* Exim - an Internet mail transport agent *
*************************************************/
+/* Copyright (c) The Exim Maintainers 2020 - 2022 */
/* Copyright (c) University of Cambridge 1995 - 2018 */
-/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* The main function: entry point, initialization, and high-level control.
# include <gnu/libc-version.h>
#endif
+#ifndef _TIME_H
+# include <time.h>
+#endif
+#ifndef NO_EXECINFO
+# include <execinfo.h>
+#endif
+
#ifdef USE_GNUTLS
# include <gnutls/gnutls.h>
# if GNUTLS_VERSION_NUMBER < 0x030103 && !defined(DISABLE_OCSP)
# endif
#endif
-#ifndef _TIME_H
-# include <time.h>
-#endif
-
extern void init_lookup_list(void);
for store allocation via Exim's store manager. The normal calls are actually
macros that pass over location information to make tracing easier. These
functions just interface to the standard macro calls. A good compiler will
-optimize out the tail recursion and so not make them too expensive. There
-are two sets of functions; one for use when we want to retain the compiled
-regular expression for a long time; the other for short-term use. */
+optimize out the tail recursion and so not make them too expensive. */
static void *
-function_store_get(PCRE2_SIZE size, void * tag)
+function_store_malloc(PCRE2_SIZE size, void * tag)
{
-/* For now, regard all RE results as potentially tainted. We might need
-more intelligence on this point. */
-return store_get((int)size, TRUE);
+return store_malloc((int)size);
}
static void
-function_dummy_free(void * block, void * tag) {}
+function_store_free(void * block, void * tag)
+{
+/* At least some version of pcre2 pass a null pointer */
+if (block) store_free(block);
+}
+
static void *
-function_store_malloc(PCRE2_SIZE size, void * tag)
+function_store_get(PCRE2_SIZE size, void * tag)
{
-return store_malloc((int)size);
+return store_get((int)size, GET_UNTAINTED); /* loses track of taint */
}
static void
-function_store_free(void * block, void * tag)
+function_store_nullfree(void * block, void * tag)
{
-store_free(block);
}
-/*************************************************
-* Compile regular expression and panic on fail *
-*************************************************/
-
-/* This function is called when failure to compile a regular expression leads
-to a panic exit. In other cases, pcre_compile() is called directly. In many
-cases where this function is used, the results of the compilation are to be
-placed in long-lived store, so we temporarily reset the store management
-functions that PCRE uses if the use_malloc flag is set.
-
-Argument:
- pattern the pattern to compile
- caseless TRUE if caseless matching is required
- use_malloc TRUE if compile into malloc store
-
-Returns: pointer to the compiled pattern
-*/
-
-const pcre2_code *
-regex_must_compile(const uschar * pattern, BOOL caseless, BOOL use_malloc)
-{
-size_t offset;
-int options = caseless ? PCRE_COPT|PCRE2_CASELESS : PCRE_COPT;
-const pcre2_code * yield;
-int err;
-pcre2_general_context * gctx;
-pcre2_compile_context * cctx;
-
-if (use_malloc)
- {
- gctx = pcre2_general_context_create(function_store_malloc, function_store_free, NULL);
- cctx = pcre2_compile_context_create(gctx);
- }
-else
- cctx = pcre_cmp_ctx;
-
-if (!(yield = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, options,
- &err, &offset, cctx)))
- {
- uschar errbuf[128];
- pcre2_get_error_message(err, errbuf, sizeof(errbuf));
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "regular expression error: "
- "%s at offset %ld while compiling %s", errbuf, (long)offset, pattern);
- }
-
-if (use_malloc)
- {
- pcre2_compile_context_free(cctx);
- pcre2_general_context_free(gctx);
- }
-return yield;
-}
-
-
static void
pcre_init(void)
{
-pcre_gen_ctx = pcre2_general_context_create(function_store_malloc, function_store_free, NULL);
-pcre_cmp_ctx = pcre2_compile_context_create(pcre_gen_ctx);
-pcre_mtc_ctx = pcre2_match_context_create(pcre_gen_ctx);
+pcre_mlc_ctx = pcre2_general_context_create(function_store_malloc, function_store_free, NULL);
+pcre_gen_ctx = pcre2_general_context_create(function_store_get, function_store_nullfree, NULL);
+
+pcre_mlc_cmp_ctx = pcre2_compile_context_create(pcre_mlc_ctx);
+pcre_gen_cmp_ctx = pcre2_compile_context_create(pcre_gen_ctx);
+
+pcre_gen_mtc_ctx = pcre2_match_context_create(pcre_gen_ctx);
}
/* This function runs a regular expression match, and sets up the pointers to
the matched substrings. The matched strings are copied so the lifetime of
-the subject is not a problem.
+the subject is not a problem. Matched strings will have the same taint status
+as the subject string (this is not a de-taint method, and must not be made so
+given the support for wildcards in REs).
Arguments:
re the compiled expression
{
pcre2_match_data * md = pcre2_match_data_create_from_pattern(re, pcre_gen_ctx);
int res = pcre2_match(re, (PCRE2_SPTR)subject, PCRE2_ZERO_TERMINATED, 0,
- PCRE_EOPT | options, md, pcre_mtc_ctx);
+ PCRE_EOPT | options, md, pcre_gen_mtc_ctx);
BOOL yield;
if ((yield = (res >= 0)))
{
+ PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
res = pcre2_get_ovector_count(md);
expand_nmax = setup < 0 ? 0 : setup + 1;
for (int matchnum = setup < 0 ? 0 : 1; matchnum < res; matchnum++)
{
- PCRE2_SIZE len;
- pcre2_substring_get_bynumber(md, matchnum,
- (PCRE2_UCHAR **)&expand_nstring[expand_nmax], &len);
- expand_nlength[expand_nmax++] = (int)len;
+ /* Although PCRE2 has a pcre2_substring_get_bynumber() conveneience, it
+ seems to return a bad pointer when a capture group had no data, eg. (.*)
+ matching zero letters. So use the underlying ovec and hope (!) that the
+ offsets are sane (including that case). Should we go further and range-
+ check each one vs. the subject string length? */
+ int off = matchnum * 2;
+ int len = ovec[off + 1] - ovec[off];
+ expand_nstring[expand_nmax] = string_copyn(subject + ovec[off], len);
+ expand_nlength[expand_nmax++] = len;
}
expand_nmax--;
}
pcre2_get_error_message(res, errbuf, sizeof(errbuf));
debug_printf_indent("pcre2: %s\n", errbuf);
}
-pcre2_match_data_free(md);
+/* pcre2_match_data_free(md); gen ctx needs no free */
return yield;
}
pcre2_match_data * md = pcre2_match_data_create(1, pcre_gen_ctx);
int rc = pcre2_match(re, (PCRE2_SPTR)subject,
slen >= 0 ? slen : PCRE2_ZERO_TERMINATED,
- 0, PCRE_EOPT, md, pcre_mtc_ctx);
+ 0, PCRE_EOPT, md, pcre_gen_mtc_ctx);
PCRE2_SIZE * ovec = pcre2_get_ovector_pointer(md);
-if (rc < 0)
- return FALSE;
-if (rptr)
- *rptr = string_copyn(subject + ovec[0], ovec[1] - ovec[0]);
-return TRUE;
+BOOL ret = FALSE;
+
+if (rc >= 0)
+ {
+ if (rptr)
+ *rptr = string_copyn(subject + ovec[0], ovec[1] - ovec[0]);
+ ret = TRUE;
+ }
+/* pcre2_match_data_free(md); gen ctx needs no free */
+return ret;
}
* Handler for SIGSEGV *
***********************************************/
+#define STACKDUMP_MAX 24
+void
+stackdump(void)
+{
+#ifndef NO_EXECINFO
+void * buf[STACKDUMP_MAX];
+char ** ss;
+int nptrs = backtrace(buf, STACKDUMP_MAX);
+
+log_write(0, LOG_MAIN|LOG_PANIC, "backtrace");
+log_write(0, LOG_MAIN|LOG_PANIC, "---");
+if ((ss = backtrace_symbols(buf, nptrs)))
+ {
+ for (int i = 0; i < nptrs; i++)
+ log_write(0, LOG_MAIN|LOG_PANIC, "\t%s", ss[i]);
+ free(ss);
+ }
+else
+ log_write(0, LOG_MAIN|LOG_PANIC, "backtrace_symbols: %s", strerror(errno));
+log_write(0, LOG_MAIN|LOG_PANIC, "---");
+#endif
+}
+#undef STACKDUMP_MAX
+
+
static void
+#ifdef SA_SIGINFO
+segv_handler(int sig, siginfo_t * info, void * uctx)
+{
+log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (fault address: %p)", info->si_addr);
+# if defined(SEGV_MAPERR) && defined(SEGV_ACCERR) && defined(SEGV_BNDERR) && defined(SEGV_PKUERR)
+switch (info->si_code)
+ {
+ case SEGV_MAPERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_MAPERR"); break;
+ case SEGV_ACCERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_ACCERR"); break;
+ case SEGV_BNDERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_BNDERR"); break;
+ case SEGV_PKUERR: log_write(0, LOG_MAIN|LOG_PANIC, "SEGV_PKUERR"); break;
+ }
+# endif
+if (US info->si_addr < US 4096)
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (null pointer indirection)");
+else
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (maybe attempt to write to immutable memory)");
+if (process_info_len > 0)
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (%.*s)", process_info_len, process_info);
+stackdump();
+signal(SIGSEGV, SIG_DFL);
+kill(getpid(), sig);
+}
+
+#else
segv_handler(int sig)
{
log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (maybe attempt to write to immutable memory)");
+if (process_info_len > 0)
+ log_write(0, LOG_MAIN|LOG_PANIC, "SIGSEGV (%.*s)", process_info_len, process_info);
+stackdump();
signal(SIGSEGV, SIG_DFL);
kill(getpid(), sig);
}
+#endif
/*************************************************
*/
void
-exim_setugid(uid_t uid, gid_t gid, BOOL igflag, uschar *msg)
+exim_setugid(uid_t uid, gid_t gid, BOOL igflag, const uschar * msg)
{
uid_t euid = geteuid();
gid_t egid = getegid();
int rc = verify_address(deliver_make_addr(address,TRUE), stdout, flags, -1,
-1, -1, NULL, NULL, NULL);
if (rc == FAIL) *exit_value = 2;
- else if (rc == DEFER && *exit_value == 0) *exit_value = 1;
+ else if (rc == DEFER && *exit_value == 0) *exit_value = 1;
}
}
*************************************************/
static void
-show_db_version(FILE * f)
+show_string(BOOL is_stdout, gstring * g)
+{
+const uschar * s = string_from_gstring(g);
+if (s)
+ if (is_stdout) fputs(CCS s, stdout);
+ else debug_printf("%s", s);
+}
+
+
+static gstring *
+show_db_version(gstring * g)
{
#ifdef DB_VERSION_STRING
DEBUG(D_any)
{
- fprintf(f, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING);
- fprintf(f, " Runtime: %s\n",
+ g = string_fmt_append(g, "Library version: BDB: Compile: %s\n", DB_VERSION_STRING);
+ g = string_fmt_append(g, " Runtime: %s\n",
db_version(NULL, NULL, NULL));
}
else
- fprintf(f, "Berkeley DB: %s\n", DB_VERSION_STRING);
+ g = string_fmt_append(g, "Berkeley DB: %s\n", DB_VERSION_STRING);
#elif defined(BTREEVERSION) && defined(HASHVERSION)
- #ifdef USE_DB
- fprintf(f, "Probably Berkeley DB version 1.8x (native mode)\n");
- #else
- fprintf(f, "Probably Berkeley DB version 1.8x (compatibility mode)\n");
- #endif
+# ifdef USE_DB
+ g = string_cat(g, US"Probably Berkeley DB version 1.8x (native mode)\n");
+# else
+ g = string_cat(g, US"Probably Berkeley DB version 1.8x (compatibility mode)\n");
+# endif
#elif defined(_DBM_RDONLY) || defined(dbm_dirfno)
-fprintf(f, "Probably ndbm\n");
+g = string_cat(g, US"Probably ndbm\n");
#elif defined(USE_TDB)
-fprintf(f, "Using tdb\n");
+g = string_cat(g, US"Using tdb\n");
#else
- #ifdef USE_GDBM
- fprintf(f, "Probably GDBM (native mode)\n");
- #else
- fprintf(f, "Probably GDBM (compatibility mode)\n");
- #endif
+# ifdef USE_GDBM
+ g = string_cat(g, US"Probably GDBM (native mode)\n");
+# else
+ g = string_cat(g, US"Probably GDBM (compatibility mode)\n");
+# endif
#endif
+return g;
}
/* This function is called for -bV/--version and for -d to output the optional
features of the current Exim binary.
-Arguments: a FILE for printing
+Arguments: BOOL, true for stdout else debug channel
Returns: nothing
*/
static void
-show_whats_supported(FILE * fp)
+show_whats_supported(BOOL is_stdout)
{
rmark reset_point = store_mark();
-gstring * g;
-DEBUG(D_any) {} else show_db_version(fp);
+gstring * g = NULL;
+
+DEBUG(D_any) {} else g = show_db_version(g);
-g = string_cat(NULL, US"Support for:");
+g = string_cat(g, US"Support for:");
#ifdef SUPPORT_CRYPTEQ
g = string_cat(g, US" crypteq");
#endif
g = string_cat(g, US" PROXY");
#endif
#ifndef DISABLE_QUEUE_RAMP
- g = string_cat(g, US" Experimental_Queue_Ramp");
+ g = string_cat(g, US" Queue_Ramp");
#endif
#ifdef SUPPORT_SOCKS
g = string_cat(g, US" SOCKS");
#ifdef EXPERIMENTAL_QUEUEFILE
g = string_cat(g, US" Experimental_QUEUEFILE");
#endif
-#if defined(EXPERIMENTAL_SRS_ALT)
- g = string_cat(g, US" Experimental_SRS");
-#endif
g = string_cat(g, US"\n");
g = string_cat(g, US"Lookups (built-in):");
#ifdef WITH_CONTENT_SCAN
g = malware_show_supported(g);
#endif
+show_string(is_stdout, g); g = NULL;
if (fixed_never_users[0] > 0)
{
}
g = string_fmt_append(g, "Configure owner: %d:%d\n", config_uid, config_gid);
-fputs(CS string_from_gstring(g), fp);
-fprintf(fp, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));
+g = string_fmt_append(g, "Size of off_t: " SIZE_T_FMT "\n", sizeof(off_t));
/* Everything else is details which are only worth reporting when debugging.
Perhaps the tls_version_report should move into this too. */
-DEBUG(D_any) do {
+DEBUG(D_any)
+ {
/* clang defines __GNUC__ (at least, for me) so test for it first */
#if defined(__clang__)
- fprintf(fp, "Compiler: CLang [%s]\n", __clang_version__);
+ g = string_fmt_append(g, "Compiler: CLang [%s]\n", __clang_version__);
#elif defined(__GNUC__)
- fprintf(fp, "Compiler: GCC [%s]\n",
+ g = string_fmt_append(g, "Compiler: GCC [%s]\n",
# ifdef __VERSION__
__VERSION__
# else
# endif
);
#else
- fprintf(fp, "Compiler: <unknown>\n");
+ g = string_cat(g, US"Compiler: <unknown>\n");
#endif
#if defined(__GLIBC__) && !defined(__UCLIBC__)
- fprintf(fp, "Library version: Glibc: Compile: %d.%d\n",
+ g = string_fmt_append(g, "Library version: Glibc: Compile: %d.%d\n",
__GLIBC__, __GLIBC_MINOR__);
if (__GLIBC_PREREQ(2, 1))
- fprintf(fp, " Runtime: %s\n",
+ g = string_fmt_append(g, " Runtime: %s\n",
gnu_get_libc_version());
#endif
-show_db_version(fp);
+g = show_db_version(g);
#ifndef DISABLE_TLS
- tls_version_report(fp);
+ g = tls_version_report(g);
#endif
#ifdef SUPPORT_I18N
- utf8_version_report(fp);
+ g = utf8_version_report(g);
#endif
#ifdef SUPPORT_DMARC
- dmarc_version_report(fp);
+ g = dmarc_version_report(g);
#endif
#ifdef SUPPORT_SPF
- spf_lib_version_report(fp);
+ g = spf_lib_version_report(g);
#endif
- for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi)
- if (authi->version_report)
- (*authi->version_report)(fp);
+show_string(is_stdout, g);
+g = NULL;
+
+for (auth_info * authi = auths_available; *authi->driver_name != '\0'; ++authi)
+ if (authi->version_report)
+ g = (*authi->version_report)(g);
/* PCRE_PRERELEASE is either defined and empty or a bare sequence of
characters; unless it's an ancient version of PCRE in which case it
{
uschar buf[24];
pcre2_config(PCRE2_CONFIG_VERSION, buf);
- fprintf(fp, "Library version: PCRE2: Compile: %d.%d%s\n"
+ g = string_fmt_append(g, "Library version: PCRE2: Compile: %d.%d%s\n"
" Runtime: %s\n",
PCRE2_MAJOR, PCRE2_MINOR,
EXPAND_AND_QUOTE(PCRE2_PRERELEASE) "",
#undef QUOTE
#undef EXPAND_AND_QUOTE
- init_lookup_list();
- for (int i = 0; i < lookup_list_count; i++)
- if (lookup_list[i]->version_report)
- lookup_list[i]->version_report(fp);
+show_string(is_stdout, g);
+g = NULL;
+
+init_lookup_list();
+for (int i = 0; i < lookup_list_count; i++)
+ if (lookup_list[i]->version_report)
+ g = lookup_list[i]->version_report(g);
+show_string(is_stdout, g);
+g = NULL;
#ifdef WHITELIST_D_MACROS
- fprintf(fp, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
+ g = string_fmt_append(g, "WHITELIST_D_MACROS: \"%s\"\n", WHITELIST_D_MACROS);
#else
- fprintf(fp, "WHITELIST_D_MACROS unset\n");
+ g = string_cat(g, US"WHITELIST_D_MACROS unset\n");
#endif
#ifdef TRUSTED_CONFIG_LIST
- fprintf(fp, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
+ g = string_fmt_append(g, "TRUSTED_CONFIG_LIST: \"%s\"\n", TRUSTED_CONFIG_LIST);
#else
- fprintf(fp, "TRUSTED_CONFIG_LIST unset\n");
+ g = string_cat(g, US"TRUSTED_CONFIG_LIST unset\n");
#endif
+ }
-} while (0);
+show_string(is_stdout, g);
store_reset(reset_point);
}
get_stdinput(char *(*fn_readline)(const char *), void(*fn_addhist)(const char *))
{
gstring * g = NULL;
+BOOL had_input = FALSE;
if (!fn_readline) { printf("> "); fflush(stdout); }
for (int i = 0;; i++)
{
uschar buffer[1024];
- uschar *p, *ss;
+ uschar * p, * ss;
- #ifdef USE_READLINE
+#ifdef USE_READLINE
char *readline_line = NULL;
if (fn_readline)
{
if (!(readline_line = fn_readline((i > 0)? "":"> "))) break;
- if (*readline_line != 0 && fn_addhist) fn_addhist(readline_line);
+ if (*readline_line && fn_addhist) fn_addhist(readline_line);
p = US readline_line;
}
else
- #endif
+#endif
/* readline() not in use */
{
- if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break;
+ if (Ufgets(buffer, sizeof(buffer), stdin) == NULL) break; /*EOF*/
p = buffer;
}
/* Handle the line */
- ss = p + (int)Ustrlen(p);
- while (ss > p && isspace(ss[-1])) ss--;
+ had_input = TRUE;
+ ss = p + Ustrlen(p);
+ while (ss > p && isspace(ss[-1])) ss--; /* strip trailing newline (and spaces) */
if (i > 0)
- while (p < ss && isspace(*p)) p++; /* leading space after cont */
+ while (p < ss && isspace(*p)) p++; /* strip leading space after cont */
g = string_catn(g, p, ss - p);
- #ifdef USE_READLINE
+#ifdef USE_READLINE
if (fn_readline) free(readline_line);
- #endif
+#endif
/* g can only be NULL if ss==p */
- if (ss == p || g->s[g->ptr-1] != '\\')
+ if (ss == p || g->s[g->ptr-1] != '\\') /* not continuation; done */
break;
- --g->ptr;
- (void) string_from_gstring(g);
+ --g->ptr; /* drop the \ */
}
-if (!g) printf("\n");
-return string_from_gstring(g);
+if (had_input) return g ? string_from_gstring(g) : US"";
+printf("\n");
+return NULL;
}
if (macro_read_assignment(big_buffer))
printf("Defined macro '%s'\n", mlast->name);
}
+else if (Ustrncmp(big_buffer, "set ", 4) == 0)
+ printf("%s\n", acl_standalone_setvar(big_buffer+4));
else
if ((s = expand_string(big_buffer))) printf("%s\n", CS s);
else printf("Failed: %s\n", expand_string_message);
int list_queue_option = 0;
int msg_action = 0;
int msg_action_arg = -1;
-int namelen = (argv[0] == NULL)? 0 : Ustrlen(argv[0]);
+int namelen = argv[0] ? Ustrlen(argv[0]) : 0;
int queue_only_reason = 0;
#ifdef EXIM_PERL
int perl_start_option = 0;
debug_store = TRUE;
/* Protect against abusive argv[0] */
+if (!argv[0] || !argc) exim_fail("exim: executable name required\n");
exim_str_fail_toolong(argv[0], PATH_MAX, "argv[0]");
/* The C standard says that the equivalent of setlocale(LC_ALL, "C") is obeyed
/* Set up the handler for the data request signal, and set the initial
descriptive text. */
-process_info = store_get(PROCESS_INFO_SIZE, TRUE); /* tainted */
+process_info = store_get(PROCESS_INFO_SIZE, GET_TAINTED);
set_process_info("initializing");
os_restarting_signal(SIGUSR1, usr1_handler); /* exiwhat */
+#ifdef SA_SIGINFO
+ {
+ struct sigaction act = { .sa_sigaction = segv_handler, .sa_flags = SA_RESETHAND | SA_SIGINFO };
+ sigaction(SIGSEGV, &act, NULL);
+ }
+#else
signal(SIGSEGV, segv_handler); /* log faults */
+#endif
/* If running in a dockerized environment, the TERM signal is only
delegated to the PID 1 if we request it by setting an signal handler */
using mac_ismsgid, which uses this. */
regex_ismsgid =
- regex_must_compile(US"^(?:[^\\W_]{6}-){2}[^\\W_]{2}$", FALSE, TRUE);
+ regex_must_compile(US"^(?:[^\\W_]{6}-){2}[^\\W_]{2}$", MCS_NOFLAGS, TRUE);
/* Precompile the regular expression that is used for matching an SMTP error
code, possibly extended, at the start of an error message. Note that the
regex_smtp_code =
regex_must_compile(US"^\\d\\d\\d\\s(?:\\d\\.\\d\\d?\\d?\\.\\d\\d?\\d?\\s)?",
- FALSE, TRUE);
+ MCS_NOFLAGS, TRUE);
#ifdef WHITELIST_D_MACROS
/* Precompile the regular expression used to filter the content of macros
given to -D for permissibility. */
regex_whitelisted_macro =
- regex_must_compile(US"^[A-Za-z0-9_/.-]*$", FALSE, TRUE);
+ regex_must_compile(US"^[A-Za-z0-9_/.-]*$", MCS_NOFLAGS, TRUE);
#endif
-for (i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
-
/* If the program is called as "mailq" treat it as equivalent to "exim -bp";
this seems to be a generally accepted convention, since one finds symbolic
links called "mailq" in standard OS configurations. */
-bdf: Ditto, but in the foreground.
*/
case 'd':
- f.daemon_listen = TRUE;
+ f.daemon_listen = f.daemon_scion = TRUE;
if (*argrest == 'f') f.background_daemon = FALSE;
else if (*argrest) badarg = TRUE;
break;
if (!*argrest || Ustrcmp(argrest, "c") == 0)
{
if (++i >= argc) { badarg = TRUE; break; }
- sender_host_address = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-bh"), TRUE);
+ sender_host_address = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-bh"),
+ GET_TAINTED);
host_checking = checking = f.log_testing_mode = TRUE;
f.host_checking_callout = *argrest == 'c';
message_logs = FALSE;
version_cnumber, version_date);
printf("%s\n", CS version_copyright);
version_printed = TRUE;
- show_whats_supported(stdout);
+ show_whats_supported(TRUE);
f.log_testing_mode = TRUE;
}
else badarg = TRUE;
case 'w':
f.inetd_wait_mode = TRUE;
f.background_daemon = FALSE;
- f.daemon_listen = TRUE;
+ f.daemon_listen = f.daemon_scion = TRUE;
if (*argrest)
if ((inetd_wait_timeout = readconf_readtime(argrest, 0, FALSE)) <= 0)
exim_fail("exim: bad time value %s: abandoned\n", argv[i]);
#endif
break;
- /* -d: Set debug level (see also -v below) or set the drop_cr option.
- The latter is now a no-op, retained for compatibility only. If -dd is used,
- debugging subprocesses of the daemon is disabled. */
-
case 'd':
+
+ /* -dropcr: Set this option. Now a no-op, retained for compatibility only. */
+
if (Ustrcmp(argrest, "ropcr") == 0)
{
/* drop_cr = TRUE; */
}
- /* Use an intermediate variable so that we don't set debugging while
- decoding the debugging bits. */
+ /* -dp: Set up a debug pretrigger buffer with given size. */
+
+ else if (Ustrcmp(argrest, "p") == 0)
+ if (++i >= argc)
+ badarg = TRUE;
+ else
+ debug_pretrigger_setup(argv[i]);
+
+ /* -dt: Set a debug trigger selector */
+
+ else if (Ustrncmp(argrest, "t=", 2) == 0)
+ dtrigger_selector = (unsigned int) Ustrtol(argrest + 2, NULL, 0);
+
+ /* -d: Set debug level (see also -v below).
+ If -dd is used, debugging subprocesses of the daemon is disabled. */
else
{
+ /* Use an intermediate variable so that we don't set debugging while
+ decoding the debugging bits. */
+
unsigned int selector = D_default;
debug_selector = 0;
debug_file = NULL;
case 'F':
if (!*argrest)
if (++i < argc) argrest = argv[i]; else { badarg = TRUE; break; }
- originator_name = string_copy_taint(exim_str_fail_toolong(argrest, EXIM_HUMANNAME_MAX, "-F"), TRUE);
+ originator_name = string_copy_taint(
+ exim_str_fail_toolong(argrest, EXIM_HUMANNAME_MAX, "-F"),
+ GET_TAINTED);
f.sender_name_forced = TRUE;
break;
if (i+1 < argc) argrest = argv[++i]; else { badarg = TRUE; break; }
(void) exim_str_fail_toolong(argrest, EXIM_DISPLAYMAIL_MAX, "-f");
if (!*argrest)
- *(sender_address = store_get(1, FALSE)) = '\0'; /* Ensure writeable memory */
+ *(sender_address = store_get(1, GET_UNTAINTED)) = '\0'; /* Ensure writeable memory */
else
{
uschar * temp = argrest + Ustrlen(argrest) - 1;
&dummy_start, &dummy_end, &sender_address_domain, TRUE)))
exim_fail("exim: bad -f address \"%s\": %s\n", argrest, errmess);
- sender_address = string_copy_taint(sender_address, TRUE);
+ sender_address = string_copy_taint(sender_address, GET_TAINTED);
#ifdef SUPPORT_I18N
message_smtputf8 = string_is_utf8(sender_address);
allow_utf8_domains = FALSE;
exim_fail("exim: the -L syslog name is too long: \"%s\"\n", argrest);
if (sz < 1)
exim_fail("exim: the -L syslog name is too short\n");
- cmdline_syslog_name = string_copy_taint(argrest, TRUE);
+ cmdline_syslog_name = string_copy_taint(argrest, GET_TAINTED);
break;
case 'M':
if (msg_action_arg >= 0)
exim_fail("exim: incompatible arguments\n");
- continue_transport = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-C internal transport"), TRUE);
- continue_hostname = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-C internal hostname"), TRUE);
- continue_host_address = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-C internal hostaddr"), TRUE);
+ continue_transport = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-C internal transport"),
+ GET_TAINTED);
+ continue_hostname = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-C internal hostname"),
+ GET_TAINTED);
+ continue_host_address = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-C internal hostaddr"),
+ GET_TAINTED);
continue_sequence = Uatoi(argv[++i]);
msg_action = MSG_DELIVER;
msg_action_arg = ++i;
/* -MCd: for debug, set a process-purpose string */
case 'd': if (++i < argc)
- process_purpose = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCd"), TRUE);
+ process_purpose = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCd"),
+ GET_TAINTED);
else badarg = TRUE;
break;
from the commandline should be tainted - but we will need an untainted
value for the spoolfile when doing a -odi delivery process. */
- case 'G': if (++i < argc) queue_name = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCG"), FALSE);
+ case 'G': if (++i < argc) queue_name = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_DRIVERNAME_MAX, "-MCG"),
+ GET_UNTAINTED);
else badarg = TRUE;
break;
case 'p': proxy_session = TRUE;
if (++i < argc)
{
- proxy_local_address = string_copy_taint(argv[i], TRUE);
+ proxy_local_address = string_copy_taint(argv[i], GET_TAINTED);
if (++i < argc)
{
proxy_local_port = Uatoi(argv[i]);
if (++i < argc)
{
- proxy_external_address = string_copy_taint(argv[i], TRUE);
+ proxy_external_address = string_copy_taint(argv[i], GET_TAINTED);
if (++i < argc)
{
proxy_external_port = Uatoi(argv[i]);
case 'r':
case 's': if (++i < argc)
{
- continue_proxy_sni = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_HOSTNAME_MAX, "-MCr/-MCs"), TRUE);
+ continue_proxy_sni = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_HOSTNAME_MAX, "-MCr/-MCs"),
+ GET_TAINTED);
if (argrest[1] == 'r') continue_proxy_dane = TRUE;
}
else badarg = TRUE;
and the TLS cipher. */
case 't': if (++i < argc)
- sending_ip_address = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-MCt IP"), TRUE);
+ sending_ip_address = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_IPADDR_MAX, "-MCt IP"),
+ GET_TAINTED);
else badarg = TRUE;
if (++i < argc)
sending_port = (int)(Uatol(argv[i]));
else badarg = TRUE;
if (++i < argc)
- continue_proxy_cipher = string_copy_taint(exim_str_fail_toolong(argv[i], EXIM_CIPHERNAME_MAX, "-MCt cipher"), TRUE);
+ continue_proxy_cipher = string_copy_taint(
+ exim_str_fail_toolong(argv[i], EXIM_CIPHERNAME_MAX, "-MCt cipher"),
+ GET_TAINTED);
else badarg = TRUE;
/*FALLTHROUGH*/
else if (Ustrcmp(argrest, "G") == 0)
{
msg_action = MSG_SETQUEUE;
- queue_name_dest = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-MG"), TRUE);
- }
- else if (Ustrcmp(argrest, "mad") == 0)
- {
- msg_action = MSG_MARK_ALL_DELIVERED;
+ queue_name_dest = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-MG"),
+ GET_TAINTED);
}
+ else if (Ustrcmp(argrest, "mad") == 0) msg_action = MSG_MARK_ALL_DELIVERED;
else if (Ustrcmp(argrest, "md") == 0)
{
msg_action = MSG_MARK_DELIVERED;
/* -oMa: Set sender host address */
if (Ustrcmp(argrest, "a") == 0)
- sender_host_address = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMa"), TRUE);
+ sender_host_address = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMa"),
+ GET_TAINTED);
/* -oMaa: Set authenticator name */
else if (Ustrcmp(argrest, "aa") == 0)
- sender_host_authenticated = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMaa"), TRUE);
+ sender_host_authenticated = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMaa"),
+ GET_TAINTED);
/* -oMas: setting authenticated sender */
else if (Ustrcmp(argrest, "as") == 0)
- authenticated_sender = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"), TRUE);
+ authenticated_sender = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"),
+ GET_TAINTED);
/* -oMai: setting authenticated id */
else if (Ustrcmp(argrest, "ai") == 0)
- authenticated_id = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMas"), TRUE);
+ authenticated_id = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_EMAILADDR_MAX, "-oMai"),
+ GET_TAINTED);
/* -oMi: Set incoming interface address */
else if (Ustrcmp(argrest, "i") == 0)
- interface_address = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMi"), TRUE);
+ interface_address = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IPADDR_MAX, "-oMi"),
+ GET_TAINTED);
/* -oMm: Message reference */
if (received_protocol)
exim_fail("received_protocol is set already\n");
else
- received_protocol = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMr"), TRUE);
+ received_protocol = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_DRIVERNAME_MAX, "-oMr"),
+ GET_TAINTED);
/* -oMs: Set sender host name */
else if (Ustrcmp(argrest, "s") == 0)
- sender_host_name = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-oMs"), TRUE);
+ sender_host_name = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_HOSTNAME_MAX, "-oMs"),
+ GET_TAINTED);
/* -oMt: Set sender ident */
else if (Ustrcmp(argrest, "t") == 0)
{
sender_ident_set = TRUE;
- sender_ident = string_copy_taint(exim_str_fail_toolong(argv[++i], EXIM_IDENTUSER_MAX, "-oMt"), TRUE);
+ sender_ident = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], EXIM_IDENTUSER_MAX, "-oMt"),
+ GET_TAINTED);
}
/* Else a bad argument */
case 'X':
if (*argrest) badarg = TRUE;
- else override_local_interfaces = string_copy_taint(exim_str_fail_toolong(argv[++i], 1024, "-oX"), TRUE);
+ else override_local_interfaces = string_copy_taint(
+ exim_str_fail_toolong(argv[++i], 1024, "-oX"),
+ GET_TAINTED);
break;
/* -oY: Override creation of daemon notifier socket */
exim_fail("received_protocol is set already\n");
if (!hn)
- received_protocol = string_copy_taint(exim_str_fail_toolong(argrest, EXIM_DRIVERNAME_MAX, "-p<protocol>"), TRUE);
+ received_protocol = string_copy_taint(
+ exim_str_fail_toolong(argrest, EXIM_DRIVERNAME_MAX, "-p<protocol>"),
+ GET_TAINTED);
else
{
(void) exim_str_fail_toolong(argrest, (EXIM_DRIVERNAME_MAX+1+EXIM_HOSTNAME_MAX), "-p<protocol>:<host>");
- received_protocol = string_copyn_taint(argrest, hn - argrest, TRUE);
- sender_host_name = string_copy_taint(hn + 1, TRUE);
+ received_protocol = string_copyn_taint(argrest, hn - argrest, GET_TAINTED);
+ sender_host_name = string_copy_taint(hn + 1, GET_TAINTED);
}
}
break;
{
queue_interval = 0;
if (i+1 < argc && mac_ismsgid(argv[i+1]))
- start_queue_run_id = string_copy_taint(argv[++i], TRUE);
+ start_queue_run_id = string_copy_taint(argv[++i], GET_TAINTED);
if (i+1 < argc && mac_ismsgid(argv[i+1]))
- stop_queue_run_id = string_copy_taint(argv[++i], TRUE);
+ stop_queue_run_id = string_copy_taint(argv[++i], GET_TAINTED);
}
/* -q[f][f][l][G<name>/]<n>: Run the queue at regular intervals, optionally
tainted_selectstr = argv[++i];
else
exim_fail("exim: string expected after -R\n");
- deliver_selectstring = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-R"), TRUE);
+ deliver_selectstring = string_copy_taint(
+ exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-R"),
+ GET_TAINTED);
}
break;
tainted_selectstr = argv[++i];
else
exim_fail("exim: string expected after -S\n");
- deliver_selectstring_sender = string_copy_taint(exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-S"), TRUE);
+ deliver_selectstring_sender = string_copy_taint(
+ exim_str_fail_toolong(tainted_selectstr, EXIM_EMAILADDR_MAX, "-S"),
+ GET_TAINTED);
}
break;
case 'T':
if (f.running_in_test_harness && Ustrcmp(argrest, "qt") == 0)
- fudged_queue_times = string_copy_taint(argv[++i], TRUE);
+ fudged_queue_times = string_copy_taint(argv[++i], GET_TAINTED);
else badarg = TRUE;
break;
case 'z':
if (!*argrest)
if (++i < argc)
- log_oneline = string_copy_taint(exim_str_fail_toolong(argv[i], 2048, "-z logtext"), TRUE);
+ log_oneline = string_copy_taint(
+ exim_str_fail_toolong(argv[i], 2048, "-z logtext"),
+ GET_TAINTED);
else
exim_fail("exim: file name expected after %s\n", argv[i-1]);
break;
version_string, (long int)real_uid, (long int)real_gid, (int)getpid(),
debug_selector);
if (!version_printed)
- show_whats_supported(stderr);
+ show_whats_supported(FALSE);
}
}
{
int old_pool = store_pool;
#ifdef MEASURE_TIMING
- struct timeval t0, diff;
+ struct timeval t0;
(void)gettimeofday(&t0, NULL);
#endif
{
int i = 0;
uschar *argv[3];
- argv[i++] = bi_command;
+ argv[i++] = bi_command; /* nonexpanded option so assume untainted */
if (alias_arg) argv[i++] = alias_arg;
argv[i++] = NULL;
{
int old_pool = store_pool;
#ifdef MEASURE_TIMING
- struct timeval t0, diff;
+ struct timeval t0;
(void)gettimeofday(&t0, NULL);
#endif
store_pool = POOL_CONFIG;
readconf_rest();
store_pool = old_pool;
- store_writeprotect(POOL_CONFIG);
+
+ /* -be can add macro definitions, needing to link to the macro structure
+ chain. Otherwise, make the memory used for config data readonly. */
+
+ if (!expansion_test)
+ store_writeprotect(POOL_CONFIG);
#ifdef MEASURE_TIMING
report_time_since(&t0, US"readconf_rest (delta)");
if (gecos_pattern && gecos_name)
{
const pcre2_code *re;
- re = regex_must_compile(gecos_pattern, FALSE, TRUE); /* Use malloc */
+ re = regex_must_compile(gecos_pattern, MCS_NOFLAGS, TRUE); /* Use malloc */
if (regex_match_and_setup(re, name, 0, -1))
{
routines in it, so call even if tls_require_ciphers is unset */
{
# ifdef MEASURE_TIMING
- struct timeval t0, diff;
+ struct timeval t0;
(void)gettimeofday(&t0, NULL);
# endif
if (!tls_dropprivs_validate_require_cipher(FALSE))
while (recipients_arg < argc)
{
/* Supplied addresses are tainted since they come from a user */
- uschar * s = string_copy_taint(exim_str_fail_toolong(argv[recipients_arg++], EXIM_DISPLAYMAIL_MAX, "address verification"), TRUE);
+ uschar * s = string_copy_taint(
+ exim_str_fail_toolong(argv[recipients_arg++], EXIM_DISPLAYMAIL_MAX, "address verification"),
+ GET_TAINTED);
while (*s)
{
BOOL finished = FALSE;
{
uschar * s = get_stdinput(NULL, NULL);
if (!s) break;
- test_address(string_copy_taint(exim_str_fail_toolong(s, EXIM_DISPLAYMAIL_MAX, "address verification (stdin)"), TRUE), flags, &exit_value);
+ test_address(string_copy_taint(
+ exim_str_fail_toolong(s, EXIM_DISPLAYMAIL_MAX, "address verification (stdin)"),
+ GET_TAINTED),
+ flags, &exit_value);
}
route_tidyup();
message_id = US exim_str_fail_toolong(argv[msg_action_arg], MESSAGE_ID_LENGTH, "message-id");
/* Checking the length of the ID is sufficient to validate it.
Get an untainted version so file opens can be done. */
- message_id = string_copy_taint(message_id, FALSE);
+ message_id = string_copy_taint(message_id, GET_UNTAINTED);
spoolname = string_sprintf("%s-H", message_id);
if ((deliver_datafile = spool_open_datafile(message_id)) < 0)
it. The code works for both IPv4 and IPv6, as it happens. */
size = host_aton(sender_host_address, x);
- sender_host_address = store_get(48, FALSE); /* large enough for full IPv6 */
+ sender_host_address = store_get(48, GET_UNTAINTED); /* large enough for full IPv6 */
(void)host_nmtoa(size, x, -1, sender_host_address, ':');
/* Now set up for testing */
memset(sender_host_cache, 0, sizeof(sender_host_cache));
if (verify_check_host(&hosts_connection_nolog) == OK)
+ {
BIT_CLEAR(log_selector, log_selector_size, Li_smtp_connection);
+ BIT_CLEAR(log_selector, log_selector_size, Li_smtp_no_mail);
+ }
log_write(L_smtp_connection, LOG_MAIN, "%s", smtp_get_connection_info());
/* NOTE: We do *not* call smtp_log_no_mail() if smtp_start_session() fails,
smtp_out = stdout;
memset(sender_host_cache, 0, sizeof(sender_host_cache));
if (verify_check_host(&hosts_connection_nolog) == OK)
+ {
BIT_CLEAR(log_selector, log_selector_size, Li_smtp_connection);
+ BIT_CLEAR(log_selector, log_selector_size, Li_smtp_no_mail);
+ }
log_write(L_smtp_connection, LOG_MAIN, "%s", smtp_get_connection_info());
if (!smtp_start_session())
{
uschar * errmess;
/* There can be multiple addresses, so EXIM_DISPLAYMAIL_MAX (tuned for 1) is too short.
* We'll still want to cap it to something, just in case. */
- uschar * s = string_copy_taint(exim_str_fail_toolong(list[i], BIG_BUFFER_SIZE, "address argument"), TRUE);
+ uschar * s = string_copy_taint(
+ exim_str_fail_toolong(list[i], BIG_BUFFER_SIZE, "address argument"),
+ GET_TAINTED);
/* Loop for each comma-separated address */
- while (*s != 0)
+ while (*s)
{
BOOL finished = FALSE;
uschar *recipient;
errors_sender_rc : EXIT_FAILURE;
}
- receive_add_recipient(string_copy_taint(recipient, TRUE), -1);
+ receive_add_recipient(string_copy_taint(recipient, GET_TAINTED), -1);
s = ss;
if (!finished)
while (*(++s) != 0 && (*s == ',' || isspace(*s)));
the file copy. */
if (!receive_timeout)
- {
- struct timeval t = { .tv_sec = 30*60, .tv_usec = 0 }; /* 30 minutes */
- fd_set r;
-
- FD_ZERO(&r); FD_SET(0, &r);
- if (select(1, &r, NULL, NULL, &t) == 0) mainlog_close();
- }
+ if (poll_one_fd(0, POLLIN, 30*60*1000) == 0) /* 30 minutes */
+ mainlog_close();
/* Read the data for the message. If filter_test is not FTEST_NONE, this
will just read the headers for the message, and not write anything onto the
dnslist_domain = dnslist_matched = NULL;
#ifdef WITH_CONTENT_SCAN
malware_name = NULL;
+ regex_vars_clear();
#endif
callout_address = NULL;
sending_ip_address = NULL;
deliver_localpart_data = deliver_domain_data =
recipient_data = sender_data = NULL;
acl_var_m = NULL;
- for(int i = 0; i < REGEX_VARS; i++) regex_vars[i] = NULL;
store_reset(reset_point);
}
git://git.exim.org / exim.git / blobdiff