* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2015 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
dbblock Points to an open_db block to be filled in.
lof If TRUE, write to the log for actual open failures (locking failures
are always logged).
+ panic If TRUE, panic on failure to create the db directory
Returns: NULL if the open failed, or the locking failed. After locking
failures, errno is zero.
*/
open_db *
-dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof)
+dbfn_open(uschar *name, int flags, open_db *dbblock, BOOL lof, BOOL panic)
{
int rc, save_errno;
BOOL read_only = flags == O_RDONLY;
flock_t lock_data;
uschar dirname[256], filename[256];
+DEBUG(D_hints_lookup) acl_level++;
+
/* The first thing to do is to open a separate file on which to lock. This
ensures that Exim has exclusive use of the database before it even tries to
open it. Early versions tried to lock on the open database itself, but that
if ((dbblock->lockfd = Uopen(filename, O_RDWR, EXIMDB_LOCKFILE_MODE)) < 0)
{
created = TRUE;
- (void)directory_make(spool_directory, US"db", EXIMDB_DIRECTORY_MODE, TRUE);
+ (void)directory_make(spool_directory, US"db", EXIMDB_DIRECTORY_MODE, panic);
dbblock->lockfd = Uopen(filename, O_RDWR|O_CREAT, EXIMDB_LOCKFILE_MODE);
}
if (dbblock->lockfd < 0)
{
log_write(0, LOG_MAIN, "%s",
- string_open_failed(errno, "database lock file %s", filename));
+ string_open_failed("database lock file %s", filename));
errno = 0; /* Indicates locking failure */
+ DEBUG(D_hints_lookup) acl_level--;
return NULL;
}
lock_data.l_whence = lock_data.l_start = lock_data.l_len = 0;
DEBUG(D_hints_lookup|D_retry|D_route|D_deliver)
- debug_printf("locking %s\n", filename);
+ debug_printf_indent("locking %s\n", filename);
sigalrm_seen = FALSE;
-alarm(EXIMDB_LOCK_TIMEOUT);
+ALARM(EXIMDB_LOCK_TIMEOUT);
rc = fcntl(dbblock->lockfd, F_SETLKW, &lock_data);
-alarm(0);
+ALARM_CLR(0);
if (sigalrm_seen) errno = ETIMEDOUT;
if (rc < 0)
errno == ETIMEDOUT ? "timed out" : strerror(errno));
(void)close(dbblock->lockfd);
errno = 0; /* Indicates locking failure */
+ DEBUG(D_hints_lookup) acl_level--;
return NULL;
}
-DEBUG(D_hints_lookup) debug_printf("locked %s\n", filename);
+DEBUG(D_hints_lookup) debug_printf_indent("locked %s\n", filename);
/* At this point we have an opened and locked separate lock file, that is,
exclusive access to the database, so we can go ahead and open it. If we are
open call. */
snprintf(CS filename, sizeof(filename), "%s/%s", dirname, name);
-DEBUG(D_hints_lookup) debug_printf("EXIM_DBOPEN(%s)\n", filename);
EXIM_DBOPEN(filename, dirname, flags, EXIMDB_MODE, &(dbblock->dbptr));
-DEBUG(D_hints_lookup) debug_printf("returned from EXIM_DBOPEN\n");
if (!dbblock->dbptr && errno == ENOENT && flags == O_RDWR)
{
DEBUG(D_hints_lookup)
- debug_printf("%s appears not to exist: trying to create\n", filename);
+ debug_printf_indent("%s appears not to exist: trying to create\n", filename);
created = TRUE;
EXIM_DBOPEN(filename, dirname, flags|O_CREAT, EXIMDB_MODE, &(dbblock->dbptr));
- DEBUG(D_hints_lookup) debug_printf("returned from EXIM_DBOPEN\n");
}
save_errno = errno;
if (created && geteuid() == root_uid)
{
- DIR *dd;
- struct dirent *ent;
+ DIR * dd;
uschar *lastname = Ustrrchr(filename, '/') + 1;
int namelen = Ustrlen(name);
*lastname = 0;
- dd = opendir(CS filename);
- while ((ent = readdir(dd)))
- if (Ustrncmp(ent->d_name, name, namelen) == 0)
- {
- struct stat statbuf;
- Ustrcpy(lastname, ent->d_name);
- if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
- {
- DEBUG(D_hints_lookup) debug_printf("ensuring %s is owned by exim\n", filename);
- if (Uchown(filename, exim_uid, exim_gid))
- DEBUG(D_hints_lookup) debug_printf("failed setting %s to owned by exim\n", filename);
- }
- }
+ if ((dd = exim_opendir(filename)))
+ for (struct dirent *ent; ent = readdir(dd); )
+ if (Ustrncmp(ent->d_name, name, namelen) == 0)
+ {
+ struct stat statbuf;
+ /* Filenames from readdir() are trusted,
+ so use a taint-nonchecking copy */
+ strcpy(CS lastname, CCS ent->d_name);
+ if (Ustat(filename, &statbuf) >= 0 && statbuf.st_uid != exim_uid)
+ {
+ DEBUG(D_hints_lookup)
+ debug_printf_indent("ensuring %s is owned by exim\n", filename);
+ if (exim_chown(filename, exim_uid, exim_gid))
+ DEBUG(D_hints_lookup)
+ debug_printf_indent("failed setting %s to owned by exim\n", filename);
+ }
+ }
closedir(dd);
}
/* If the open has failed, return NULL, leaving errno set. If lof is TRUE,
-log the event - also for debugging - but not if the file just doesn't exist. */
+log the event - also for debugging - but debug only if the file just doesn't
+exist. */
if (!dbblock->dbptr)
{
- if (save_errno != ENOENT)
- if (lof)
- log_write(0, LOG_MAIN, "%s", string_open_failed(save_errno, "DB file %s",
+ errno = save_errno;
+ if (lof && save_errno != ENOENT)
+ log_write(0, LOG_MAIN, "%s", string_open_failed("DB file %s",
filename));
- else
- DEBUG(D_hints_lookup)
- debug_printf("%s", CS string_open_failed(save_errno, "DB file %s\n",
+ else
+ DEBUG(D_hints_lookup)
+ debug_printf_indent("%s\n", CS string_open_failed("DB file %s",
filename));
(void)close(dbblock->lockfd);
errno = save_errno;
+ DEBUG(D_hints_lookup) acl_level--;
return NULL;
}
DEBUG(D_hints_lookup)
- debug_printf("opened hints database %s: flags=%s\n", filename,
+ debug_printf_indent("opened hints database %s: flags=%s\n", filename,
flags == O_RDONLY ? "O_RDONLY"
: flags == O_RDWR ? "O_RDWR"
: flags == (O_RDWR|O_CREAT) ? "O_RDWR|O_CREAT"
{
EXIM_DBCLOSE(dbblock->dbptr);
(void)close(dbblock->lockfd);
-DEBUG(D_hints_lookup) debug_printf("closed hints database and lockfile\n");
+DEBUG(D_hints_lookup)
+ { debug_printf_indent("closed hints database and lockfile\n"); acl_level--; }
}
void *yield;
EXIM_DATUM key_datum, result_datum;
int klen = Ustrlen(key) + 1;
-uschar * key_copy = store_get(klen);
+uschar * key_copy = store_get(klen, is_tainted(key));
memcpy(key_copy, key, klen);
-DEBUG(D_hints_lookup) debug_printf("dbfn_read: key=%s\n", key);
+DEBUG(D_hints_lookup) debug_printf_indent("dbfn_read: key=%s\n", key);
EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */
EXIM_DATUM_INIT(result_datum); /* to be cleared before use. */
if (!EXIM_DBGET(dbblock->dbptr, key_datum, result_datum)) return NULL;
-yield = store_get(EXIM_DATUM_SIZE(result_datum));
+/* Assume the data store could have been tainted. Properly, we should
+store the taint status with the data. */
+
+yield = store_get(EXIM_DATUM_SIZE(result_datum), TRUE);
memcpy(yield, EXIM_DATUM_DATA(result_datum), EXIM_DATUM_SIZE(result_datum));
if (length != NULL) *length = EXIM_DATUM_SIZE(result_datum);
}
+/* Read a record. If the length is not as expected then delete it, write
+an error log line and return NULL.
+Use this for fixed-size records (so not retry or wait records).
+
+Arguments:
+ dbblock a pointer to an open database block
+ key the key of the record to be read
+ length the expected record length
+
+Returns: a pointer to the retrieved record, or
+ NULL if the record is not found/bad
+*/
+
+void *
+dbfn_read_enforce_length(open_db * dbblock, const uschar * key, size_t length)
+{
+int rlen;
+void * yield = dbfn_read_with_length(dbblock, key, &rlen);
+
+if (yield)
+ {
+ if (rlen == length) return yield;
+ log_write(0, LOG_MAIN|LOG_PANIC, "Bad db record size for '%s'", key);
+ dbfn_delete(dbblock, key);
+ }
+return NULL;
+}
+
/*************************************************
* Write to database file *
EXIM_DATUM key_datum, value_datum;
dbdata_generic *gptr = (dbdata_generic *)ptr;
int klen = Ustrlen(key) + 1;
-uschar * key_copy = store_get(klen);
+uschar * key_copy = store_get(klen, is_tainted(key));
memcpy(key_copy, key, klen);
gptr->time_stamp = time(NULL);
-DEBUG(D_hints_lookup) debug_printf("dbfn_write: key=%s\n", key);
+DEBUG(D_hints_lookup) debug_printf_indent("dbfn_write: key=%s\n", key);
EXIM_DATUM_INIT(key_datum); /* Some DBM libraries require the datum */
EXIM_DATUM_INIT(value_datum); /* to be cleared before use. */
dbfn_delete(open_db *dbblock, const uschar *key)
{
int klen = Ustrlen(key) + 1;
-uschar * key_copy = store_get(klen);
+uschar * key_copy = store_get(klen, is_tainted(key));
+
+DEBUG(D_hints_lookup) debug_printf_indent("dbfn_delete: key=%s\n", key);
memcpy(key_copy, key, klen);
EXIM_DATUM key_datum;
{
EXIM_DATUM key_datum, value_datum;
uschar *yield;
-value_datum = value_datum; /* dummy; not all db libraries use this */
+
+DEBUG(D_hints_lookup) debug_printf_indent("dbfn_scan\n");
/* Some dbm require an initialization */
}
start = clock();
- odb = dbfn_open(s, O_RDWR, dbblock + i, TRUE);
+ odb = dbfn_open(s, O_RDWR, dbblock + i, TRUE, TRUE);
stop = clock();
- if (odb != NULL)
+ if (odb)
{
current = i;
printf("opened %d\n", current);
git://git.exim.org / exim.git / blobdiff