smtp tpt fallback_hosts list must be mutable

[exim.git] / src / src / transports / smtp.c

diff --git a/src/src/transports/smtp.c b/src/src/transports/smtp.c
index 52940572be33439cf093d54a16993715773fbafd..dfb4a928492ddcf71aabf84e59e3efc428492365 100644 (file)
--- a/src/src/transports/smtp.c
+++ b/src/src/transports/smtp.c
@@ -355,6 +355,7 @@ void
 smtp_transport_init(transport_instance *tblock)
 {
 smtp_transport_options_block *ob = SOB tblock->options_block;
+int old_pool = store_pool;
 
 /* Retry_use_local_part defaults FALSE if unset */
 
@@ -390,7 +391,9 @@ if (ob->hosts_override && ob->hosts) tblock->overrides_hosts = TRUE;
 /* If there are any fallback hosts listed, build a chain of host items
 for them, but do not do any lookups at this time. */
 
-host_build_hostlist(&(ob->fallback_hostlist), ob->fallback_hosts, FALSE);
+store_pool = POOL_PERM;
+host_build_hostlist(&ob->fallback_hostlist, ob->fallback_hosts, FALSE);
+store_pool = old_pool;
 }
 
 
@@ -2118,7 +2121,7 @@ if (continue_hostname && continue_proxy_cipher)
       {
       case OK:         sx->conn_args.dane = TRUE;
                        ob->tls_tempfail_tryclear = FALSE;      /* force TLS */
-                       ob->tls_sni = sx->first_addr->domain;   /* force SNI */
+                        ob->tls_sni = sx->conn_args.host->name; /* force SNI */
                        break;
       case FAIL_FORCED:        break;
       default:         set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
@@ -2205,7 +2208,7 @@ if (!continue_hostname)
          {
          case OK:              sx->conn_args.dane = TRUE;
                                ob->tls_tempfail_tryclear = FALSE;      /* force TLS */
-                               ob->tls_sni = sx->first_addr->domain;   /* force SNI */
+                               ob->tls_sni = sx->conn_args.host->name; /* force SNI */
                                break;
          case FAIL_FORCED:     break;
          default:              set_errno_nohost(sx->addrlist, ERRNO_DNSDEFER,
@@ -2475,8 +2478,8 @@ goto SEND_QUIT;
       int n = sizeof(sx->buffer);
       uschar * rsp = sx->buffer;
 
-      if (sx->esmtp_sent && (n = Ustrlen(sx->buffer)) < sizeof(sx->buffer)/2)
-       { rsp = sx->buffer + n + 1; n = sizeof(sx->buffer) - n; }
+      if (sx->esmtp_sent && (n = Ustrlen(sx->buffer) + 1) < sizeof(sx->buffer)/2)
+       { rsp = sx->buffer + n; n = sizeof(sx->buffer) - n; }
 
       if (smtp_write_command(sx, SCMD_FLUSH, "HELO %s\r\n", sx->helo_data) < 0)
        goto SEND_FAILED;
@@ -3607,13 +3610,12 @@ for (int fd_bits = 3; fd_bits; )
       timeout = 5;
       }
     else
-      {
       for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
        if ((i = write(pfd[0], buf + nbytes, rc - nbytes)) < 0) goto done;
-      }
 
   /* Handle outbound data.  We cannot combine payload and the TLS-close
-  due to the limitations of the (pipe) channel feeding us. */
+  due to the limitations of the (pipe) channel feeding us.  Maybe use a unix-domain
+  socket? */
   if (FD_ISSET(pfd[0], &rfds))
     if ((rc = read(pfd[0], buf, bsize)) <= 0)
       {
@@ -3628,11 +3630,9 @@ for (int fd_bits = 3; fd_bits; )
       shutdown(tls_out.active.sock, SHUT_WR);
       }
     else
-      {
       for (int nbytes = 0; rc - nbytes > 0; nbytes += i)
        if ((i = tls_write(ct_ctx, buf + nbytes, rc - nbytes, FALSE)) < 0)
          goto done;
-      }
 
   if (fd_bits & 1) FD_SET(tls_out.active.sock, &rfds);
   if (fd_bits & 2) FD_SET(pfd[0], &rfds);
@@ -5095,11 +5095,8 @@ if (!hostlist || (ob->hosts_override && ob->hosts))
     else
       if (ob->hosts_randomize) s = expanded_hosts = string_copy(s);
 
-    if (is_tainted(s))
+    if (is_tainted2(s, LOG_MAIN|LOG_PANIC, "Tainted host list '%s' from '%s' in transport %s", s, ob->hosts, tblock->name))
       {
-      log_write(0, LOG_MAIN|LOG_PANIC,
-       "attempt to use tainted host list '%s' from '%s' in transport %s",
-       s, ob->hosts, tblock->name);
       /* Avoid leaking info to an attacker */
       addrlist->message = US"internal configuration error";
       addrlist->transport_return = PANIC;