{ US"no_delay_flush", FALSE,
ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START
},
-
+
[CONTROL_NO_ENFORCE_SYNC] =
{ US"no_enforce_sync", FALSE,
ACL_BIT_NOTSMTP | ACL_BIT_NOTSMTP_START
int v, c;
BOOL negated = FALSE;
uschar *saveline = s;
- uschar name[64];
+ uschar name[EXIM_DRIVERNAME_MAX];
/* Conditions (but not verbs) are allowed to be negated by an initial
exclamation mark. */
{
int rc;
-user_msgptr = user_msgptr; /* stop compiler warning */
-
/* Previous success */
if (sender_host_name != NULL) return OK;
tree_node *t;
const uschar *found;
int priority, weight, port;
-dns_answer * dnsa = store_get_dns_answer();
+dns_answer * dnsa;
dns_scan dnss;
dns_record *rr;
-int rc, type;
-uschar target[256];
+int rc, type, yield;
+#define TARGET_SIZE 256
+uschar * target = store_get(TARGET_SIZE, TRUE);
/* Work out the domain we are using for the CSA lookup. The default is the
client's HELO domain. If the client has not said HELO, use its IP address
while (isspace(*domain) && *domain != '\0') ++domain;
if (*domain == '\0') domain = sender_helo_name;
-if (domain == NULL) domain = sender_host_address;
-if (sender_host_address == NULL) return CSA_UNKNOWN;
+if (!domain) domain = sender_host_address;
+if (!sender_host_address) return CSA_UNKNOWN;
/* If we have an address literal, strip off the framing ready for turning it
into a domain. The framing consists of matched square brackets possibly
for this domain. The name is filled in now, and the value is filled in when
we return from this function. */
-t = tree_search(csa_cache, domain);
-if (t != NULL) return t->data.val;
+if ((t = tree_search(csa_cache, domain)))
+ return t->data.val;
t = store_get_perm(sizeof(tree_node) + Ustrlen(domain), is_tainted(domain));
Ustrcpy(t->name, domain);
/* Now we are ready to do the actual DNS lookup(s). */
found = domain;
+dnsa = store_get_dns_answer();
switch (dns_special_lookup(dnsa, domain, T_CSA, &found))
{
/* If something bad happened (most commonly DNS_AGAIN), defer. */
default:
- return t->data.val = CSA_DEFER_SRV;
+ yield = CSA_DEFER_SRV;
+ goto out;
/* If we found nothing, the client's authorization is unknown. */
case DNS_NOMATCH:
case DNS_NODATA:
- return t->data.val = CSA_UNKNOWN;
+ yield = CSA_UNKNOWN;
+ goto out;
/* We got something! Go on to look at the reply in more detail. */
case DNS_SUCCEED:
- break;
+ break;
}
/* Scan the reply for well-formed CSA SRV records. */
SRV records of their own. */
if (Ustrcmp(found, domain) != 0)
- return t->data.val = port & 1 ? CSA_FAIL_EXPLICIT : CSA_UNKNOWN;
+ {
+ yield = port & 1 ? CSA_FAIL_EXPLICIT : CSA_UNKNOWN;
+ goto out;
+ }
/* This CSA SRV record refers directly to our domain, so we check the value
in the weight field to work out the domain's authorization. 0 and 1 are
address in order to authenticate it, so we treat it as unknown; values
greater than 3 are undefined. */
- if (weight < 2) return t->data.val = CSA_FAIL_DOMAIN;
+ if (weight < 2)
+ {
+ yield = CSA_FAIL_DOMAIN;
+ goto out;
+ }
if (weight > 2) continue;
target hostname then break to scan the additional data for its addresses. */
(void)dn_expand(dnsa->answer, dnsa->answer + dnsa->answerlen, p,
- (DN_EXPAND_ARG4_TYPE)target, sizeof(target));
+ (DN_EXPAND_ARG4_TYPE)target, TARGET_SIZE);
DEBUG(D_acl) debug_printf_indent("CSA target is %s\n", target);
/* If we didn't break the loop then no appropriate records were found. */
-if (!rr) return t->data.val = CSA_UNKNOWN;
+if (!rr)
+ {
+ yield = CSA_UNKNOWN;
+ goto out;
+ }
/* Do not check addresses if the target is ".", in accordance with RFC 2782.
A target of "." indicates there are no valid addresses, so the client cannot
equivalent to weight=1, but we check for it in order to keep load off the
root name servers.) Note that dn_expand() turns "." into "". */
-if (Ustrcmp(target, "") == 0) return t->data.val = CSA_FAIL_NOADDR;
+if (Ustrcmp(target, "") == 0)
+ {
+ yield = CSA_FAIL_NOADDR;
+ goto out;
+ }
/* Scan the additional section of the CSA SRV reply for addresses belonging
to the target. If the name server didn't return any additional data (e.g.
to obtain the target addresses; otherwise we have a definitive result. */
rc = acl_verify_csa_address(dnsa, &dnss, RESET_ADDITIONAL, target);
-if (rc != CSA_FAIL_NOADDR) return t->data.val = rc;
+if (rc != CSA_FAIL_NOADDR)
+ {
+ yield = rc;
+ goto out;
+ }
/* The DNS lookup type corresponds to the IP version used by the client. */
/* If something bad happened (most commonly DNS_AGAIN), defer. */
default:
- return t->data.val = CSA_DEFER_ADDR;
+ yield = CSA_DEFER_ADDR;
+ break;
/* If the query succeeded, scan the addresses and return the result. */
case DNS_SUCCEED:
rc = acl_verify_csa_address(dnsa, &dnss, RESET_ANSWERS, target);
- if (rc != CSA_FAIL_NOADDR) return t->data.val = rc;
+ if (rc != CSA_FAIL_NOADDR)
+ {
+ yield = rc;
+ break;
+ }
/* else fall through */
/* If the target has no IP addresses, the client cannot have an authorized
case DNS_NOMATCH:
case DNS_NODATA:
- return t->data.val = CSA_FAIL_NOADDR;
+ yield = CSA_FAIL_NOADDR;
+ break;
}
+
+out:
+
+store_free_dns_answer(dnsa);
+return t->data.val = yield;
}
{
if (!*user_msgptr && *log_msgptr)
*user_msgptr = string_sprintf("Rejected after %s: %s",
- smtp_names[smtp_connection_had[smtp_ch_index-1]], *log_msgptr);
+ smtp_names[smtp_connection_had[SMTP_HBUFF_PREV(smtp_ch_index)]],
+ *log_msgptr);
if (rc == DEFER) f.acl_temp_details = TRUE;
}
}
case CONTROL_FAKEREJECT:
cancel_cutthrough_connection(TRUE, US"fakereject");
- case CONTROL_FAKEDEFER:
+ case CONTROL_FAKEDEFER:
fake_response = (control_type == CONTROL_FAKEDEFER) ? DEFER : FAIL;
if (*p == '/')
{
const uschar *pp = p + 1;
while (*pp) pp++;
- fake_response_text = expand_string(string_copyn(p+1, pp-p-1));
+ /* The entire control= line was expanded at top so no need to expand
+ the part after the / */
+ fake_response_text = string_copyn(p+1, pp-p-1);
p = pp;
}
else /* Explicitly reset to default string */
{
const uschar *pp = p + 6;
while (*pp) pp++;
- submission_name = string_copy(parse_fix_phrase(p+6, pp-p-6,
- big_buffer, big_buffer_size));
+ submission_name = parse_fix_phrase(p+6, pp-p-6);
p = pp;
}
else break;
}
break;
- #ifndef DISABLE_DKIM
+#ifndef DISABLE_DKIM
case ACLC_DKIM_SIGNER:
if (dkim_cur_signer)
rc = match_isinlist(dkim_cur_signer,
- &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
+ &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
else
rc = FAIL;
break;
case ACLC_DKIM_STATUS:
rc = match_isinlist(dkim_verify_status,
- &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
+ &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
break;
- #endif
+#endif
#ifdef SUPPORT_DMARC
case ACLC_DMARC_STATUS:
/* used long way of dmarc_exim_expand_query() in case we need more
* view into the process in the future. */
rc = match_isinlist(dmarc_exim_expand_query(DMARC_VERIFY_STATUS),
- &arg,0,NULL,NULL,MCL_STRING,TRUE,NULL);
+ &arg, 0, NULL, NULL, MCL_STRING, TRUE, NULL);
break;
#endif
#endif
case ACLC_QUEUE:
- if (is_tainted(arg))
- {
- *log_msgptr = string_sprintf("Tainted name '%s' for queue not permitted",
- arg);
- return ERROR;
- }
- if (Ustrchr(arg, '/'))
{
- *log_msgptr = string_sprintf(
- "Directory separator not permitted in queue name: '%s'", arg);
- return ERROR;
+ uschar *m;
+ if ((m = is_tainted2(arg, 0, "Tainted name '%s' for queue not permitted", arg)))
+ {
+ *log_msgptr = m;
+ return ERROR;
+ }
+ if (Ustrchr(arg, '/'))
+ {
+ *log_msgptr = string_sprintf(
+ "Directory separator not permitted in queue name: '%s'", arg);
+ return ERROR;
+ }
+ queue_name = string_copy_perm(arg, FALSE);
+ break;
}
- queue_name = string_copy_perm(arg, FALSE);
- break;
case ACLC_RATELIMIT:
rc = acl_ratelimit(arg, where, log_msgptr);
acl_text = ss;
+if ( !f.running_in_test_harness
+ && is_tainted2(acl_text, LOG_MAIN|LOG_PANIC,
+ "Tainted ACL text \"%s\"", acl_text))
+ {
+ /* Avoid leaking info to an attacker */
+ *log_msgptr = US"internal configuration error";
+ return ERROR;
+ }
+
/* Handle the case of a string that does not contain any spaces. Look for a
named ACL among those read from the configuration, or a previously read file.
It is possible that the pointer to the ACL is NULL if the configuration
else if (*ss == '/')
{
struct stat statbuf;
- if (is_tainted(ss))
+ if (is_tainted2(ss, LOG_MAIN|LOG_PANIC, "Tainted ACL file name '%s'", ss))
{
- log_write(0, LOG_MAIN|LOG_PANIC,
- "attempt to open tainted ACL file name \"%s\"", ss);
/* Avoid leaking info to an attacker */
*log_msgptr = US"internal configuration error";
return ERROR;
/* Drop cutthrough conns, and drop heldopen verify conns if
the previous was not DATA */
{
- uschar prev = smtp_connection_had[smtp_ch_index-2];
+ uschar prev =
+ smtp_connection_had[SMTP_HBUFF_PREV(SMTP_HBUFF_PREV(smtp_ch_index))];
BOOL dropverify = !(prev == SCH_DATA || prev == SCH_BDAT);
cancel_cutthrough_connection(dropverify, US"quit or conndrop");