_string_message = string_sprintf("argument for base32 "
+ "operator is \"%s\", which is not a decimal number", sub);
+ goto EXPAND_FAILED;
+ }
+ for ( ; n; n >>= 5)
+ s = string_catn(s, &sz, &i, &base32_chars[n & 0x1f], 1);
+
+ while (i > 0) yield = string_catn(yield, &size, &ptr, &s[--i], 1);
+ continue;
+ }
+
+ case EOP_BASE32D:
+ {
+ uschar *tt = sub;
+ unsigned long int n = 0;
+ uschar * s;
+ while (*tt)
+ {
+ uschar * t = Ustrchr(base32_chars, *tt++);
+ if (t == NULL)
+ {
+ expand_string_message = string_sprintf("argument for base32d "
+ "operator is \"%s\", which is not a base 32 number", sub);
+ goto EXPAND_FAILED;
+ }
+ n = n * 32 + (t - base32_chars);
+ }
+ s = string_sprintf("%ld", n);
+ yield = string_cat(yield, &size, &ptr, s);
+ continue;
+ }
+
case EOP_BASE62:
{
uschar *t;
goto EXPAND_FAILED;
}
t = string_base62(n);
- yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
+ yield = string_cat(yield, &size, &ptr, t);
continue;
}
n = n * BASE_62 + (t - base62_chars);
}
(void)sprintf(CS buf, "%ld", n);
- yield = string_cat(yield, &size, &ptr, buf, Ustrlen(buf));
+ yield = string_cat(yield, &size, &ptr, buf);
continue;
}
expand_string_message);
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, expanded, Ustrlen(expanded));
+ yield = string_cat(yield, &size, &ptr, expanded);
continue;
}
int count = 0;
uschar *t = sub - 1;
while (*(++t) != 0) { *t = tolower(*t); count++; }
- yield = string_cat(yield, &size, &ptr, sub, count);
+ yield = string_catn(yield, &size, &ptr, sub, count);
continue;
}
int count = 0;
uschar *t = sub - 1;
while (*(++t) != 0) { *t = toupper(*t); count++; }
- yield = string_cat(yield, &size, &ptr, sub, count);
+ yield = string_catn(yield, &size, &ptr, sub, count);
continue;
}
if (vp && *(void **)vp->value)
{
uschar * cp = tls_cert_fprt_md5(*(void **)vp->value);
- yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
+ yield = string_cat(yield, &size, &ptr, cp);
}
else
#endif
md5_start(&base);
md5_end(&base, sub, Ustrlen(sub), digest);
for(j = 0; j < 16; j++) sprintf(st+2*j, "%02x", digest[j]);
- yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
+ yield = string_cat(yield, &size, &ptr, US st);
}
continue;
if (vp && *(void **)vp->value)
{
uschar * cp = tls_cert_fprt_sha1(*(void **)vp->value);
- yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
+ yield = string_cat(yield, &size, &ptr, cp);
}
else
#endif
{
- sha1 base;
+ hctx h;
uschar digest[20];
int j;
char st[41];
- sha1_start(&base);
- sha1_end(&base, sub, Ustrlen(sub), digest);
+ sha1_start(&h);
+ sha1_end(&h, sub, Ustrlen(sub), digest);
for(j = 0; j < 20; j++) sprintf(st+2*j, "%02X", digest[j]);
- yield = string_cat(yield, &size, &ptr, US st, (int)strlen(st));
+ yield = string_catn(yield, &size, &ptr, US st, 40);
}
continue;
case EOP_SHA256:
-#ifdef SUPPORT_TLS
+#ifdef EXIM_HAVE_SHA2
if (vp && *(void **)vp->value)
{
uschar * cp = tls_cert_fprt_sha256(*(void **)vp->value);
- yield = string_cat(yield, &size, &ptr, cp, (int)Ustrlen(cp));
+ yield = string_cat(yield, &size, &ptr, cp);
}
else
+ {
+ hctx h;
+ blob b;
+ char st[3];
+
+ exim_sha_init(&h, HASH_SHA256);
+ exim_sha_update(&h, sub, Ustrlen(sub));
+ exim_sha_finish(&h, &b);
+ while (b.len-- > 0)
+ {
+ sprintf(st, "%02X", *b.data++);
+ yield = string_catn(yield, &size, &ptr, US st, 2);
+ }
+ }
+#else
+ expand_string_message = US"sha256 only supported with TLS";
#endif
- expand_string_message = US"sha256 only supported for certificates";
continue;
+ case EOP_SHA3:
+#ifdef EXIM_HAVE_SHA3
+ {
+ hctx h;
+ blob b;
+ char st[3];
+ hashmethod m = !arg ? HASH_SHA3_256
+ : Ustrcmp(arg, "224") == 0 ? HASH_SHA3_224
+ : Ustrcmp(arg, "256") == 0 ? HASH_SHA3_256
+ : Ustrcmp(arg, "384") == 0 ? HASH_SHA3_384
+ : Ustrcmp(arg, "512") == 0 ? HASH_SHA3_512
+ : HASH_BADTYPE;
+
+ if (m == HASH_BADTYPE)
+ {
+ expand_string_message = US"unrecognised sha3 variant";
+ goto EXPAND_FAILED;
+ }
+
+ exim_sha_init(&h, m);
+ exim_sha_update(&h, sub, Ustrlen(sub));
+ exim_sha_finish(&h, &b);
+ while (b.len-- > 0)
+ {
+ sprintf(st, "%02X", *b.data++);
+ yield = string_catn(yield, &size, &ptr, US st, 2);
+ }
+ }
+ continue;
+#else
+ expand_string_message = US"sha3 only supported with GnuTLS 3.5.0 +";
+ goto EXPAND_FAILED;
+#endif
+
/* Convert hex encoding to base64 encoding */
case EOP_HEX2B64:
}
enc = b64encode(sub, out - sub);
- yield = string_cat(yield, &size, &ptr, enc, Ustrlen(enc));
+ yield = string_cat(yield, &size, &ptr, enc);
continue;
}
while (*(++t) != 0)
{
if (*t < 0x21 || 0x7E < *t)
- yield = string_cat(yield, &size, &ptr,
+ yield = string_catn(yield, &size, &ptr,
string_sprintf("\\x%02x", *t), 4);
else
- yield = string_cat(yield, &size, &ptr, t, 1);
+ yield = string_catn(yield, &size, &ptr, t, 1);
}
continue;
}
while (string_nextinlist(CUSS &sub, &sep, buffer, sizeof(buffer)) != NULL) cnt++;
cp = string_sprintf("%d", cnt);
- yield = string_cat(yield, &size, &ptr, cp, Ustrlen(cp));
+ yield = string_cat(yield, &size, &ptr, cp);
continue;
}
{
uschar * buf = US" : ";
if (needsep)
- yield = string_cat(yield, &size, &ptr, buf, 3);
+ yield = string_catn(yield, &size, &ptr, buf, 3);
else
needsep = TRUE;
tok[0] = sep; tok[1] = ':'; tok[2] = 0;
while ((cp= strpbrk((const char *)item, tok)))
{
- yield = string_cat(yield, &size, &ptr, item, cp-(char *)item);
+ yield = string_catn(yield, &size, &ptr, item, cp-(char *)item);
if (*cp++ == ':') /* colon in a non-colon-sep list item, needs doubling */
{
- yield = string_cat(yield, &size, &ptr, US"::", 2);
+ yield = string_catn(yield, &size, &ptr, US"::", 2);
item = (uschar *)cp;
}
else /* sep in item; should already be doubled; emit once */
{
- yield = string_cat(yield, &size, &ptr, (uschar *)tok, 1);
+ yield = string_catn(yield, &size, &ptr, (uschar *)tok, 1);
if (*cp == sep) cp++;
item = (uschar *)cp;
}
}
}
- yield = string_cat(yield, &size, &ptr, item, Ustrlen(item));
+ yield = string_cat(yield, &size, &ptr, item);
}
continue;
}
/* Convert to masked textual format and add to output. */
- yield = string_cat(yield, &size, &ptr, buffer,
+ yield = string_catn(yield, &size, &ptr, buffer,
host_nmtoa(count, binary, mask, buffer, '.'));
continue;
}
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, buffer,
+ yield = string_catn(yield, &size, &ptr, buffer,
c == EOP_IPV6NORM
? ipv6_nmtoa(binary, buffer)
: host_nmtoa(4, binary, -1, buffer, ':')
if (c != EOP_DOMAIN)
{
if (c == EOP_LOCAL_PART && domain != 0) end = start + domain - 1;
- yield = string_cat(yield, &size, &ptr, sub+start, end-start);
+ yield = string_catn(yield, &size, &ptr, sub+start, end-start);
}
else if (domain != 0)
{
domain += start;
- yield = string_cat(yield, &size, &ptr, sub+domain, end-domain);
+ yield = string_catn(yield, &size, &ptr, sub+domain, end-domain);
}
}
continue;
if (address != NULL)
{
if (ptr != save_ptr && address[0] == *outsep)
- yield = string_cat(yield, &size, &ptr, US" ", 1);
+ yield = string_catn(yield, &size, &ptr, US" ", 1);
for (;;)
{
size_t seglen = Ustrcspn(address, outsep);
- yield = string_cat(yield, &size, &ptr, address, seglen + 1);
+ yield = string_catn(yield, &size, &ptr, address, seglen + 1);
/* If we got to the end of the string we output one character
too many. */
if (address[seglen] == '\0') { ptr--; break; }
- yield = string_cat(yield, &size, &ptr, outsep, 1);
+ yield = string_catn(yield, &size, &ptr, outsep, 1);
address += seglen + 1;
}
/* Output a separator after the string: we will remove the
redundant final one at the end. */
- yield = string_cat(yield, &size, &ptr, outsep, 1);
+ yield = string_catn(yield, &size, &ptr, outsep, 1);
}
if (saveend == '\0') break;
if (needs_quote)
{
- yield = string_cat(yield, &size, &ptr, US"\"", 1);
+ yield = string_catn(yield, &size, &ptr, US"\"", 1);
t = sub - 1;
while (*(++t) != 0)
{
if (*t == '\n')
- yield = string_cat(yield, &size, &ptr, US"\\n", 2);
+ yield = string_catn(yield, &size, &ptr, US"\\n", 2);
else if (*t == '\r')
- yield = string_cat(yield, &size, &ptr, US"\\r", 2);
+ yield = string_catn(yield, &size, &ptr, US"\\r", 2);
else
{
if (*t == '\\' || *t == '"')
- yield = string_cat(yield, &size, &ptr, US"\\", 1);
- yield = string_cat(yield, &size, &ptr, t, 1);
+ yield = string_catn(yield, &size, &ptr, US"\\", 1);
+ yield = string_catn(yield, &size, &ptr, t, 1);
}
}
- yield = string_cat(yield, &size, &ptr, US"\"", 1);
+ yield = string_catn(yield, &size, &ptr, US"\"", 1);
}
- else yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
+ else yield = string_cat(yield, &size, &ptr, sub);
continue;
}
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, sub, Ustrlen(sub));
+ yield = string_cat(yield, &size, &ptr, sub);
continue;
}
while (*(++t) != 0)
{
if (!isalnum(*t))
- yield = string_cat(yield, &size, &ptr, US"\\", 1);
- yield = string_cat(yield, &size, &ptr, t, 1);
+ yield = string_catn(yield, &size, &ptr, US"\\", 1);
+ yield = string_catn(yield, &size, &ptr, t, 1);
}
continue;
}
uschar buffer[2048];
const uschar *string = parse_quote_2047(sub, Ustrlen(sub), headers_charset,
buffer, sizeof(buffer), FALSE);
- yield = string_cat(yield, &size, &ptr, string, Ustrlen(string));
+ yield = string_cat(yield, &size, &ptr, string);
continue;
}
expand_string_message = error;
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, decoded, len);
+ yield = string_catn(yield, &size, &ptr, decoded, len);
continue;
}
GETUTF8INC(c, sub);
if (c > 255) c = '_';
buff[0] = c;
- yield = string_cat(yield, &size, &ptr, buff, 1);
+ yield = string_catn(yield, &size, &ptr, buff, 1);
}
continue;
}
complete = -1; /* error (RFC3629 limit) */
else
{ /* finished; output utf-8 sequence */
- yield = string_cat(yield, &size, &ptr, seq_buff, seq_len);
+ yield = string_catn(yield, &size, &ptr, seq_buff, seq_len);
index = 0;
}
}
{
if((c & 0x80) == 0) /* 1-byte sequence, US-ASCII, keep it */
{
- yield = string_cat(yield, &size, &ptr, &c, 1);
+ yield = string_catn(yield, &size, &ptr, &c, 1);
continue;
}
if((c & 0xe0) == 0xc0) /* 2-byte sequence */
if (complete != 0)
{
bytes_left = index = 0;
- yield = string_cat(yield, &size, &ptr, UTF8_REPLACEMENT_CHAR, 1);
+ yield = string_catn(yield, &size, &ptr, UTF8_REPLACEMENT_CHAR, 1);
}
if ((complete == 1) && ((c & 0x80) == 0))
/* ASCII character follows incomplete sequence */
- yield = string_cat(yield, &size, &ptr, &c, 1);
+ yield = string_catn(yield, &size, &ptr, &c, 1);
}
continue;
}
string_printing(sub), error);
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
continue;
}
string_printing(sub), error);
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
continue;
}
string_printing(sub), error);
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
DEBUG(D_expand) debug_printf("yield: '%s'\n", yield);
continue;
}
string_printing(sub), error);
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
continue;
}
#endif /* EXPERIMENTAL_INTERNATIONAL */
case EOP_ESCAPE:
{
- const uschar *t = string_printing(sub);
- yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
+ const uschar * t = string_printing(sub);
+ yield = string_cat(yield, &size, &ptr, t);
continue;
}
+ case EOP_ESCAPE8BIT:
+ {
+ const uschar * s = sub;
+ uschar c;
+
+ for (s = sub; (c = *s); s++)
+ yield = c < 127 && c != '\\'
+ ? string_catn(yield, &size, &ptr, s, 1)
+ : string_catn(yield, &size, &ptr, string_sprintf("\\%03o", c), 4);
+ continue;
+ }
+
/* Handle numeric expression evaluation */
case EOP_EVAL:
goto EXPAND_FAILED;
}
sprintf(CS var_buffer, PR_EXIM_ARITH, n);
- yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
+ yield = string_cat(yield, &size, &ptr, var_buffer);
continue;
}
goto EXPAND_FAILED;
}
sprintf(CS var_buffer, "%d", n);
- yield = string_cat(yield, &size, &ptr, var_buffer, Ustrlen(var_buffer));
+ yield = string_cat(yield, &size, &ptr, var_buffer);
continue;
}
goto EXPAND_FAILED;
}
t = readconf_printtime(n);
- yield = string_cat(yield, &size, &ptr, t, Ustrlen(t));
+ yield = string_cat(yield, &size, &ptr, t);
continue;
}
#else
uschar * s = b64encode(sub, Ustrlen(sub));
#endif
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
continue;
}
"well-formed for \"%s\" operator", sub, name);
goto EXPAND_FAILED;
}
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
continue;
}
{
uschar buff[24];
(void)sprintf(CS buff, "%d", Ustrlen(sub));
- yield = string_cat(yield, &size, &ptr, buff, Ustrlen(buff));
+ yield = string_cat(yield, &size, &ptr, buff);
continue;
}
extract_substr(sub, value1, value2, &len);
if (ret == NULL) goto EXPAND_FAILED;
- yield = string_cat(yield, &size, &ptr, ret, len);
+ yield = string_catn(yield, &size, &ptr, ret, len);
continue;
}
(long)st.st_dev, (long)st.st_nlink, (long)st.st_uid,
(long)st.st_gid, st.st_size, (long)st.st_atime,
(long)st.st_mtime, (long)st.st_ctime);
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
continue;
}
if (expand_string_message != NULL)
goto EXPAND_FAILED;
s = string_sprintf("%d", vaguely_random_number((int)max));
- yield = string_cat(yield, &size, &ptr, s, Ustrlen(s));
+ yield = string_cat(yield, &size, &ptr, s);
continue;
}
goto EXPAND_FAILED;
}
invert_address(reversed, sub);
- yield = string_cat(yield, &size, &ptr, reversed, Ustrlen(reversed));
+ yield = string_cat(yield, &size, &ptr, reversed);
continue;
}
yield = NULL;
size = 0;
}
- value = find_variable(name, FALSE, skipping, &newsize);
- if (value == NULL)
+ if (!(value = find_variable(name, FALSE, skipping, &newsize)))
{
expand_string_message =
string_sprintf("unknown variable in \"${%s}\"", name);
goto EXPAND_FAILED;
}
len = Ustrlen(value);
- if (yield == NULL && newsize != 0)
+ if (!yield && newsize)
{
yield = value;
size = newsize;
ptr = len;
}
- else yield = string_cat(yield, &size, &ptr, value, len);
+ else
+ yield = string_catn(yield, &size, &ptr, value, len);
continue;
}
DEBUG(D_expand)
{
- debug_printf("expanding: %.*s\n result: %s\n", (int)(s - string), string,
+ debug_printf(" expanding: %.*s\n result: %s\n", (int)(s - string), string,
yield);
- if (skipping) debug_printf("skipping: result is not used\n");
+ if (skipping) debug_printf(" skipping: result is not used\n");
}
return yield;
*/
EXPAND_FAILED_CURLY:
-expand_string_message = malformed_header?
- US"missing or misplaced { or } - could be header name not terminated by colon"
- :
- US"missing or misplaced { or }";
+if (malformed_header)
+ expand_string_message =
+ US"missing or misplaced { or } - could be header name not terminated by colon";
+
+else if (!expand_string_message || !*expand_string_message)
+ expand_string_message = US"missing or misplaced { or }";
/* At one point, Exim reset the store to yield (if yield was not NULL), but
that is a bad idea, because expand_string_message is in dynamic store. */
+/* Avoid potentially exposing a password in a string about to be logged */
+
+uschar *
+expand_hide_passwords(uschar * s)
+{
+return ( ( Ustrstr(s, "failed to expand") != NULL
+ || Ustrstr(s, "expansion of ") != NULL
+ )
+ && ( Ustrstr(s, "mysql") != NULL
+ || Ustrstr(s, "pgsql") != NULL
+ || Ustrstr(s, "redis") != NULL
+ || Ustrstr(s, "sqlite") != NULL
+ || Ustrstr(s, "ldap:") != NULL
+ || Ustrstr(s, "ldaps:") != NULL
+ || Ustrstr(s, "ldapi:") != NULL
+ || Ustrstr(s, "ldapdn:") != NULL
+ || Ustrstr(s, "ldapm:") != NULL
+ ) )
+ ? US"Temporary internal error" : s;
+}
+
+
+
/*************************************************
**************************************************
git://git.exim.org / exim.git / blobdiff