*************************************************/
/* Copyright (c) University of Cambridge 1995 - 2018 */
+/* Copyright (c) The Exim Maintainers 2020 */
/* See the file NOTICE for conditions of use and distribution. */
with "*" are not settable by the user but are used by the option-reading
software for alternative value types. Some options are publicly visible and so
are stored in the driver instance block. These are flagged with opt_public. */
+#define LOFF(field) OPT_OFF(autoreply_transport_options_block, field)
optionlist autoreply_transport_options[] = {
- { "bcc", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, bcc) },
- { "cc", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, cc) },
- { "file", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, file) },
- { "file_expand", opt_bool,
- (void *)offsetof(autoreply_transport_options_block, file_expand) },
- { "file_optional", opt_bool,
- (void *)offsetof(autoreply_transport_options_block, file_optional) },
- { "from", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, from) },
- { "headers", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, headers) },
- { "log", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, logfile) },
- { "mode", opt_octint,
- (void *)offsetof(autoreply_transport_options_block, mode) },
- { "never_mail", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, never_mail) },
- { "once", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, oncelog) },
- { "once_file_size", opt_int,
- (void *)offsetof(autoreply_transport_options_block, once_file_size) },
- { "once_repeat", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, once_repeat) },
- { "reply_to", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, reply_to) },
- { "return_message", opt_bool,
- (void *)offsetof(autoreply_transport_options_block, return_message) },
- { "subject", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, subject) },
- { "text", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, text) },
- { "to", opt_stringptr,
- (void *)offsetof(autoreply_transport_options_block, to) },
+ { "bcc", opt_stringptr, LOFF(bcc) },
+ { "cc", opt_stringptr, LOFF(cc) },
+ { "file", opt_stringptr, LOFF(file) },
+ { "file_expand", opt_bool, LOFF(file_expand) },
+ { "file_optional", opt_bool, LOFF(file_optional) },
+ { "from", opt_stringptr, LOFF(from) },
+ { "headers", opt_stringptr, LOFF(headers) },
+ { "log", opt_stringptr, LOFF(logfile) },
+ { "mode", opt_octint, LOFF(mode) },
+ { "never_mail", opt_stringptr, LOFF(never_mail) },
+ { "once", opt_stringptr, LOFF(oncelog) },
+ { "once_file_size", opt_int, LOFF(once_file_size) },
+ { "once_repeat", opt_stringptr, LOFF(once_repeat) },
+ { "reply_to", opt_stringptr, LOFF(reply_to) },
+ { "return_message", opt_bool, LOFF(return_message) },
+ { "subject", opt_stringptr, LOFF(subject) },
+ { "text", opt_stringptr, LOFF(text) },
+ { "to", opt_stringptr, LOFF(to) },
};
/* Size of the options list. An extern variable has to be used so that its
{
uschar *ss = expand_string(s);
-if (ss == NULL)
+if (!ss)
{
addr->transport_return = FAIL;
addr->message = string_sprintf("Expansion of \"%s\" failed in %s transport: "
/* If there is some kind of syntax error, just give up on this header
line. */
- if (next == NULL) break;
+ if (!next) break;
/* See if the address is on the never_mail list */
router. Otherwise, the data must be supplied by this transport, and
it has to be expanded here. */
-if (addr->reply != NULL)
+if (addr->reply)
{
DEBUG(D_transport) debug_printf("taking data from address\n");
from = addr->reply->from;
set, instead of a dbm file, we use a regular file containing a circular buffer
recipient cache. */
-if (oncelog && *oncelog != 0 && to)
+if (oncelog && *oncelog && to)
{
time_t then = 0;
+ if (is_tainted(oncelog))
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+ addr->message = string_sprintf("Tainted '%s' (once file for %s transport)"
+ " not permitted", oncelog, tblock->name);
+ goto END_OFF;
+ }
+
/* Handle fixed-size cache file. */
if (ob->once_file_size > 0)
{
uschar * nextp;
struct stat statbuf;
- cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
+ cache_fd = Uopen(oncelog, O_CREAT|O_RDWR, ob->mode);
if (cache_fd < 0 || fstat(cache_fd, &statbuf) != 0)
{
addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to %s \"once\" file %s when "
"sending message from %s transport: %s",
- (cache_fd < 0)? "open" : "stat", oncelog, tblock->name,
- strerror(errno));
+ cache_fd < 0 ? "open" : "stat", oncelog, tblock->name, strerror(errno));
goto END_OFF;
}
else
{
EXIM_DATUM key_datum, result_datum;
- uschar * dirname = string_copy(oncelog);
- uschar * s;
+ uschar * dirname, * s;
- if ((s = Ustrrchr(dirname, '/'))) *s = '\0';
+ dirname = (s = Ustrrchr(oncelog, '/'))
+ ? string_copyn(oncelog, s - oncelog) : NULL;
EXIM_DBOPEN(oncelog, dirname, O_RDWR|O_CREAT, ob->mode, &dbm_file);
if (!dbm_file)
{
addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to open %s file %s when sending "
"message from %s transport: %s", EXIM_DBTYPE, oncelog, tblock->name,
strerror(errno));
if (then != 0 && (once_repeat_sec <= 0 || now - then < once_repeat_sec))
{
int log_fd;
+ if (is_tainted(logfile))
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+ addr->message = string_sprintf("Tainted '%s' (logfile for %s transport)"
+ " not permitted", logfile, tblock->name);
+ goto END_OFF;
+ }
+
DEBUG(D_transport) debug_printf("message previously sent to %s%s\n", to,
(once_repeat_sec > 0)? " and repeat time not reached" : "");
log_fd = logfile ? Uopen(logfile, O_WRONLY|O_APPEND|O_CREAT, ob->mode) : -1;
}
/* We are going to send a message. Ensure any requested file is available. */
-
if (file)
{
- ff = Ufopen(file, "rb");
- if (!ff && !ob->file_optional)
+ if (is_tainted(file))
{
addr->transport_return = DEFER;
+ addr->basic_errno = EACCES;
+ addr->message = string_sprintf("Tainted '%s' (file for %s transport)"
+ " not permitted", file, tblock->name);
+ return FALSE;
+ }
+ if (!(ff = Ufopen(file, "rb")) && !ob->file_optional)
+ {
+ addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to open file %s when sending "
"message from %s transport: %s", file, tblock->name, strerror(errno));
return FALSE;
/* Make a subprocess to send the message */
-pid = child_open_exim(&fd);
-
-/* Creation of child failed; defer this delivery. */
-
-if (pid < 0)
+if ((pid = child_open_exim(&fd, US"autoreply")) < 0)
{
+ /* Creation of child failed; defer this delivery. */
+
addr->transport_return = DEFER;
+ addr->basic_errno = errno;
addr->message = string_sprintf("Failed to create child process to send "
"message from %s transport: %s", tblock->name, strerror(errno));
DEBUG(D_transport) debug_printf("%s\n", addr->message);