static uschar *
checkexpand(uschar *s, address_item *addr, uschar *name, int type)
{
-uschar *t;
uschar *ss = expand_string(s);
-if (ss == NULL)
+if (!ss)
{
addr->transport_return = FAIL;
addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: "
return NULL;
}
-if (type != cke_text) for (t = ss; *t != 0; t++)
+if (type != cke_text) for (uschar * t = ss; *t != 0; t++)
{
int c = *t;
const uschar * sp;
router. Otherwise, the data must be supplied by this transport, and
it has to be expanded here. */
-if (addr->reply != NULL)
+if (addr->reply)
{
DEBUG(D_transport) debug_printf("taking data from address\n");
from = addr->reply->from;
set, instead of a dbm file, we use a regular file containing a circular buffer
recipient cache. */
-if (oncelog && *oncelog != 0 && to)
+if (oncelog && *oncelog && to)
{
time_t then = 0;
+ if (is_tainted(oncelog))
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+ addr->message = string_sprintf("Tainted '%s' (once file for %s transport)"
+ " not permitted", oncelog, tblock->name);
+ goto END_OFF;
+ }
+
/* Handle fixed-size cache file. */
if (ob->once_file_size > 0)
{
- uschar * p, * nextp;
+ uschar * nextp;
struct stat statbuf;
- cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
+ cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0)
{
addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to %s \"once\" file %s when "
"sending message from %s transport: %s",
- (cache_fd < 0)? "open" : "stat", oncelog, tblock->name,
- strerror(errno));
+ cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno));
goto END_OFF;
}
cache_size = statbuf.st_size;
add_size = sizeof(time_t) + Ustrlen(to) + 1;
- cache_buff = store_get(cache_size + add_size);
+ cache_buff = store_get(cache_size + add_size, is_tainted(oncelog));
if (read(cache_fd, cache_buff, cache_size) != cache_size)
{
zero. If we find a match, put the time into "then", and the place where it
was found into "cache_time". Otherwise, "then" is left at zero. */
- for (p = cache_buff; p < cache_buff + cache_size; p = nextp)
+ for (uschar * p = cache_buff; p < cache_buff + cache_size; p = nextp)
{
uschar *s = p + sizeof(time_t);
nextp = s + Ustrlen(s) + 1;
if (!dbm_file)
{
addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to open %s file %s when sending "
"message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name,
strerror(errno));
if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec))
{
int log_fd;
+ if (is_tainted(logfile))
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+ addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)"
+ " not permitted", logfile, tblock->name);
+ goto END_OFF;
+ }
+
DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to,
(once_repeat_sec > 0)? " and repeat time not reached" : "");
log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1;
}
/* We are going to send a message. Ensure any requested file is available. */
-
if (file)
{
- ff = Ufopen(file, "rb");
- if (!ff && !ob->file_optional)
+ if (is_tainted(file))
{
addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+ addr->message = string_sprintf("Tainted '%s' (file for %s transport)"
+ " not permitted", file, tblock->name);
+ return FALSE;
+ }
+ if (!(ff = Ufopen(file, "rb")) && !ob->file_optional)
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to open file %s when sending "
"message from %s transport: %s", file, tblock->name, strerror(errno));
return FALSE;
if (pid < 0)
{
addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to create child process to send "
"message from %s transport: %s", tblock->name, strerror(errno));
DEBUG(D_transport) debug_printf("%s\n", addr->message);
fprintf(fp, "In-Reply-To: %s", message_id);
}
-/* Generate a References header if there is at least one of Message-ID:,
-References:, or In-Reply-To: (see RFC 2822). */
-
-for (h = header_list; h; h = h->next)
- if (h->type != htype_old && strncmpic(US"References:", h->text, 11) == 0)
- break;
-
-if (!h)
- for (h = header_list; h; h = h->next)
- if (h->type != htype_old && strncmpic(US"In-Reply-To:", h->text, 12) == 0)
- break;
-
-/* We limit the total length of references. Although there is no fixed
-limit, some systems do not like headers growing beyond recognition.
-Keep the first message ID for the thread root and the last few for
-the position inside the thread, up to a maximum of 12 altogether. */
-
-if (h || message_id)
- {
- fprintf(fp, "References:");
- if (h)
- {
- uschar *s, *id, *error;
- uschar *referenced_ids[12];
- int reference_count = 0;
- int i;
-
- s = Ustrchr(h->text, ':') + 1;
- f.parse_allow_group = FALSE;
- while (*s != 0 && (s = parse_message_id(s, &id, &error)) != NULL)
- {
- if (reference_count == nelem(referenced_ids))
- {
- memmove(referenced_ids + 1, referenced_ids + 2,
- sizeof(referenced_ids) - 2*sizeof(uschar *));
- referenced_ids[reference_count - 1] = id;
- }
- else referenced_ids[reference_count++] = id;
- }
- for (i = 0; i < reference_count; ++i) fprintf(fp, " %s", referenced_ids[i]);
- }
-
- /* The message id will have a newline on the end of it. */
-
- if (message_id) fprintf(fp, " %s", message_id);
- else fprintf(fp, "\n");
- }
+moan_write_references(fp, message_id);
/* Add an Auto-Submitted: header */
int log_fd = Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode);
if (log_fd >= 0)
{
- uschar *ptr = log_buffer;
+ gstring gs = { .size = LOG_BUFFER_SIZE, .ptr = 0, .s = log_buffer }, *g = &gs;
+
+ /* Use taint-unchecked routines for writing into log_buffer, trusting
+ that we'll never expand it. */
+
DEBUG(D_transport) debug_printf("logging message details\n");
- sprintf(CS ptr, "%s\n", tod_stamp(tod_log));
- while(*ptr) ptr++;
+ g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, "%s\n", tod_stamp(tod_log));
if (from)
- {
- (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
- " From: %s\n", from);
- while(*ptr) ptr++;
- }
+ g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " From: %s\n", from);
if (to)
- {
- (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
- " To: %s\n", to);
- while(*ptr) ptr++;
- }
+ g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " To: %s\n", to);
if (cc)
- {
- (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
- " Cc: %s\n", cc);
- while(*ptr) ptr++;
- }
+ g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Cc: %s\n", cc);
if (bcc)
- {
- (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
- " Bcc: %s\n", bcc);
- while(*ptr) ptr++;
- }
+ g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Bcc: %s\n", bcc);
if (subject)
- {
- (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
- " Subject: %s\n", subject);
- while(*ptr) ptr++;
- }
+ g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " Subject: %s\n", subject);
if (headers)
- {
- (void)string_format(ptr, LOG_BUFFER_SIZE - (ptr-log_buffer),
- " %s\n", headers);
- while(*ptr) ptr++;
- }
- if(write(log_fd, log_buffer, ptr - log_buffer) != ptr-log_buffer
- || close(log_fd))
+ g = string_fmt_append_f(g, SVFMT_TAINT_NOCHK, " %s\n", headers);
+ if(write(log_fd, g->s, g->ptr) != g->ptr || close(log_fd))
DEBUG(D_transport) debug_printf("Problem writing log file %s for %s "
"transport\n", logfile, tblock->name);
}
git://git.exim.org / exim.git / blobdiff