* Exim - an Internet mail transport agent *
*************************************************/
-/* Copyright (c) University of Cambridge 1995 - 2009 */
+/* Copyright (c) The Exim Maintainers 2020 - 2023 */
+/* Copyright (c) University of Cambridge 1995 - 2018 */
/* See the file NOTICE for conditions of use and distribution. */
+/* SPDX-License-Identifier: GPL-2.0-or-later */
/* Functions for matching strings */
strings, domains, and local parts. */
typedef struct check_string_block {
- uschar *origsubject; /* caseful; keep these two first, in */
- uschar *subject; /* step with the block below */
+ const uschar *origsubject; /* caseful; keep these two first, in */
+ const uschar *subject; /* step with the block below */
int expand_setup;
- BOOL use_partial;
- BOOL caseless;
- BOOL at_is_special;
+ mcs_flags flags; /* MCS_* defs in macros.h */
} check_string_block;
addresses. */
typedef struct check_address_block {
- uschar *origaddress; /* caseful; keep these two first, in */
+ const uschar *origaddress; /* caseful; keep these two first, in */
uschar *address; /* step with the block above */
int expand_setup;
- BOOL caseless;
+ mcs_flags flags; /* MCS_CASELESS, MCS_TEXTONLY_RE */
} check_address_block;
*/
static int
-check_string(void *arg, uschar *pattern, uschar **valueptr, uschar **error)
+check_string(void * arg, const uschar * pattern, const uschar ** valueptr,
+ uschar ** error)
{
-check_string_block *cb = (check_string_block *)arg;
+const check_string_block * cb = arg;
int search_type, partial, affixlen, starflags;
int expand_setup = cb->expand_setup;
-uschar *affix;
+const uschar * affix, * opts;
uschar *s;
uschar *filename = NULL;
uschar *keyquery, *result, *semicolon;
void *handle;
-error = error; /* Keep clever compilers from complaining */
-
-if (valueptr != NULL) *valueptr = NULL; /* For non-lookup matches */
+if (valueptr) *valueptr = NULL;
/* For regular expressions, use cb->origsubject rather than cb->subject so that
it works if the pattern uses (?-i) to turn off case-independence, overriding
"caseless". */
-s = (pattern[0] == '^')? cb->origsubject : cb->subject;
+s = string_copy(pattern[0] == '^' ? cb->origsubject : cb->subject);
/* If required to set up $0, initialize the data but don't turn on by setting
expand_nmax until the match is assured. */
expand_nmax = -1;
if (expand_setup == 0)
{
- expand_nstring[0] = s;
+ expand_nstring[0] = s; /* $0 (might be) the matched subject in full */
expand_nlength[0] = Ustrlen(s);
}
else if (expand_setup > 0) expand_setup--;
if (pattern[0] == '^')
{
- const pcre *re = regex_must_compile(pattern, cb->caseless, FALSE);
- return ((expand_setup < 0)?
- pcre_exec(re, NULL, CS s, Ustrlen(s), 0, PCRE_EOPT, NULL, 0) >= 0
- :
- regex_match_and_setup(re, s, 0, expand_setup)
- )?
- OK : FAIL;
+ const pcre2_code * re = regex_must_compile(pattern,
+ cb->flags & (MCS_CACHEABLE | MCS_CASELESS), FALSE);
+ if (expand_setup < 0
+ ? !regex_match(re, s, -1, NULL)
+ : !regex_match_and_setup(re, s, 0, expand_setup)
+ )
+ return FAIL;
+ if (valueptr) *valueptr = pattern; /* "value" gets the RE */
+ return OK;
}
/* Tail match */
if (pattern[0] == '*')
{
- BOOL yield;
int slen = Ustrlen(s);
int patlen; /* Sun compiler doesn't like non-constant initializer */
patlen = Ustrlen(++pattern);
if (patlen > slen) return FAIL;
- yield = cb->caseless?
- (strncmpic(s + slen - patlen, pattern, patlen) == 0) :
- (Ustrncmp(s + slen - patlen, pattern, patlen) == 0);
- if (yield && expand_setup >= 0)
+ if (cb->flags & MCS_CASELESS
+ ? strncmpic(s + slen - patlen, pattern, patlen) != 0
+ : Ustrncmp(s + slen - patlen, pattern, patlen) != 0)
+ return FAIL;
+ if (expand_setup >= 0)
{
- expand_nstring[++expand_setup] = s;
+ expand_nstring[++expand_setup] = s; /* write a $n, the matched subject variable-part */
expand_nlength[expand_setup] = slen - patlen;
- expand_nmax = expand_setup;
+ expand_nmax = expand_setup; /* commit also $0, the matched subject */
}
- return yield? OK : FAIL;
+ if (valueptr) *valueptr = pattern - 1; /* "value" gets the (original) pattern */
+ return OK;
}
/* Match a special item starting with @ if so enabled. On its own, "@" matches
cases we have to do some more work. If we don't recognize a special pattern,
just fall through - the match will fail. */
-if (cb->at_is_special && pattern[0] == '@')
+if (cb->flags & MCS_AT_SPECIAL && pattern[0] == '@')
{
if (pattern[1] == 0)
{
if (Ustrcmp(pattern, "@[]") == 0)
{
- ip_address_item *ip;
int slen = Ustrlen(s);
- if (s[0] != '[' && s[slen-1] != ']') return FAIL;
- for (ip = host_find_interfaces(); ip != NULL; ip = ip->next)
+ if (s[0] != '[' && s[slen-1] != ']') return FAIL; /*XXX should this be || ? */
+ for (ip_address_item * ip = host_find_interfaces(); ip; ip = ip->next)
if (Ustrncmp(ip->address, s+1, slen - 2) == 0
&& ip->address[slen - 2] == 0)
+ {
+ if (expand_setup >= 0) expand_nmax = expand_setup; /* commit $0, the IP addr */
+ if (valueptr) *valueptr = pattern; /* "value" gets the pattern */
return OK;
+ }
return FAIL;
}
BOOL prim = FALSE;
BOOL secy = FALSE;
BOOL removed = FALSE;
- uschar *ss = pattern + 4;
- uschar *ignore_target_hosts = NULL;
+ const uschar *ss = pattern + 4;
+ const uschar *ignore_target_hosts = NULL;
if (strncmpic(ss, US"any", 3) == 0) ss += 3;
else if (strncmpic(ss, US"primary", 7) == 0)
else goto NOT_AT_SPECIAL;
if (strncmpic(ss, US"/ignore=", 8) == 0) ignore_target_hosts = ss + 8;
- else if (*ss != 0) goto NOT_AT_SPECIAL;
+ else if (*ss) goto NOT_AT_SPECIAL;
h.next = NULL;
h.name = s;
NULL, /* service name not relevant */
NULL, /* srv_fail_domains not relevant */
NULL, /* mx_fail_domains not relevant */
+ NULL, /* no dnssec request/require XXX ? */
NULL, /* no feedback FQDN */
&removed); /* feedback if local removed */
return DEFER;
}
- if (rc == HOST_FOUND_LOCAL && !secy) return OK;
- if (prim) return FAIL;
- return removed? OK : FAIL;
+ if ((rc != HOST_FOUND_LOCAL || secy) && (prim || !removed))
+ return FAIL;
+
+ if (expand_setup >= 0) expand_nmax = expand_setup; /* commit $0, the matched subject */
+ if (valueptr) *valueptr = pattern; /* "value" gets the patterm */
+ return OK;
/*** The above line used to be the following line, but this is incorrect,
because host_find_bydns() may return HOST_NOT_FOUND if it removed some MX
if ((semicolon = Ustrchr(pattern, ';')) == NULL)
{
- BOOL yield = cb->caseless?
- (strcmpic(s, pattern) == 0) : (Ustrcmp(s, pattern) == 0);
- if (yield && expand_setup >= 0) expand_nmax = expand_setup;
- return yield? OK : FAIL;
+ if (cb->flags & MCS_CASELESS ? strcmpic(s, pattern) != 0 : Ustrcmp(s, pattern) != 0)
+ return FAIL;
+ if (expand_setup >= 0) expand_nmax = expand_setup; /* $0 gets the matched subject */
+ if (valueptr) *valueptr = pattern; /* "value" gets the pattern */
+ return OK;
}
/* Otherwise we have a lookup item. The lookup type, including partial, etc. is
*semicolon = 0;
search_type = search_findtype_partial(pattern, &partial, &affix, &affixlen,
- &starflags);
+ &starflags, &opts);
*semicolon = ';';
if (search_type < 0) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
search_error_message);
/* Partial matching is not appropriate for certain lookups (e.g. when looking
up user@domain for sender rejection). There's a flag to disable it. */
-if (!cb->use_partial) partial = -1;
+if (!(cb->flags & MCS_PARTIAL)) partial = -1;
/* Set the parameters for the three different kinds of lookup. */
-keyquery = semicolon + 1;
-while (isspace(*keyquery)) keyquery++;
-
-if (mac_islookup(search_type, lookup_absfilequery))
- {
- filename = keyquery;
- while (*keyquery != 0 && !isspace(*keyquery)) keyquery++;
- filename = string_copyn(filename, keyquery - filename);
- while (isspace(*keyquery)) keyquery++;
- }
-
-else if (!mac_islookup(search_type, lookup_querystyle))
- {
- filename = keyquery;
- keyquery = s;
- }
+keyquery = search_args(search_type, s, semicolon+1, &filename, opts);
/* Now do the actual lookup; throw away the data returned unless it was asked
for; partial matching is all handled inside search_find(). Note that there is
no search_close() because of the caching arrangements. */
-handle = search_open(filename, search_type, 0, NULL, NULL);
-if (handle == NULL) log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
- search_error_message);
+if (!(handle = search_open(filename, search_type, 0, NULL, NULL)))
+ log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s", search_error_message);
result = search_find(handle, filename, keyquery, partial, affix, affixlen,
- starflags, &expand_setup);
+ starflags, &expand_setup, opts);
-if (result == NULL) return search_find_defer? DEFER : FAIL;
-if (valueptr != NULL) *valueptr = result;
+if (!result) return f.search_find_defer ? DEFER : FAIL;
+if (valueptr) *valueptr = result;
expand_nmax = expand_setup;
return OK;
s the subject string to be checked
pattern the pattern to check it against
expand_setup expansion setup option (see check_string())
- use_partial if FALSE, override any partial- search types
- caseless TRUE for caseless matching where possible
- at_is_special TRUE to recognize @, @[], etc.
+ flags
+ use_partial if FALSE, override any partial- search types
+ caseless TRUE for caseless matching where possible
+ at_is_special TRUE to recognize @, @[], etc.
valueptr if not NULL, and a file lookup was done, return the result
here instead of discarding it; else set it to point to NULL
*/
int
-match_check_string(uschar *s, uschar *pattern, int expand_setup,
- BOOL use_partial, BOOL caseless, BOOL at_is_special, uschar **valueptr)
+match_check_string(const uschar * s, const uschar * pattern, int expand_setup,
+ mcs_flags flags, const uschar ** valueptr)
{
check_string_block cb;
cb.origsubject = s;
-cb.subject = caseless? string_copylc(s) : string_copy(s);
+cb.subject = flags & MCS_CASELESS ? string_copylc(s) : string_copy(s);
cb.expand_setup = expand_setup;
-cb.use_partial = use_partial;
-cb.caseless = caseless;
-cb.at_is_special = at_is_special;
+cb.flags = flags;
return check_string(&cb, pattern, valueptr, NULL);
}
type MCL_STRING, MCL_DOMAIN, MCL_HOST, MCL_ADDRESS, or MCL_LOCALPART
*/
-static uschar *
+static const uschar *
get_check_key(void *arg, int type)
{
switch(type)
{
case MCL_STRING:
case MCL_DOMAIN:
- case MCL_LOCALPART:
- return ((check_string_block *)arg)->subject;
-
- case MCL_HOST:
- return ((check_host_block *)arg)->host_address;
-
- case MCL_ADDRESS:
- return ((check_address_block *)arg)->address;
+ case MCL_LOCALPART: return ((check_string_block *)arg)->subject;
+ case MCL_HOST: return ((check_host_block *)arg)->host_address;
+ case MCL_ADDRESS: return ((check_address_block *)arg)->address;
}
return US""; /* In practice, should never happen */
}
*/
int
-match_check_list(uschar **listptr, int sep, tree_node **anchorptr,
- unsigned int **cache_ptr, int (*func)(void *,uschar *,uschar **,uschar **),
- void *arg, int type, uschar *name, uschar **valueptr)
+match_check_list(const uschar **listptr, int sep, tree_node **anchorptr,
+ unsigned int **cache_ptr, int (*func)(void *,const uschar *,const uschar **,uschar **),
+ void *arg, int type, const uschar *name, const uschar **valueptr)
{
int yield = OK;
-unsigned int *original_cache_bits = *cache_ptr;
-BOOL include_unknown = FALSE;
-BOOL ignore_unknown = FALSE;
-BOOL include_defer = FALSE;
-BOOL ignore_defer = FALSE;
-uschar *list;
-uschar *sss;
-uschar *ot = NULL;
-uschar buffer[1024];
+unsigned int * original_cache_bits = *cache_ptr;
+BOOL include_unknown = FALSE, ignore_unknown = FALSE,
+ include_defer = FALSE, ignore_defer = FALSE;
+const uschar * list;
+uschar * sss;
+uschar * ot = NULL;
+BOOL textonly_re;
/* Save time by not scanning for the option name when we don't need it. */
HDEBUG(D_any)
{
- uschar *listname = readconf_find_option(listptr);
- if (listname[0] != 0) ot = string_sprintf("%s in %s?", name, listname);
+ uschar * listname = readconf_find_option(listptr);
+ if (*listname) ot = string_sprintf("%s in %s?", name, listname);
}
/* If the list is empty, the answer is no. Skip the debugging output for
an unnamed list. */
-if (*listptr == NULL)
+if (!*listptr)
{
- HDEBUG(D_lists)
- {
- if (ot != NULL) debug_printf("%s no (option unset)\n", ot);
- }
+ HDEBUG(D_lists) if (ot) debug_printf_indent("%s no (option unset)\n", ot);
return FAIL;
}
{
list = *listptr;
type -= MCL_NOEXPAND; /* Remove the "no expand" flag */
+ textonly_re = TRUE;
}
else
{
/* If we are searching a domain list, and $domain is not set, set it to the
subject that is being sought for the duration of the expansion. */
- if (type == MCL_DOMAIN && deliver_domain == NULL)
+ if (type == MCL_DOMAIN && !deliver_domain)
{
check_string_block *cb = (check_string_block *)arg;
- deliver_domain = cb->subject;
- list = expand_string(*listptr);
+ deliver_domain = string_copy(cb->subject);
+ list = expand_string_2(*listptr, &textonly_re);
deliver_domain = NULL;
}
+ else
+ list = expand_string_2(*listptr, &textonly_re);
- else list = expand_string(*listptr);
-
- if (list == NULL)
+ if (!list)
{
- if (expand_string_forcedfail)
+ if (f.expand_string_forcedfail)
{
- HDEBUG(D_lists) debug_printf("expansion of \"%s\" forced failure: "
+ HDEBUG(D_lists) debug_printf_indent("expansion of \"%s\" forced failure: "
"assume not in this list\n", *listptr);
return FAIL;
}
}
}
+if (textonly_re) switch (type)
+ {
+ case MCL_STRING:
+ case MCL_DOMAIN:
+ case MCL_LOCALPART: ((check_string_block *)arg)->flags |= MCS_CACHEABLE; break;
+ case MCL_HOST: ((check_host_block *)arg)->flags |= MCS_CACHEABLE; break;
+ case MCL_ADDRESS: ((check_address_block *)arg)->flags |= MCS_CACHEABLE; break;
+ }
+
/* For an unnamed list, use the expanded version in comments */
+#define LIST_LIMIT_PR 2048
-HDEBUG(D_any)
+HDEBUG(D_any) if (!ot)
{
- if (ot == NULL) ot = string_sprintf("%s in \"%s\"?", name, list);
+ int n, m;
+ gstring * g = string_fmt_append(NULL, "%s in \"%n%.*s%n\"",
+ name, &n, LIST_LIMIT_PR, list, &m);
+ if (m - n >= LIST_LIMIT_PR) g = string_catn(g, US"...", 3);
+ g = string_catn(g, US"?", 1);
+ gstring_release_unused(g);
+ ot = string_from_gstring(g);
+ }
+HDEBUG(D_lists)
+ {
+ debug_printf_indent("%s\n", ot);
+ expand_level++;
}
/* Now scan the list and process each item in turn, until one of them matches,
or we hit an error. */
-while ((sss = string_nextinlist(&list, &sep, buffer, sizeof(buffer))) != NULL)
+while ((sss = string_nextinlist(&list, &sep, NULL, 0)))
{
- uschar *ss = sss;
+ uschar * ss = sss;
+
+ HDEBUG(D_lists) debug_printf_indent("list element: %s\n", ss);
/* Address lists may contain +caseful, to restore caseful matching of the
local part. We have to know the layout of the control block, unfortunately.
{
check_address_block *cb = (check_address_block *)arg;
uschar *at = Ustrrchr(cb->origaddress, '@');
- if (at != NULL)
+
+ if (at)
Ustrncpy(cb->address, cb->origaddress, at - cb->origaddress);
- cb->caseless = FALSE;
+ cb->flags &= ~MCS_CASELESS;
continue;
}
}
if (Ustrcmp(ss, "+caseful") == 0)
{
check_string_block *cb = (check_string_block *)arg;
- Ustrcpy(cb->subject, cb->origsubject);
- cb->caseless = FALSE;
+ Ustrcpy(US cb->subject, cb->origsubject);
+ cb->flags &= ~MCS_CASELESS;
continue;
}
}
yield = FAIL;
while (isspace((*(++ss))));
}
- else yield = OK;
+ else
+ yield = OK;
/* If the item does not begin with '/', it might be a + item for a named
list. Otherwise, it is just a single list entry that has to be matched.
if (*ss != '/')
{
- if (*ss == '+' && anchorptr != NULL)
+ if (*ss == '+' && anchorptr)
{
- int bits = 0;
- int offset = 0;
- int shift = 0;
- unsigned int *use_cache_bits = original_cache_bits;
- uschar *cached = US"";
- namedlist_block *nb;
- tree_node *t = tree_search(*anchorptr, ss+1);
-
- if (t == NULL)
- log_write(0, LOG_MAIN|LOG_PANIC_DIE, "unknown named%s list \"%s\"",
- (type == MCL_DOMAIN)? " domain" :
- (type == MCL_HOST)? " host" :
- (type == MCL_ADDRESS)? " address" :
- (type == MCL_LOCALPART)? " local part" : "",
+ int bits = 0, offset = 0, shift = 0;
+ unsigned int * use_cache_bits = original_cache_bits;
+ uschar * cached = US"";
+ namedlist_block * nb;
+ tree_node * t;
+
+ DEBUG(D_lists)
+ { debug_printf_indent(" start sublist %s\n", ss+1); expand_level += 2; }
+
+ if (!(t = tree_search(*anchorptr, ss+1)))
+ {
+ log_write(0, LOG_MAIN|LOG_PANIC, "unknown named%s list \"%s\"",
+ type == MCL_DOMAIN ? " domain" :
+ type == MCL_HOST ? " host" :
+ type == MCL_ADDRESS ? " address" :
+ type == MCL_LOCALPART ? " local part" : "",
ss);
+ goto DEFER_RETURN;
+ }
nb = t->data.ptr;
/* If the list number is negative, it means that this list is not
because the pointer may be NULL from the start if caching is not
required. */
- if (use_cache_bits != NULL)
+ if (use_cache_bits)
{
offset = (nb->number)/16;
shift = ((nb->number)%16)*2;
if (bits == 0)
{
- switch (match_check_list(&(nb->string), 0, anchorptr, &use_cache_bits,
- func, arg, type, name, valueptr))
+ int res = match_check_list(&(nb->string), 0, anchorptr, &use_cache_bits,
+ func, arg, type, name, valueptr);
+ DEBUG(D_lists)
+ { expand_level -= 2; debug_printf_indent(" end sublist %s\n", ss+1); }
+
+ switch (res)
{
case OK: bits = 1; break;
case FAIL: bits = 3; break;
wasn't before. Ensure that this is passed up to the next level.
Otherwise, remember the result of the search in the cache. */
- if (use_cache_bits == NULL)
- {
+ if (!use_cache_bits)
*cache_ptr = NULL;
- }
else
{
use_cache_bits[offset] |= bits << shift;
- if (valueptr != NULL)
+ if (valueptr)
{
int old_pool = store_pool;
namedlist_cacheblock *p;
so we use the permanent store pool */
store_pool = POOL_PERM;
- p = store_get(sizeof(namedlist_cacheblock));
+ p = store_get(sizeof(namedlist_cacheblock), GET_UNTAINTED);
p->key = string_copy(get_check_key(arg, type));
- p->data = (*valueptr == NULL)? NULL : string_copy(*valueptr);
+ p->data = *valueptr ? string_copy(*valueptr) : NULL;
store_pool = old_pool;
p->next = nb->cache_data;
nb->cache_data = p;
- if (*valueptr != NULL)
- {
- DEBUG(D_lists) debug_printf("data from lookup saved for "
- "cache for %s: %s\n", ss, *valueptr);
- }
+ if (*valueptr)
+ DEBUG(D_lists) debug_printf_indent("data from lookup saved for "
+ "cache for %s: key '%s' value '%s'\n", ss, p->key, *valueptr);
}
}
}
else
{
- DEBUG(D_lists) debug_printf("cached %s match for %s\n",
- ((bits & (-bits)) == bits)? "yes" : "no", ss);
+ DEBUG(D_lists)
+ {
+ expand_level -= 2;
+ debug_printf_indent("cached %s match for %s\n",
+ (bits & (-bits)) == bits ? "yes" : "no", ss);
+ }
+
cached = US" - cached";
- if (valueptr != NULL)
+ if (valueptr)
{
- uschar *key = get_check_key(arg, type);
- namedlist_cacheblock *p;
- for (p = nb->cache_data; p != NULL; p = p->next)
- {
+ const uschar *key = get_check_key(arg, type);
+
+ for (namedlist_cacheblock * p = nb->cache_data; p; p = p->next)
if (Ustrcmp(key, p->key) == 0)
{
*valueptr = p->data;
break;
}
- }
- DEBUG(D_lists) debug_printf("cached lookup data = %s\n", *valueptr);
+ DEBUG(D_lists) debug_printf_indent("cached lookup data = %s\n", *valueptr);
}
}
if ((bits & (-bits)) == bits) /* Only one of the two bits is set */
{
- HDEBUG(D_lists) debug_printf("%s %s (matched \"%s\"%s)\n", ot,
- (yield == OK)? "yes" : "no", sss, cached);
- return yield;
+ HDEBUG(D_lists) debug_printf_indent("%s %s (matched \"%s\"%s)\n", ot,
+ yield == OK ? "yes" : "no", sss, cached);
+ goto YIELD_RETURN;
}
}
else
{
- uschar *error = NULL;
+ uschar * error = NULL;
switch ((func)(arg, ss, valueptr, &error))
{
case OK:
- HDEBUG(D_lists) debug_printf("%s %s (matched \"%s\")\n", ot,
- (yield == OK)? "yes" : "no", sss);
- return yield;
+ HDEBUG(D_lists) debug_printf_indent("%s %s (matched \"%s\")\n", ot,
+ (yield == OK)? "yes" : "no", sss);
+ goto YIELD_RETURN;
case DEFER:
- if (error == NULL)
- error = string_sprintf("DNS lookup of %s deferred", ss);
- if (ignore_defer)
- {
- HDEBUG(D_lists) debug_printf("%s: item ignored by +ignore_defer\n",
- error);
- break;
- }
- if (include_defer)
- {
- log_write(0, LOG_MAIN, "%s: accepted by +include_defer", error);
- return OK;
- }
- goto DEFER_RETURN;
+ if (!error)
+ error = string_sprintf("DNS lookup of \"%s\" deferred", ss);
+ if (ignore_defer)
+ {
+ HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_defer\n",
+ error);
+ break;
+ }
+ if (include_defer)
+ {
+ log_write(0, LOG_MAIN, "%s: accepted by +include_defer", error);
+ return OK;
+ }
+ if (!search_error_message) search_error_message = error;
+ goto DEFER_RETURN;
/* The ERROR return occurs when checking hosts, when either a forward
or reverse lookup has failed. It can also occur in a match_ip list if a
which it was. */
case ERROR:
- if (ignore_unknown)
- {
- HDEBUG(D_lists) debug_printf("%s: item ignored by +ignore_unknown\n",
- error);
- }
- else
- {
- HDEBUG(D_lists) debug_printf("%s %s (%s)\n", ot,
- include_unknown? "yes":"no", error);
- if (!include_unknown)
- {
- if ((log_extra_selector & LX_unknown_in_list) != 0)
- log_write(0, LOG_MAIN, "list matching forced to fail: %s", error);
- return FAIL;
- }
- log_write(0, LOG_MAIN, "%s: accepted by +include_unknown", error);
- return OK;
- }
+ if (ignore_unknown)
+ {
+ HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_unknown\n",
+ error);
+ }
+ else
+ {
+ HDEBUG(D_lists) debug_printf_indent("%s %s (%s)\n", ot,
+ include_unknown? "yes":"no", error);
+ if (!include_unknown)
+ {
+ if (LOGGING(unknown_in_list))
+ log_write(0, LOG_MAIN, "list matching forced to fail: %s", error);
+ return FAIL;
+ }
+ log_write(0, LOG_MAIN, "%s: accepted by +include_unknown", error);
+ return OK;
+ }
}
}
}
else
{
int file_yield = yield; /* In case empty file */
- uschar *filename = ss;
- FILE *f = Ufopen(filename, "rb");
+ uschar * filename = ss;
+ FILE * f = Ufopen(filename, "rb");
uschar filebuffer[1024];
/* ot will be null in non-debugging cases, and anyway, we get better
wording by reworking it. */
- if (f == NULL)
+ if (!f)
{
- uschar *listname = readconf_find_option(listptr);
+ uschar * listname = readconf_find_option(listptr);
if (listname[0] == 0)
listname = string_sprintf("\"%s\"", *listptr);
log_write(0, LOG_MAIN|LOG_PANIC_DIE, "%s",
- string_open_failed(errno, "%s when checking %s", sss, listname));
+ string_open_failed("%s when checking %s", sss, listname));
}
/* Trailing comments are introduced by #, but in an address list or local
sss = ss + 1;
}
- ss = filebuffer + Ustrlen(filebuffer); /* trailing space */
+ ss = filebuffer + Ustrlen(filebuffer); /* trailing space */
while (ss > filebuffer && isspace(ss[-1])) ss--;
*ss = 0;
ss = filebuffer;
- while (isspace(*ss)) ss++; /* leading space */
+ while (isspace(*ss)) ss++; /* leading space */
- if (*ss == 0) continue; /* ignore empty */
+ if (!*ss) continue; /* ignore empty */
- file_yield = yield; /* positive yield */
- sss = ss; /* for debugging */
+ file_yield = yield; /* positive yield */
+ sss = ss; /* for debugging */
- if (*ss == '!') /* negation */
+ if (*ss == '!') /* negation */
{
file_yield = (file_yield == OK)? FAIL : OK;
while (isspace((*(++ss))));
switch ((func)(arg, ss, valueptr, &error))
{
case OK:
- (void)fclose(f);
- HDEBUG(D_lists) debug_printf("%s %s (matched \"%s\" in %s)\n", ot,
- (yield == OK)? "yes" : "no", sss, filename);
- return file_yield;
+ (void)fclose(f);
+ HDEBUG(D_lists) debug_printf_indent("%s %s (matched \"%s\" in %s)\n", ot,
+ yield == OK ? "yes" : "no", sss, filename);
+
+ /* The "pattern" being matched came from the file; we use a stack-local.
+ Copy it to allocated memory now we know it matched. */
+
+ if (valueptr) *valueptr = string_copy(ss);
+ yield = file_yield;
+ goto YIELD_RETURN;
case DEFER:
- if (error == NULL)
- error = string_sprintf("DNS lookup of %s deferred", ss);
- if (ignore_defer)
- {
- HDEBUG(D_lists) debug_printf("%s: item ignored by +ignore_defer\n",
- error);
- break;
- }
- (void)fclose(f);
- if (include_defer)
- {
- log_write(0, LOG_MAIN, "%s: accepted by +include_defer", error);
- return OK;
- }
- goto DEFER_RETURN;
+ if (!error)
+ error = string_sprintf("DNS lookup of %s deferred", ss);
+ if (ignore_defer)
+ {
+ HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_defer\n",
+ error);
+ break;
+ }
+ (void)fclose(f);
+ if (!include_defer)
+ goto DEFER_RETURN;
+ log_write(0, LOG_MAIN, "%s: accepted by +include_defer", error);
+ goto OK_RETURN;
- case ERROR: /* host name lookup failed - this can only */
- if (ignore_unknown) /* be for an incoming host (not outgoing) */
- {
- HDEBUG(D_lists) debug_printf("%s: item ignored by +ignore_unknown\n",
- error);
- }
- else
- {
- HDEBUG(D_lists) debug_printf("%s %s (%s)\n", ot,
- include_unknown? "yes":"no", error);
- (void)fclose(f);
- if (!include_unknown)
- {
- if ((log_extra_selector & LX_unknown_in_list) != 0)
- log_write(0, LOG_MAIN, "list matching forced to fail: %s", error);
- return FAIL;
- }
- log_write(0, LOG_MAIN, "%s: accepted by +include_unknown", error);
- return OK;
- }
+ /* The ERROR return occurs when checking hosts, when either a forward
+ or reverse lookup has failed. It can also occur in a match_ip list if a
+ non-IP address item is encountered. The error string gives details of
+ which it was. */
+
+ case ERROR:
+ if (ignore_unknown)
+ {
+ HDEBUG(D_lists) debug_printf_indent("%s: item ignored by +ignore_unknown\n",
+ error);
+ }
+ else
+ {
+ HDEBUG(D_lists) debug_printf_indent("%s %s (%s)\n", ot,
+ include_unknown? "yes":"no", error);
+ (void)fclose(f);
+ if (!include_unknown)
+ {
+ if (LOGGING(unknown_in_list))
+ log_write(0, LOG_MAIN, "list matching forced to fail: %s", error);
+ goto FAIL_RETURN;
+ }
+ log_write(0, LOG_MAIN, "%s: accepted by +include_unknown", error);
+ goto OK_RETURN;
+ }
}
}
/* End of list reached: if the last item was negated yield OK, else FAIL. */
HDEBUG(D_lists)
- debug_printf("%s %s (end of list)\n", ot, (yield == OK)? "no":"yes");
-return (yield == OK)? FAIL : OK;
+ HDEBUG(D_lists)
+ {
+ expand_level--;
+ debug_printf_indent("%s %s (end of list)\n", ot, yield == OK ? "no":"yes");
+ }
+ return yield == OK ? FAIL : OK;
/* Something deferred */
DEFER_RETURN:
-HDEBUG(D_lists) debug_printf("%s list match deferred for %s\n", ot, sss);
-return DEFER;
+ HDEBUG(D_lists)
+ {
+ expand_level--;
+ debug_printf_indent("%s list match deferred for %s\n", ot, sss);
+ }
+ return DEFER;
+
+FAIL_RETURN:
+ yield = FAIL;
+ goto YIELD_RETURN;
+
+OK_RETURN:
+ yield = OK;
+
+YIELD_RETURN:
+ HDEBUG(D_lists) expand_level--;
+ return yield;
}
s string to search for
listptr ptr to ptr to colon separated list of patterns, or NULL
sep a separator value for the list (see string_nextinlist())
+ or zero for auto
anchorptr ptr to tree for named items, or NULL if no named items
cache_bits ptr to cache_bits for ditto, or NULL if not caching
type MCL_DOMAIN when matching a domain list
*/
int
-match_isinlist(uschar *s, uschar **listptr, int sep, tree_node **anchorptr,
- unsigned int *cache_bits, int type, BOOL caseless, uschar **valueptr)
+match_isinlist(const uschar *s, const uschar **listptr, int sep,
+ tree_node **anchorptr,
+ unsigned int *cache_bits, int type, BOOL caseless, const uschar **valueptr)
{
unsigned int *local_cache_bits = cache_bits;
check_string_block cb;
cb.origsubject = s;
-cb.subject = caseless? string_copylc(s) : string_copy(s);
-cb.expand_setup = (sep > UCHAR_MAX)? 0 : -1;
-cb.use_partial = TRUE;
-cb.caseless = caseless;
-cb.at_is_special = (type == MCL_DOMAIN || type == MCL_DOMAIN + MCL_NOEXPAND);
-if (valueptr != NULL) *valueptr = NULL;
+cb.subject = caseless ? string_copylc(s) : string_copy(s);
+cb.flags = caseless ? MCS_PARTIAL+MCS_CASELESS : MCS_PARTIAL;
+switch (type & ~MCL_NOEXPAND)
+ {
+ case MCL_DOMAIN: cb.flags |= MCS_AT_SPECIAL; /*FALLTHROUGH*/
+ case MCL_LOCALPART: cb.expand_setup = 0; break;
+ default: cb.expand_setup = sep > UCHAR_MAX ? 0 : -1; break;
+ }
+if (valueptr) *valueptr = NULL;
return match_check_list(listptr, sep, anchorptr, &local_cache_bits,
check_string, &cb, type, s, valueptr);
}
*/
static int
-check_address(void *arg, uschar *pattern, uschar **valueptr, uschar **error)
+check_address(void * arg, const uschar * pattern, const uschar ** valueptr,
+ uschar ** error)
{
-check_address_block *cb = (check_address_block *)arg;
+check_address_block * cb = (check_address_block *)arg;
check_string_block csb;
int rc;
int expand_inc = 0;
-unsigned int *null = NULL;
-uschar *listptr;
-uschar *subject = cb->address;
-uschar *s, *pdomain, *sdomain;
-
-error = error; /* Keep clever compilers from complaining */
-
-DEBUG(D_lists) debug_printf("address match test: subject=%s pattern=%s\n",
+unsigned int * null = NULL;
+const uschar * listptr;
+uschar * subject = cb->address;
+const uschar * s;
+uschar * pdomain, * sdomain;
+uschar * value = NULL;
+
+DEBUG(D_lists) debug_printf_indent("address match test: subject=%s pattern=%s\n",
subject, pattern);
/* Find the subject's domain */
/* The only case where a subject may not have a domain is if the subject is
empty. Otherwise, a subject with no domain is a serious configuration error. */
-if (sdomain == NULL && *subject != 0)
+if (!sdomain && *subject)
{
log_write(0, LOG_MAIN|LOG_PANIC, "no @ found in the subject of an "
"address list match: subject=\"%s\" pattern=\"%s\"", subject, pattern);
This may be the empty address. */
if (*pattern == '^')
- return match_check_string(subject, pattern, cb->expand_setup, TRUE,
- cb->caseless, FALSE, NULL);
+ return match_check_string(subject, pattern, cb->expand_setup,
+ cb->flags | MCS_PARTIAL, NULL);
/* Handle a pattern that is just a lookup. Skip over possible lookup names
(letters, digits, hyphens). Skip over a possible * or *@ at the end. Then we
must have a semicolon for it to be a lookup. */
-for (s = pattern; isalnum(*s) || *s == '-'; s++);
+for (s = pattern; isalnum(*s) || *s == '-'; s++) ;
if (*s == '*') s++;
if (*s == '@') s++;
if (Ustrncmp(pattern, "partial-", 8) == 0)
log_write(0, LOG_MAIN|LOG_PANIC, "partial matching is not applicable to "
"whole-address lookups: ignored \"partial-\" in \"%s\"", pattern);
- return match_check_string(subject, pattern, -1, FALSE, cb->caseless, FALSE,
- valueptr);
+ return match_check_string(subject, pattern, -1, cb->flags, valueptr);
}
/* For the remaining cases, an empty subject matches only an empty pattern,
because other patterns expect to have a local part and a domain to match
against. */
-if (*subject == 0) return (*pattern == 0)? OK : FAIL;
+if (!*subject) return *pattern ? FAIL : OK;
/* If the pattern starts with "@@" we have a split lookup, where the domain is
looked up to obtain a list of local parts. If the subject's local part is just
if (pattern[0] == '@' && pattern[1] == '@')
{
int watchdog = 50;
- uschar *list, *key, *ss;
- uschar buffer[1024];
+ uschar *list, *ss;
if (sdomain == subject + 1 && *subject == '*') return FAIL;
/* Loop for handling chains. The last item in any list may be of the form
">name" in order to chain on to another list. */
- for (key = sdomain + 1; key != NULL && watchdog-- > 0; )
+ for (const uschar * key = sdomain + 1; key && watchdog-- > 0; )
{
int sep = 0;
- if ((rc = match_check_string(key, pattern + 2, -1, TRUE, FALSE, FALSE,
- &list)) != OK) return rc;
+ if ((rc = match_check_string(key, pattern + 2, -1, MCS_PARTIAL, CUSS &list))
+ != OK)
+ return rc;
/* Check for chaining from the last item; set up the next key if one
is found. */
ss = Ustrrchr(list, ':');
- if (ss == NULL) ss = list; else ss++;
- while (isspace(*ss)) ss++;
+ if (!ss) ss = list; else ss++;
+ Uskip_whitespace(&ss);
if (*ss == '>')
{
*ss++ = 0;
- while (isspace(*ss)) ss++;
+ Uskip_whitespace(&ss);
key = string_copy(ss);
}
else key = NULL;
/* Look up the local parts provided by the list; negation is permitted.
If a local part has to begin with !, a regex can be used. */
- while ((ss = string_nextinlist(&list, &sep, buffer, sizeof(buffer)))
- != NULL)
+ while ((ss = string_nextinlist(CUSS &list, &sep, NULL, 0)))
{
int local_yield;
else local_yield = OK;
*sdomain = 0;
- rc = match_check_string(subject, ss, -1, TRUE, cb->caseless, FALSE,
- valueptr);
+ rc = match_check_string(subject, ss, -1, cb->flags + MCS_PARTIAL, valueptr);
*sdomain = '@';
switch(rc)
/* We get here if the pattern is not a lookup or a regular expression. If it
contains an @ there is both a local part and a domain. */
-pdomain = Ustrrchr(pattern, '@');
-if (pdomain != NULL)
+if ((pdomain = Ustrrchr(pattern, '@')))
{
int pllen, sllen;
{
int cllen = pllen - 1;
if (sllen < cllen) return FAIL;
- if (cb->caseless)
- {
- if (strncmpic(subject+sllen-cllen, pattern + 1, cllen) != 0)
+ if (cb->flags & MCS_CASELESS
+ ? strncmpic(subject+sllen-cllen, pattern + 1, cllen) != 0
+ : Ustrncmp(subject+sllen-cllen, pattern + 1, cllen) != 0)
return FAIL;
- }
- else
- {
- if (Ustrncmp(subject+sllen-cllen, pattern + 1, cllen) != 0)
- return FAIL;
- }
if (cb->expand_setup > 0)
{
expand_nstring[cb->expand_setup] = subject;
expand_nlength[cb->expand_setup] = sllen - cllen;
expand_inc = 1;
}
+ value = string_copyn(pattern + 1, cllen);
}
else
{
if (sllen != pllen) return FAIL;
- if (cb->caseless)
- {
- if (strncmpic(subject, pattern, sllen) != 0) return FAIL;
- }
- else
- {
- if (Ustrncmp(subject, pattern, sllen) != 0) return FAIL;
- }
+ if (cb->flags & MCS_CASELESS
+ ? strncmpic(subject, pattern, sllen) != 0
+ : Ustrncmp(subject, pattern, sllen) != 0) return FAIL;
}
+ value = string_copyn(pattern, sllen);
}
/* If the local part matched, or was not being checked, check the domain using
original code read as follows:
return match_check_string(sdomain + 1,
- (pdomain == NULL)? pattern : pdomain + 1,
- cb->expand_setup + expand_inc, TRUE, cb->caseless, TRUE, NULL);
+ pdomain ? pdomain + 1 : pattern,
+ cb->expand_setup + expand_inc, cb->flags, NULL);
This supported only literal domains and *.x.y patterns. In order to allow for
-named domain lists (so that you can right, for example, "senders=+xxxx"), it
+named domain lists (so that you can write, for example, "senders=+xxxx"), it
was changed to use the list scanning function. */
csb.origsubject = sdomain + 1;
-csb.subject = (cb->caseless)? string_copylc(sdomain+1) : string_copy(sdomain+1);
+csb.subject = cb->flags & MCS_CASELESS
+ ? string_copylc(sdomain+1) : string_copy(sdomain+1);
csb.expand_setup = cb->expand_setup + expand_inc;
-csb.use_partial = TRUE;
-csb.caseless = cb->caseless;
-csb.at_is_special = TRUE;
-
-listptr = (pdomain == NULL)? pattern : pdomain + 1;
-if (valueptr != NULL) *valueptr = NULL;
-
-return match_check_list(
- &listptr, /* list of one item */
- UCHAR_MAX+1, /* impossible separator; single item */
- &domainlist_anchor, /* it's a domain list */
- &null, /* ptr to NULL means no caching */
- check_string, /* the function to do one test */
- &csb, /* its data */
- MCL_DOMAIN + MCL_NOEXPAND, /* domain list; don't expand */
- csb.subject, /* string for messages */
- valueptr); /* where to pass back lookup data */
+csb.flags = MCS_PARTIAL | MCS_AT_SPECIAL | cb->flags & MCS_CASELESS;
+
+listptr = pdomain ? pdomain + 1 : pattern;
+if (valueptr) *valueptr = NULL;
+
+ {
+ const uschar * dvalue = NULL;
+ rc = match_check_list(
+ &listptr, /* list of one item */
+ UCHAR_MAX+1, /* impossible separator; single item */
+ &domainlist_anchor, /* it's a domain list */
+ &null, /* ptr to NULL means no caching */
+ check_string, /* the function to do one test */
+ &csb, /* its data */
+ MCL_DOMAIN + MCL_NOEXPAND, /* domain list; don't expand */
+ csb.subject, /* string for messages */
+ &dvalue); /* where to pass back lookup data */
+ if (valueptr && (value || dvalue))
+ *valueptr = string_sprintf("%s@%s",
+ value ? value : US"", dvalue ? dvalue : US"");
+ }
+return rc;
}
*/
int
-match_address_list(uschar *address, BOOL caseless, BOOL expand,
- uschar **listptr, unsigned int *cache_bits, int expand_setup, int sep,
- uschar **valueptr)
+match_address_list(const uschar *address, BOOL caseless, BOOL expand,
+ const uschar **listptr, unsigned int *cache_bits, int expand_setup, int sep,
+ const uschar **valueptr)
{
-uschar *p;
check_address_block ab;
unsigned int *local_cache_bits = cache_bits;
+int len;
/* RFC 2505 recommends that for spam checking, local parts should be caselessly
compared. Therefore, Exim now forces the entire address into lower case here,
provided that "caseless" is set. (It is FALSE for calls for matching rewriting
patterns.) Otherwise just the domain is lower cases. A magic item "+caseful" in
the list can be used to restore a caseful copy of the local part from the
-original address. */
+original address.
+Limit the subject address size to avoid mem-exhaustion attacks. The size chosen
+is historical (we used to use big_buffer here). */
+
+if ((len = Ustrlen(address)) > BIG_BUFFER_SIZE) len = BIG_BUFFER_SIZE;
+ab.address = string_copyn(address, len);
-sprintf(CS big_buffer, "%.*s", big_buffer_size - 1, address);
-for (p = big_buffer + Ustrlen(big_buffer) - 1; p >= big_buffer; p--)
+for (uschar * p = ab.address + len - 1; p >= ab.address; p--)
{
if (!caseless && *p == '@') break;
*p = tolower(*p);
/* Set up the data to be passed ultimately to check_address. */
ab.origaddress = address;
-ab.address = big_buffer;
+/* ab.address is above */
ab.expand_setup = expand_setup;
-ab.caseless = caseless;
+ab.flags = caseless ? MCS_CASELESS : 0;
return match_check_list(listptr, sep, &addresslist_anchor, &local_cache_bits,
- check_address, &ab, MCL_ADDRESS + (expand? 0:MCL_NOEXPAND), address,
+ check_address, &ab, MCL_ADDRESS + (expand ? 0 : MCL_NOEXPAND), address,
valueptr);
}
+/* Simpler version of match_address_list; always caseless, expanding,
+no cache bits, no value-return.
+
+Arguments:
+ address address to test
+ listptr list to check against
+ sep separator character for the list;
+ may be 0 to get separator from the list;
+ may be UCHAR_MAX+1 for one-item list
+
+Returns: OK for a positive match, or end list after a negation;
+ FAIL for a negative match, or end list after non-negation;
+ DEFER if a lookup deferred
+*/
+
+int
+match_address_list_basic(const uschar *address, const uschar **listptr, int sep)
+{
+return match_address_list(address, TRUE, TRUE, listptr, NULL, -1, sep, NULL);
+}
+
/* End of match.c */